Crosswalk with "Taxonomy of Attacks on OSS Supply Chains" by Ladisa et al

ossf / s2c2f

The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.

Other

167 stars 23 forks source link

Crosswalk with "Taxonomy of Attacks on OSS Supply Chains" by Ladisa et al #15

Open david-a-wheeler opened 1 year ago

david-a-wheeler commented 1 year ago

Crosswalk S2C2F with "Taxonomy of Attacks on OSS Supply Chains" by Ladisa et al. Perhaps we should use their terminology, or at least mention its alternative names.

jasminewang0 commented 1 year ago

Attempt at crosswalking with threats can be found in this shared document in our Google Drive. This will be discussed in a bi-weekly meeting.