What is Microsoft’s Secure Supply Chain Consumption Framework, and why should I use it?

2022-12-21 16:17

Software development isn't only about code; more importantly, it's driven by a set of best practices and guidelines that help us write better and more secure software.

Like all large software companies, Microsoft has developed its own set of policies and procedures to implement approaches like its Secure Software Development Lifecycle.

One of the biggest problems facing software development today is the growing software supply chain, where closed and open source components come together to build familiar applications.

Tools like Software Bills Of Materials are important, but they're only a tool that shows what we know about the software we're using, not the entire supply chain.

Industrywide, there's been a lot more focus on SBOMs and the software supply chain since the White House issued its "Improving the Nation's Cybersecurity" executive order.

That's now been followed by something that's less tangible, but just as important: the Secure Supply Chain Consumption Framework, S2C2F. Part of its internal processes since 2019, S2C2F began life as the Open Source Software-Supply Chain Framework, helping manage how Microsoft both consumed and contributed to open source projects.

News URL

https://www.techrepublic.com/article/microsoft-secure-supply-chain-consumption-framework/

#framework #microsoft #supplychain