Government Software Development Act
Legislation to Support Government Internal Software Development and Reform Software Procurement
Purpose The purpose of this legislation is to establish a framework that enables the U.S. government to internally develop its own software tools, streamline the software procurement process, and ensure the cybersecurity of all externally sourced software and libraries.
Definitions For the purposes of this Act, the following definitions shall apply:
Internal Software Development: The creation, design, and maintenance of software by government employees or contractors under government direction.
Procurement: The process by which the government acquires software or software services from an external vendor.
Cybersecurity Protocols: Standards and practices that ensure the security and integrity of software against cyber threats, including data breaches, unauthorized access, and malware.
Chief Technology Officer (CTO): The Chief Technology Officer of the Department of Defense or designated authority responsible for defining cybersecurity protocols.
External Software and Libraries: Any software or software components, including open-source libraries, purchased, licensed, or otherwise sourced from external entities.
Development of Government-Owned Software
(a) Internal Software Development Mandate The government shall prioritize the development of software tools internally, using government resources whenever feasible and cost-effective. Agencies and departments shall identify key areas of operation where proprietary software development can reduce reliance on external vendors, enhance national security, and improve operational efficiency.
(b) Dedicated Software Development Teams Each federal agency and department shall establish dedicated internal software development teams, led by a Chief Software Officer (CSO) or similar position, responsible for managing the lifecycle of software development projects, from conception to deployment.
(c) Internal Software Infrastructure The government shall invest in infrastructure, tools, and training to support the development and maintenance of internal software. This includes the establishment of secure software repositories, version control systems, and coding standards to ensure consistent and efficient development practices.
Reforming the Software Procurement Process
(a) Centralized Procurement Oversight A centralized body, led by the General Services Administration (GSA), shall oversee all software procurement within the federal government. The GSA shall work with agencies to assess procurement needs, provide guidelines, and ensure that acquisitions align with government security, cost-efficiency, and long-term sustainability goals.
(b) Open and Transparent Procurement The procurement process for external software shall be fully transparent and open to public review, with clear specifications for functionality, security, and performance. All procurement solicitations shall be made available through the government’s digital procurement platform.
(c) Cybersecurity Evaluation Criteria Procurement decisions shall be made based on both technical specifications and cybersecurity compliance. Vendors will be required to demonstrate that their software meets the cybersecurity standards outlined in Section 6 of this Act.
Cybersecurity Protocols for External Software
(a) Cybersecurity Standards All external software, including open-source libraries, must pass cybersecurity protocols as determined by the Department of Defense Chief Technology Officer (CTO). These protocols shall include:
Secure software development practices
Vulnerability testing and remediation
Data encryption and protection protocols
Security audit trails and compliance with federal cybersecurity standards
(b) CTO Cybersecurity Review The Department of Defense CTO shall lead the establishment and ongoing review of cybersecurity standards for external software. All external software and libraries must undergo an evaluation by the CTO’s office or a designated third-party cybersecurity firm before they can be approved for use within federal systems.
(c) Mandatory Reporting of Vulnerabilities Vendors must report any discovered vulnerabilities within the software used by federal agencies, with a process for prompt remediation. The CTO’s office shall oversee the implementation of patch management procedures and ensure that software updates are promptly applied.
(d) Penalties for Non-Compliance Vendors that fail to meet the cybersecurity standards outlined in this section may face penalties, including termination of contracts, disqualification from future procurements, and potential legal action for damages resulting from security breaches.
Section 7: Implementation and Oversight
(a) Interagency Working Group An interagency working group, including representatives from the Department of Homeland Security (DHS), the Department of Defense (DoD), the General Services Administration (GSA), and relevant stakeholders, shall be formed to oversee the implementation of this legislation. The working group will meet regularly to review progress, identify challenges, and make recommendations for improvement.
(b) Annual Report The GSA, in coordination with the CTO’s office, shall submit an annual report to Congress detailing the progress of internal software development initiatives, procurement activities, and cybersecurity compliance efforts. This report shall include metrics on cost savings, efficiency gains, and security improvements resulting from the reforms.
Funding
(a) Funding for Internal Software Development Funding for the creation of internal software development teams, infrastructure, and training programs will be allocated through the annual federal budget. Agencies must submit requests for funding in accordance with established budgetary processes, with a focus on sustainability and long-term return on investment.
(b) Funding for Cybersecurity Compliance Agencies shall allocate a portion of their cybersecurity budgets specifically for the procurement of external software that meets cybersecurity protocols. This funding will be tracked and reported as part of the overall cybersecurity spending.
Last updated