OMB Rolled Back the Rules. Security Did Not Get Easier

AndyC 11 March 2026


The U.S. Office of Management and Budget (OMB)’s decision to rescind M-22-18 and M-23-16 and replace them with M-26-05 has been framed as a win for flexibility and a rollback of security theater.

[…Keep reading]

OMB Rolled Back the Rules. Security Did Not Get Easier

OMB Rolled Back the Rules. Security Did Not Get Easier

The U.S. Office of Management and Budget (OMB)’s decision to rescind M-22-18 and M-23-16 and replace them with M-26-05 has been framed as a win for flexibility and a rollback of security theater. That framing is not entirely wrong, but it misses something fundamental about how modern software actually fails. There are pieces of this shift that are directionally correct, and others that risk undoing what little consistency the federal software ecosystem had finally begun to build.

*** This is a Security Bloggers Network syndicated blog from 2024 Sonatype Blog authored by Sonatype. Read the original post at: https://www.sonatype.com/blog/omb-rolled-back-the-rules.-security-did-not-get-easier

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , , ,

More Stories

How to see your Google Search history (and delete it)

How to see your Google Search history (and delete it)

AndyC 11 March 2026
Zero Trust for B2B SaaS: What Every Founder and CTO Needs to Know

Zero Trust for B2B SaaS: What Every Founder and CTO Needs to Know

AndyC 11 March 2026
Phishing Scammers Impersonating City, County Officials, Demanding Payment: FBI

USENIX Security ’25 (Enigma Track) – Security Theater Is Canceled: Time For A Real Show

AndyC 11 March 2026
Apple’s MacBook Neo: First reviews and analyst reactions

Inference protection for LLMs: Keeping sensitive data out of AI workflows

AndyC 11 March 2026
How to see your Google Search history (and delete it)

AI Just Made Executives the Easiest Targets on the Internet

AndyC 11 March 2026
LeakyLooker: Hacking Google Cloud’s Data via Dangerous Looker Studio Vulnerabilities

LeakyLooker: Hacking Google Cloud’s Data via Dangerous Looker Studio Vulnerabilities

AndyC 11 March 2026

You may have missed

Using an AI like ChatGPT to File Your Taxes? Stop and Read This First

AndyC 11 March 2026
APT28 conducts long-term espionage on Ukrainian forces using custom malware

APT28 conducts long-term espionage on Ukrainian forces using custom malware

AndyC 11 March 2026
How to see your Google Search history (and delete it)

Twitter suspended 800 million accounts last year – so why does manipulation remain so rampant?

AndyC 11 March 2026
How to see your Google Search history (and delete it)

How to see your Google Search history (and delete it)

AndyC 11 March 2026
Zero Trust for B2B SaaS: What Every Founder and CTO Needs to Know

Zero Trust for B2B SaaS: What Every Founder and CTO Needs to Know

AndyC 11 March 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.