{"id":50771,"date":"2023-03-31T09:00:32","date_gmt":"2023-03-31T13:00:32","guid":{"rendered":"https:\/\/sdtimes.com\/?p=50771"},"modified":"2023-10-27T14:06:43","modified_gmt":"2023-10-27T18:06:43","slug":"sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix","status":"publish","type":"post","link":"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/","title":{"rendered":"SD Times Open-Source Project of the Week: OSC&R Software Supply Chain Attack Matrix"},"content":{"rendered":"

The OSC&R (Open Software Supply Chain Attack Reference) is an open source framework used for understanding and evaluating existing threats to entire software supply chain security.<\/span><\/p>\n

OSC&R was created to establish a standard language and structure for comprehending and evaluating the tactics, techniques, and procedures (TTPs) utilized by attackers to breach the security of software supply chains.\u00a0<\/span><\/p>\n

The goal is to provide the security community with a unified resource to evaluate their own approaches for securing software supply chains in advance and compare solutions, according to the framework’s founding members.\u00a0<\/span><\/p>\n

“In one episode of Star Trek, while working on vulnerabilities of the Enterprise in relation to the threat actor, Mr. Spock said, ‘Insufficient facts always invite danger, Captain!’ The same certainly holds true in cybersecurity, where a lack of information increases vulnerability. By increasing the community’s knowledge, OSC&R holds tremendous potential to mitigate dangers to the software supply chain and reduce the attack surface more broadly,” said Dineshwar Sahni, director of product security at VISA who also just joined the consortium of cybersecurity leaders behind OSC&R.<\/span><\/p>\n

OSC&R can be used by security teams to evaluate existing defenses, define which threats need to be prioritized, and how existing coverage addresses those threats, as well as to help track the behaviors of attacker groups.<\/span><\/p>\n

The project was added to GitHub earlier this week and was also recently endorsed by former U.S. National Security Agency Director Admiral Mike Rogers.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

