OX security, the first end-to-end software supply chain security solution, recently announced the launch of OSC&R (Open Software Supply Chain Attack Reference), the first and only open framework for evaluating and understanding current threats to entire supply chain security.
Talks with hundreds of industry leaders disclosed an urgent need for a MITRE-like framework that would let experts better understand and evaluate supply chain risk, a process that to date was only based on experience and intuition. OSC&R is built to give a common language and structure for analyzing and understanding TTPs- tactics, techniques, and procedures used by threat actors to disrupt the security of software supply chains.
Dark Reading reports, “The founding consortium of cybersecurity leaders behind OSC&R include David Cross, former Microsoft, and Google cloud security executive; Neatsun Ziv, Co-Founder and CEO of OX Security; Lior Arzi, Co-Founder and CPO at OX Security; Hiroki Suezawa, Senior Security Engineer at GitLab; Eyal Paz, Head of Research at OX Security; Phil Quade, former CISO at Fortinet; Dr. Chenxi Wang, former OWASP Global Board member; Shai Sivan, CISO at Kaltura; Naor Penso, Head of Product Security at FICO; and Roy Feintuch, former Cloud CTO at Check Point Technologies.”
How does OX Security work?
OSC&R is now ready for use by security teams to analyze existing defenses and define which threats need to be addressed first,
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: