SDLC governance briefing — Executive Order 14028 raises secure software expectations
The White House issued Executive Order 14028 on 12 May 2021, mandating secure software supply chain practices, SBOM usage, and incident reporting that developer organisations must operationalise.
What happened: Executive Order 14028 outlined federal requirements for secure software development, including SBOM provision, zero trust roadmaps, and vulnerability disclosure processes.
- Compliance scope: Vendors selling to U.S. federal agencies must attest to secure development practices and furnish SBOMs.
- Process maturity: Establish vulnerability disclosure programs, multi-factor authentication, and logging baselines referenced in the order.
- Roadmap alignment: Track follow-on guidance from NIST and OMB that specify timelines for attestations and procurement gates.
Next steps: Map executive order sections to internal controls, document remediation plans, and coordinate with procurement teams on compliance evidence.