The OSC&R (Open Software Supply Chain Attack Reference) is an open source framework used for understanding and evaluating existing threats to entire software supply chain security. OSC&R was created to establish a standard language and structure for comprehending and evaluating the tactics, techniques, and procedures (TTPs) utilized by attackers to breach the security of software … continue reading<\/a><\/p>\n","protected":false},"author":871,"featured_media":50772,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"cybocfi_hide_featured_image":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[1,15866],"tags":[102,45,1141,16101],"coauthors":[14818],"acf":[],"yoast_head":"\nSD Times Open-Source Project of the Week: OSC&R Software Supply Chain Attack Matrix - SD Times<\/title>\n<meta name=\"description\" content=\"The OSC&R (Open Software Supply Chain Attack Reference) \u2013 used for understanding and evaluating existing threats to entire software supply chain security \u2013 is now available on GitHub.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SD Times Open-Source Project of the Week: OSC&R Software Supply Chain Attack Matrix - SD Times\" \/>\n<meta property=\"og:description\" content=\"The OSC&R (Open Software Supply Chain Attack Reference) \u2013 used for understanding and evaluating existing threats to entire software supply chain security \u2013 is now available on GitHub.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/\" \/>\n<meta property=\"og:site_name\" content=\"SD Times\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/SDTimesD2\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-31T13:00:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-27T18:06:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-30-at-4.48.37-PM.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"740\" \/>\n\t<meta property=\"og:image:height\" content=\"659\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jakub Lewkowicz\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:site\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jakub Lewkowicz\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/\"},\"author\":{\"name\":\"Jakub Lewkowicz\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/0ccf41924f263cbae6638a4df0210f42\"},\"headline\":\"SD Times Open-Source Project of the Week: OSC&R Software Supply Chain Attack Matrix\",\"datePublished\":\"2023-03-31T13:00:32+00:00\",\"dateModified\":\"2023-10-27T18:06:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/\"},\"wordCount\":262,\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-30-at-4.48.37-PM.jpg\",\"keywords\":[\"open source\",\"security\",\"software development\",\"Supply Chain Security\"],\"articleSection\":[\"Latest News\",\"Open Source Project of the Week\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/\",\"url\":\"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/\",\"name\":\"SD Times Open-Source Project of the Week: OSC&R Software Supply Chain Attack Matrix - SD Times\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-30-at-4.48.37-PM.jpg\",\"datePublished\":\"2023-03-31T13:00:32+00:00\",\"dateModified\":\"2023-10-27T18:06:43+00:00\",\"description\":\"The OSC&R (Open Software Supply Chain Attack Reference) \u2013 used for understanding and evaluating existing threats to entire software supply chain security \u2013 is now available on GitHub.\",\"breadcrumb\":{\"@id\":\"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/#primaryimage\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-30-at-4.48.37-PM.jpg\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-30-at-4.48.37-PM.jpg\",\"width\":740,\"height\":659},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/sdtimes.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SD Times Open-Source Project of the Week: OSC&R Software Supply Chain Attack Matrix\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sdtimes.com\/#website\",\"url\":\"https:\/\/sdtimes.com\/\",\"name\":\"SD Times\",\"description\":\"Software Development News\",\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sdtimes.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/sdtimes.com\/#organization\",\"name\":\"SD Times\",\"url\":\"https:\/\/sdtimes.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"width\":225,\"height\":90,\"caption\":\"SD Times\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/SDTimesD2\",\"https:\/\/x.com\/sdtimes\",\"https:\/\/www.linkedin.com\/company\/sdtimes\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/0ccf41924f263cbae6638a4df0210f42\",\"name\":\"Jakub Lewkowicz\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/image\/a061823dfc0b893ed859b59dc9554372\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fec6c7c06cf379ac99029d9c59940dab?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fec6c7c06cf379ac99029d9c59940dab?s=96&d=mm&r=g\",\"caption\":\"Jakub Lewkowicz\"},\"description\":\"Jakub Lewkowicz is a multimedia journalist who loves all things tech. Polish-born and Long Island-bred, he is an Online and Social Media Editor for SD Times. He is also a Carnegie Hall pianist and music producer.\",\"url\":\"https:\/\/sdtimes.com\/author\/jakub-lewkowicz\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SD Times Open-Source Project of the Week: OSC&R Software Supply Chain Attack Matrix - SD Times","description":"The OSC&R (Open Software Supply Chain Attack Reference) \u2013 used for understanding and evaluating existing threats to entire software supply chain security \u2013 is now available on GitHub.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/","og_locale":"en_US","og_type":"article","og_title":"SD Times Open-Source Project of the Week: OSC&R Software Supply Chain Attack Matrix - SD Times","og_description":"The OSC&R (Open Software Supply Chain Attack Reference) \u2013 used for understanding and evaluating existing threats to entire software supply chain security \u2013 is now available on GitHub.","og_url":"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/","og_site_name":"SD Times","article_publisher":"https:\/\/www.facebook.com\/SDTimesD2","article_published_time":"2023-03-31T13:00:32+00:00","article_modified_time":"2023-10-27T18:06:43+00:00","og_image":[{"width":740,"height":659,"url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-30-at-4.48.37-PM.jpg","type":"image\/jpeg"}],"author":"Jakub Lewkowicz","twitter_card":"summary_large_image","twitter_creator":"@sdtimes","twitter_site":"@sdtimes","twitter_misc":{"Written by":"Jakub Lewkowicz","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/#article","isPartOf":{"@id":"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/"},"author":{"name":"Jakub Lewkowicz","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/0ccf41924f263cbae6638a4df0210f42"},"headline":"SD Times Open-Source Project of the Week: OSC&R Software Supply Chain Attack Matrix","datePublished":"2023-03-31T13:00:32+00:00","dateModified":"2023-10-27T18:06:43+00:00","mainEntityOfPage":{"@id":"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/"},"wordCount":262,"publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"image":{"@id":"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-30-at-4.48.37-PM.jpg","keywords":["open source","security","software development","Supply Chain Security"],"articleSection":["Latest News","Open Source Project of the Week"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/","url":"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/","name":"SD Times Open-Source Project of the Week: OSC&R Software Supply Chain Attack Matrix - SD Times","isPartOf":{"@id":"https:\/\/sdtimes.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/#primaryimage"},"image":{"@id":"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-30-at-4.48.37-PM.jpg","datePublished":"2023-03-31T13:00:32+00:00","dateModified":"2023-10-27T18:06:43+00:00","description":"The OSC&R (Open Software Supply Chain Attack Reference) \u2013 used for understanding and evaluating existing threats to entire software supply chain security \u2013 is now available on GitHub.","breadcrumb":{"@id":"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/#primaryimage","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-30-at-4.48.37-PM.jpg","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-30-at-4.48.37-PM.jpg","width":740,"height":659},{"@type":"BreadcrumbList","@id":"https:\/\/sdtimes.com\/software-development\/sd-times-open-source-project-of-the-week-oscr-software-supply-chain-attack-matrix\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sdtimes.com\/"},{"@type":"ListItem","position":2,"name":"SD Times Open-Source Project of the Week: OSC&R Software Supply Chain Attack Matrix"}]},{"@type":"WebSite","@id":"https:\/\/sdtimes.com\/#website","url":"https:\/\/sdtimes.com\/","name":"SD Times","description":"Software Development News","publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sdtimes.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/sdtimes.com\/#organization","name":"SD Times","url":"https:\/\/sdtimes.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","width":225,"height":90,"caption":"SD Times"},"image":{"@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/SDTimesD2","https:\/\/x.com\/sdtimes","https:\/\/www.linkedin.com\/company\/sdtimes\/"]},{"@type":"Person","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/0ccf41924f263cbae6638a4df0210f42","name":"Jakub Lewkowicz","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/image\/a061823dfc0b893ed859b59dc9554372","url":"https:\/\/secure.gravatar.com\/avatar\/fec6c7c06cf379ac99029d9c59940dab?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fec6c7c06cf379ac99029d9c59940dab?s=96&d=mm&r=g","caption":"Jakub Lewkowicz"},"description":"Jakub Lewkowicz is a multimedia journalist who loves all things tech. Polish-born and Long Island-bred, he is an Online and Social Media Editor for SD Times. He is also a Carnegie Hall pianist and music producer.","url":"https:\/\/sdtimes.com\/author\/jakub-lewkowicz\/"}]}},"_links":{"self":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/50771"}],"collection":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/users\/871"}],"replies":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/comments?post=50771"}],"version-history":[{"count":2,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/50771\/revisions"}],"predecessor-version":[{"id":50830,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/50771\/revisions\/50830"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media\/50772"}],"wp:attachment":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media?parent=50771"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/categories?post=50771"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/tags?post=50771"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/coauthors?post=50771"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}