by Renee Dudley

ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up to receive our biggest stories as soon as they’re published.

On Thursday, in his final week in office, President Joe Biden issued an executive order intended to strengthen the nation’s cyber defenses, in part by requiring software providers like Microsoft to provide proof that they meet certain security standards before they can sell their products to the federal government.

The action follows an onslaught of cyberattacks in recent years in which hackers linked to Russia, China and other adversaries have exploited software vulnerabilities to steal sensitive documents from federal agencies.

In demanding more accountability from software makers, Biden pointed to instances in which contractors “commit to following cybersecurity practices, yet do not fix well-known exploitable vulnerabilities in their software, which puts the Government at risk of compromise.”

In June, ProPublica reported on such a case involving Microsoft, the largest IT vendor to the federal government. In the so-called SolarWinds attack, which was discovered shortly before Biden took office, Russian state-sponsored hackers exploited a weakness in a Microsoft product to steal sensitive data from the National Nuclear Security Administration and other agencies. ProPublica found that, for years, Microsoft leaders ignored warnings about the flaw from one of their own........

© ProPublica