Summary: add a new section to the Guide to Security Tools about tools that help improve OSS patching speed (i.e. Mean Time To Remediate (MTTR)). These are tools/capabilities that are recommended by the Secure Supply Chain Consumption Framework (S2C2F)
Tools that have functionality such as automatic OSS patching (i.e. Dependabot) and tools that present OSS vulnerabilities as comments in Pull Requests (i.e. such as Dependency Review in GitHub Advanced Security) are the types of tools that we believe development teams and organizations should be adopting.
Summary: add a new section to the Guide to Security Tools about tools that help improve OSS patching speed (i.e. Mean Time To Remediate (MTTR)). These are tools/capabilities that are recommended by the Secure Supply Chain Consumption Framework (S2C2F)
https://openssf.slack.com/archives/C019Q1VEA87/p1674671096846249
Tools that have functionality such as automatic OSS patching (i.e. Dependabot) and tools that present OSS vulnerabilities as comments in Pull Requests (i.e. such as Dependency Review in GitHub Advanced Security) are the types of tools that we believe development teams and organizations should be adopting.