Security News > 2023 > March > OSC&R open software supply chain attack framework now on GitHub
OSC&R is an open framework for understanding and evaluating software supply chain security threats.
Spearheaded by OX Security, OSC&R is a MITRE-like framework designed to provide a common language and structure for understanding and analyzing the tactics, techniques, and procedures used by adversaries to compromise the security of software supply chains.
It aims to give the security community a single point of reference to proactively assess their strategies for securing their software supply chains and to compare solutions.
For companies looking to build out a software supply chain security program, the OSC&R framework can help guide the effort.
Founding members of OSC&R share a common mission of helping security teams reduce their attack surface and build their security strategy with confidence.
"The velocity, diversity, and dynamic nature of the modern-day engineering ecosystem have reshaped the Software Supply Chain Security domain," said David Cross, former Microsoft and Google cloud security executive and founding member of OSC&R. "Tools that standardize on OSC&R will provide continuity and cohesiveness that many security strategies are often lacking."
News URL
https://www.helpnetsecurity.com/2023/03/31/oscar-open-software-supply-chain-attack-framework-github/
Related news
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)