TEL AVIV, Israel, Feb. 1, 2023 /PRNewswire/ — OX Safety, the primary end-to-end software program provide chain safety resolution, at this time introduced the launch of OSC&R (Open Software program Provide Chain Assault Reference), the primary and solely open framework for understanding and evaluating present threats to complete software program provide chain safety.
The founding consortium of cybersecurity leaders behind OSC&R embrace: David Cross, former Microsoft and Google cloud safety govt; Neatsun Ziv, Co-Founder and CEO of OX Safety; Lior Arzi, Co-Founder and CPO at OX Safety; Hiroki Suezawa, Senior Safety Engineer at GitLab; Eyal Paz, Head of Analysis at OX Safety; Phil Quade, former CISO at Fortinet; Dr. Chenxi Wang, former OWASP International Board member; Shai Sivan, CISO at Kaltura; Naor Penso, Head of Product Safety at FICO; and Roy Feintuch, former Cloud CTO at Verify Level Applied sciences.
Discussions with a whole lot of business leaders revealed that there was a really concrete want for a MITRE-like framework that may permit consultants to higher perceive and measure provide chain threat, a course of that till now may solely be primarily based on instinct and expertise. OSC&R is designed to supply a standard language and construction for understanding and analyzing the ways, strategies, and procedures (TTPs) utilized by adversaries to compromise the safety of software program provide chains.
“Attempting to speak about provide chain safety with no frequent understanding of what constitutes the software program provide chain is not productive,” mentioned Neatsun Ziv, who served as Verify Level’s VP of Cyber Safety earlier than founding OX. “With out an agreed-upon definition of the software program provide chain, safety methods are sometimes siloed.”
OSC&R is now prepared for use by safety groups to guage present defenses and outline which threats have to be prioritized, how present protection addresses these threats, in addition to to assist monitor behaviors of attacker teams.
“OSC&R helps safety groups construct their safety technique with confidence,” mentioned Hiroki Suezawa, Senior Safety Engineer at Gitlab. “We needed to provide the safety neighborhood a single level of reference to proactively assess their very own methods for securing their software program provide chains and to check options,” he continued.
The OSC&R framework will replace as new ways and strategies emerge and evolve. It’ll additionally help red-teaming actions by serving to set the scope required for a pentest or a purple workforce train, serving as a scorecard each throughout and after the take a look at. The framework may even now be open for different cybersecurity leaders and practitioners to contribute to OSC&R.
“I consider the OSC&R framework will assist organizations cut back their assault floor,” mentioned Naor Penso, Head of Product Safety at FICO. “I’m proud to participate in a undertaking that may have such a significant affect on the long run safety panorama, and to share our data and experience.”
The OSC&R framework is now on-line: https://pbom.dev/
About OX Safety
OX Safety believes that safety must be an integral a part of the software program growth course of, not an afterthought. Based by Neatsun Ziv and Lior Arzi, who beforehand led Verify Level’s Safety Group, OX is the primary end-to-end software program provide chain safety resolution. OX offers DevSecOps groups with the automation, visibility, and threat insights they should convey safety and integrity to each step of the provision chain, from the earliest planning phases till deployment to manufacturing.
SOURCE Ox Safety