Lessons From OSC&R on Protecting the Software Supply Chain

A new report from the Open Software Supply Chain Attack Reference (OSC&R) team provides a framework to reduce how much vulnerable software reaches production.

https://www.darkreading.com/application-security/lessons-from-osc-r-on-protecting-the-software-supply-chain