White House Scraps 'Burdensome' Software Security Rules - Slashdot

Slashdot

●Stories

●Firehose

●All

●Popular

●Polls

●Software

●Thought Leadership

Submit

Search Slashdot

● Login

●or

● Sign up

●Topics:

●Devices

●Build

●Entertainment

●Technology

●Open Source

●Science

●YRO

●Follow us:

●RSS

●Facebook

●LinkedIn

●Twitter

● Youtube

● Mastodon

●Bluesky

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

Nickname:

Password:

Public Terminal

Forgot your password?
Close

White House Scraps 'Burdensome' Software Security Rules More | Reply Login

White House Scraps 'Burdensome' Software Security Rules

Post Load All Comments

Full Abbreviated Hidden

/Sea

Score:

5

4

3

2

1

0

-1

More | Reply Login

Nickname:

Password:

Public Terminal

Forgot your password?
Close

Close

Search 52Comments Log In/Create an Account

Comments Filter:

● All

● Insightful

● Informative

● Interesting

● Funny

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Tortured logic. (Score:4, Interesting)

byfuzzyfuzzyfungus ( 1223518 ) writes: on Friday January 30, 2026 @07:40PM (#65960198) Journal

The reasoning is honestly just baffling. Apparently the old requirements "diverted agencies from developing tailored assurance requirements for software and neglected to account for threats posed by insecure hardware." by requiring that people keep track of what software they were actually using.

Aside from the...curious...idea that knowing what your attack surface looks like is a diversion from developing assurance requirements; the claim that the old policy about SBOMs is being revoked for not focusing on insecure hardware is odd both on the obvious point that basically anything with a sensible scope only focuses on certain issues and leaves other issues to be handled by other things and the only slightly less obvious issue that most 'insecure hardware', unless you've qualified for a really classy covert implant or have high sensitivity TEMPEST issues or something, is not actually hardware problems; but firmware problems; which are just software problems that aren't as visible; exactly the sort of thing that SBOMs help you keep an eye on.

Not like anyone expected better; but this is exceptionally poor work.

Reply to This Share
twitter facebook
Flag as Inappropriate

Re: (Score:3)

byrta ( 559125 ) writes:

The reasoning is honestly just baffling. Apparently the old requirements "diverted agencies from developing tailored assurance requirements for software and neglected to account for threats posed by insecure hardware." by requiring that people keep track of what software they were actually using.
It's definitely "organizational speak", but afaict the SBOM thing, and the attestations about the whole dependency tree is virtually impossible for the large majority of COTS systems, especially SaaS ones. Like actually doing what the old policy seems to claim that it wants would increase costs ten fold or 100 fold. So i think the thing getting repealed was not realistic and IS just a paper exercise of people exchanging lies, as well meaning as it was...
So i think it's maybe worthwhile to actually f

Re: (Score:2)

byfuzzyfuzzyfungus ( 1223518 ) writes:

I don't doubt that the previous requirements were effectively impossible for nontrivial portions of the industry and their customers; though, given the wall-to-wall dumpster fire that is IT and IT security; I can only see the attempt to treat that as evidence that the regulations were unrealistic and unduly burdensome as either myopic or deeply cynical.

Commercial software and both commercial and institutional IT operations are much more an example of the fact that you can absolutely run on dangerous and

●

1 reply beneath your current threshold.

Re:Tortured logic. (Score:4, Insightful)

byArchieBunker ( 132337 ) writes: on Saturday January 31, 2026 @01:09AM (#65960504)

It’s very simple. This was something Biden implemented. Therefore it must be undone.

Reply to This Parent Share
twitter facebook
Flag as Inappropriate

Re: (Score:2)

bysysrammer ( 446839 ) writes:

They'll implement basically the same thing and claim it their own.

Re: (Score:2)

bygweihir ( 88907 ) writes:

Yep, this one makes no sense. All I can see is that this is possibly done to cut out some vendors from the market.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Slashdot

Post Moderate Moderator Help Delete

● Get more comments

● Submit Story

If A = B and B = C, then A = C, except where void or prohibited by law. -- Roy Santoro

●FAQ

●Story Archive

●Hall of Fame

●Advertising

●Terms

●Privacy Statement

●About

●Feedback

●Mobile View

●Blog

Icon

Do Not Sell or Share My Personal Information

Copyright © 2026 Slashdot Media. All Rights Reserved.

×

Close

Close

Slashdot

Working...