OSC&R open software supply chain attack framework now on GitHub
31-Mar-23
An open framework for comprehending and assessing security vulnerabilities to the software supply chain is called OSC&R (Open Software Supply Chain Attack Reference). It is now accessible on GitHub and has the support of former American NSA Director Admiral Mike Rogers.
OSC&R, which is being spearheaded by OX Security, is a framework modelled after MITRE that aims to provide a common vocabulary and methodology for comprehending and analysing the tactics, methods, and procedures (TTPs) that adversaries use to undermine the security of software supply chains. It seeks to provide the security community with a single point of reference so that they can compare solutions and proactively evaluate their approaches to securing their software supply chains.
