Software bills of material (SBOMs) and other artifacts that support the use of secure software development practices are among the software security requirements set by the previous administration that the White House's Office of Management and Budget (OMB) has issued a memorandum to revoke. However, experts in security disagree about what that actually means. OMB Director Russell Vought issued M-26-05 on January 23, rescinding two memorandums signed in 2022 and 2023 (M-22-18 and M-23-16, respectively). The former, the more important of the two, mandated that federal agencies request SBOMs and a self-attestation from commercial software manufacturers attesting to the fact that contracted software complies with NIST secure development guidelines. That is much more in line with the principles of zero-trust, contemporary risk management, and the real workings of adversaries.Related: Browser Security Advances Are Undermined by AI Agents NetRise According to CEO Tom Pace, the new rules give agencies the freedom to concentrate their attention on high-impact systems and vital infrastructure "without forcing low-risk or commodity software through the same process." ## Secure Software Rollbacks: Possible Long-Term Effects on Companies With the new memo, one would hope to see a shift away from detailed documentation and toward more deliberate, case-by-case thinking. In an ideal world, agencies would then actively participate in determining whether software is secure, raising standards for all vendors. Williams, on the other hand, believes that is not the most likely result. He states, "I anticipate that most vendors will do the bare minimum and that procurement will have no way to verify [the security of software an organization is buying]." Additionally, some fear that in the face of all the challenges facing federal agencies, a lack of mandatory standards will eliminate crucial incentives for agencies to maintain cyber awareness.