Artificial Intelligence | News | Insights | AiThority
[bsfp-cryptocurrency style=”widget-18″ align=”marquee” columns=”6″ coins=”selected” coins-count=”6″ coins-selected=”BTC,ETH,XRP,LTC,EOS,ADA,XLM,NEO,LTC,EOS,XEM,DASH,USDT,BNB,QTUM,XVG,ONT,ZEC,STEEM” currency=”USD” title=”Cryptocurrency Widget” show_title=”0″ icon=”” scheme=”light” bs-show-desktop=”1″ bs-show-tablet=”1″ bs-show-phone=”1″ custom-css-class=”” custom-id=”” css=”.vc_custom_1523079266073{margin-bottom: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

Cybersecurity Leaders Launch First Attack Matrix for Software Supply Chain Security

OX Security, the first end-to-end software supply chain security solution, announced the launch of OSC&R (Open Software Supply Chain Attack Reference)the first and only open framework for understanding and evaluating existing threats to entire software supply chain security.

The founding consortium of cybersecurity leaders behind OSC&R include: David Cross, former Microsoft and Google cloud security executive; Neatsun Ziv, Co-Founder and CEO of OX Security; Lior Arzi, Co-Founder and CPO at OX Security; Hiroki Suezawa, Senior Security Engineer at GitLab; Eyal Paz, Head of Research at OX Security; Phil Quade, former CISO at Fortinet; Dr. Chenxi Wang, former OWASP Global Board member; Shai Sivan, CISO at Kaltura; Naor Penso, Head of Product Security at FICO; and Roy Feintuch, former Cloud CTO at Check Point Technologies.

Recommended AI: Positon Launches PosiVault, an AI-Powered SaaS Application for Programmatic M&A

Discussions with hundreds of industry leaders revealed that there was a very concrete need for a MITRE-like framework that would allow experts to better understand and measure supply chain risk, a process that until now could only be  based on intuition and experience. OSC&R is designed to provide a common language  and structure for understanding and analyzing the tactics, techniques, and procedures (TTPs) used by adversaries to compromise the security of software supply chains.

“Trying to talk about supply chain security without a common understanding of what constitutes the software supply chain isn’t productive,” said Neatsun Ziv, who served as Check Point’s VP of Cyber Security before founding OX. “Without an agreed-upon definition of the software supply chain, security strategies are often siloed.”

OSC&R is now ready to be used by security teams to evaluate existing defenses and define which threats need to be prioritized, how existing coverage addresses those threats, as well as to help track behaviors of attacker groups.

Related Posts
1 of 40,311

Recommended AI: Himax Partners with Novatek to Unveil Industry Leading Ultralow Power Pre-Roll AI Solution for Battery Surveillance Camera

“OSC&R helps security teams build their security strategy with confidence,” said Hiroki Suezawa, Senior Security Engineer at Gitlab. “We wanted to give the security community a single point of reference to proactively assess their own strategies for securing their software supply chains and to compare solutions,” he continued.

The OSC&R framework will update as new tactics and techniques emerge and evolve. It will also assist red-teaming activities by helping set the scope required for a pentest or a red team exercise, serving as a scorecard both during and after the test. The framework will also now be open for other cybersecurity leaders and practitioners to contribute to OSC&R.

“I believe the OSC&R framework will help organizations reduce their attack surface,” said Naor Penso, Head of Product Security at FICO. “I am proud to take part in a project that can have such a major impact on the future security landscape, and to share our knowledge and expertise.”

Recommended AI: aelf Announces the form of aelf DAO, Enhancing Decentralization of Governance and Ecosystem Growth

[To share your insights with us, please write to sghosh@martechseries.com]

Comments are closed.