Security News > 2023 > March > OSC&R open software supply chain attack framework now on GitHub

OSC&R is an open framework for understanding and evaluating software supply chain security threats.

Spearheaded by OX Security, OSC&R is a MITRE-like framework designed to provide a common language and structure for understanding and analyzing the tactics, techniques, and procedures used by adversaries to compromise the security of software supply chains.

It aims to give the security community a single point of reference to proactively assess their strategies for securing their software supply chains and to compare solutions.

For companies looking to build out a software supply chain security program, the OSC&R framework can help guide the effort.

Founding members of OSC&R share a common mission of helping security teams reduce their attack surface and build their security strategy with confidence.

"The velocity, diversity, and dynamic nature of the modern-day engineering ecosystem have reshaped the Software Supply Chain Security domain," said David Cross, former Microsoft and Google cloud security executive and founding member of OSC&R. "Tools that standardize on OSC&R will provide continuity and cohesiveness that many security strategies are often lacking."

News URL

https://www.helpnetsecurity.com/2023/03/31/oscar-open-software-supply-chain-attack-framework-github/