SDxCentral

First Annual OSC&R Report Reveals 95% of Organizations Have at Least One Severe Security Risk Within their Software Supply Chain

The Open Software Supply Chain Attack Reference (OSC&R) community is a collaborative effort dedicated to enhancing the security of software supply chains. Launched in February 2023 and spearheaded by ...
Dark Reading

Lessons From OSC&R on Protecting the Software Supply Chain

The complexity of today's software development — a mix of open source and third-party components, as well as internally developed code — has resulted in an abundance of vulnerabilities for attackers ...
InfoQ

Software Supply Chain Framework OSC&R Created to Help Mitigate Security Threats

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
SD Times

SD Times Open-Source Project of the Week: OSC&R Software Supply Chain Attack Matrix

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
Computer Weekly

OSC&R framework to stop supply chain attacks in the wild

A team of cyber security leaders and influencers have joined together to launch an open framework to help security teams improve their understanding of threats to their software supply chains, and ...
CSOonline

New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs

A new open framework has been launched to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the ...