OpenSSF Joins Microsoft-Built Supply Chain Security Framework


The Open Source Security Foundation (OpenSSF) has announced the adoption of Secure Supply Chain Consumption Framework (S2C2F), a framework for using open source software that was created by Microsoft.

S2C2F, which has been in use at Microsoft since 2019 and was made public in August 2022, identifies actual threats to OSS and specifies steps that must be taken to counteract them. Utilizing a threat-based, risk-reduction strategy, the consumption-focused framework attempts to mitigate supply chain threats to the OSS.

Also Read: Top Three Open Source Security Risks and How to Mitigate Them

The basic governance practices (OSS inventory, vulnerability scanning, and dependencies updates), improving mean time to remediate (MTTR) vulnerabilities in OSS, proactive security analysis and controls, and mitigation against sophisticated attacks are all requirements that are organized on four levels of maturity.

Read More: OpenSSF Adopts Microsoft-Built Supply Chain Security Framework

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.