Closed joshuagl closed 4 months ago
I've just updated this PR to account for the removal of AUD-5 in #51
Any thoughts on this? It feels like a simple change which provides a readability win for new readers.
I just added a commit here which adds a threat entirely mitigated by maturity level 1, the node-ipc relicence to DBAD, to fix #49.
It felt appropriate to include it in this PR because both changes edit the same table (and were inspired by the same detailed readthrough).
I've started to review this
When thinking about S2C2F adoption I found myself wanting to easily understand at what level of maturity the different common OSS supply chain threats would be mitigated. I thought this information could be generally useful to other readers and potential adopters, so updated the specification text to include this as a column in the supply chain threats table.