Infosec glossary entry

OSC&R

OSC&R :
Open Software supply Chain attack Reference

[…] is an open framework that provides a comprehensive, systematic and actionable way to understand attacker behaviors and techniques.
Like MITRE ATT&CK, OSC&R is organized into a clear and structured view of the tactics, techniques, and procedures (TTPs) used by adversaries. However, OSC&R is the first and only matrix that focuses specifically on the software supply chain attacks. It covers a wide range of attack vectors, including vulnerabilities in third-party libraries and components, supply chain attacks on build and deployment systems, and compromised or malicious software updates.
https://pbom.dev/

Related entries

Share 0
Tweet 0
Share 0

By jean-christoph

February 19, 2025

devsec, DevSecOps, supply chain
Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

this might interest you as well

ethics, incident response, resilience, security strategy

Lessons from Sun Tzu’s “The Art of War” in Cybersecurity: Timeless Wisdom or Outdated Tactics?

awareness training, Psychologie, ransomware, security awareness

Ransomware Resilience Starts in the Mind: Overcoming Cognitive Biases and Decision-Making Errors in Cybersecurity

AI, NIST, OWASP, risk management, threat intelligence

AI Cyber Security 2025: Key Threats and Essential Strategies for Your Business