Infosec glossary entry
[...] is an open framework that provides a comprehensive, systematic and actionable way to understand attacker behaviors and techniques. Like MITRE ATT&CK, OSC&R is organized into a clear and structured view of the tactics, techniques, and procedures (TTPs) used by adversaries. However, OSC&R is the first and only matrix that focuses specifically on the software supply chain attacks. It covers a wide range of attack vectors, including vulnerabilities in third-party libraries and components, supply chain attacks on build and deployment systems, and compromised or malicious software updates. https://pbom.dev/
By jean-christoph
February 19, 2025
— And why your SOC might actually need a Bard 🐉⚔️ Cybersecurity teams are often compared to armies, fire brigades, or special forces. Personally? I think they’re much closer to a party of heroes in a classic fantasy role-playing game. No matter how many frameworks, SIEMs, or AI tools we summon, defending a digital kingdom
Read MoreIntroduction Sun Tzu’s "The Art of War" is a legendary strategic treatise written more than 2,500 years ago. Its enduring principles of warfare strategy have transcended military boundaries, influencing disciplines from business management to competitive sports. In today’s digital age, its relevance is increasingly apparent in the cybersecurity landscape, particularly for CISOs of medium-sized enterprises,
Read MoreWhy We Keep Losing Despite Stronger Security Controls Over the past three years, businesses have almost doubled their confidence in cybersecurity—rising from 32% in 2021 to 54% in 2024 (The Global Cost of Ransomware Study, 2025). Despite this, ransomware’s impact has only grown: 40% of affected companies suffered significant revenue losses, 58% experienced operational downtime,
Read More