Darren Meyer 

I haven't digested the whole new Cybersecurity EO, but I did skim for AppSec-relevant stuff and it seems like it rolls back some of the standardization push.

Orgs no longer need to universally supply #SBOM docs or produce machine-readable #SSDF attestations. BUT, any agency that codified those requirements doesn't have to undo them, and it seems like agencies can still adopt those requirements on their own going forward, too.

Jun 9 at 10:03pmWeb
Show threadDarren Meyer Jun 9
Practically speaking, if you want to do business with the US government, you're still going to want to meet those requirements unless you have a fairly narrow scope of business that only includes agencies that won't adopt such requirements. The backing off from standardization across the whole federal space is disappointing from a security and safety standpoint, but isn't really surprising given the administration's priorities and related positions.