The current software security regulatory landscape is a rare moment in which the public sector is actually ahead of the private sector.