Security News > 2023 > March > OSC&R open software supply chain attack framework now on GitHub
OSC&R is an open framework for understanding and evaluating software supply chain security threats.
Spearheaded by OX Security, OSC&R is a MITRE-like framework designed to provide a common language and structure for understanding and analyzing the tactics, techniques, and procedures used by adversaries to compromise the security of software supply chains.
It aims to give the security community a single point of reference to proactively assess their strategies for securing their software supply chains and to compare solutions.
For companies looking to build out a software supply chain security program, the OSC&R framework can help guide the effort.
Founding members of OSC&R share a common mission of helping security teams reduce their attack surface and build their security strategy with confidence.
"The velocity, diversity, and dynamic nature of the modern-day engineering ecosystem have reshaped the Software Supply Chain Security domain," said David Cross, former Microsoft and Google cloud security executive and founding member of OSC&R. "Tools that standardize on OSC&R will provide continuity and cohesiveness that many security strategies are often lacking."
News URL
https://www.helpnetsecurity.com/2023/03/31/oscar-open-software-supply-chain-attack-framework-github/
Related news
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Evilginx: Open-source man-in-the-middle attack framework (source)
- It's only a matter of time before LLMs jump start supply-chain attacks (source)
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)