Sources say a set of rules included in the Senate version of the 2019 National Defense Authorization Act would require U.S. tech firms working with the military to divulge if their products’ source codes have been subjected to audits by adversarial governments such as Russia or China, Reuters reported.
Under the proposed rules, measures would have to be taken by the military and affected software vendors to mitigate the threat posed by foreign source code audits flagged by the Pentagon as unsafe. Information about these mitigating measures, as well as details of the foreign code review, would be stored in a database that officials in the military could access.
The Senate version of the 2019 NDAA was approved at the committee level on May 24, with 25 voting in favor and 2 voting against.
In order for the bill to become law, it would have to be voted on by the full Senate, then reconciled with the House of Representative’s version, which was passed on May 25.