TEL AVIV, Israel, Feb. 1, 2023 /PRNewswire/ — OX Security, the primary end-to-end software program provide chain safety answer, in the present day introduced the launch of OSC&R (Open Software Supply Chain Attack Reference), the primary and solely open framework for understanding and evaluating current threats to total software program provide chain safety.
The founding consortium of cybersecurity leaders behind OSC&R embody: David Cross, former Microsoft and Google cloud safety government; Neatsun Ziv, Co-Founder and CEO of OX Security; Lior Arzi, Co-Founder and CPO at OX Security; Hiroki Suezawa, Senior Security Engineer at GitLab; Eyal Paz, Head of Research at OX Security; Phil Quade, former CISO at Fortinet; Dr. Chenxi Wang, former OWASP Global Board member; Shai Sivan, CISO at Kaltura; Naor Penso, Head of Product Security at FICO; and Roy Feintuch, former Cloud CTO at Check Point Technologies.
Discussions with a whole bunch of trade leaders revealed that there was a really concrete want for a MITRE-like framework that will enable consultants to raised perceive and measure provide chain threat, a course of that till now may solely be primarily based on instinct and expertise. OSC&R is designed to supply a typical language and construction for understanding and analyzing the ways, strategies, and procedures (TTPs) utilized by adversaries to compromise the safety of software program provide chains.
“Trying to speak about provide chain safety and not using a frequent understanding of what constitutes the software program provide chain is not productive,” stated Neatsun Ziv, who served as Check Point’s VP of Cyber Security earlier than founding OX. “Without an agreed-upon definition of the software program provide chain, safety methods are sometimes siloed.”
OSC&R is now prepared for use by safety groups to guage current defenses and outline which threats must be prioritized, how current protection addresses these threats, in addition to to assist monitor behaviors of attacker teams.
“OSC&R helps safety groups construct their safety technique with confidence,” stated Hiroki Suezawa, Senior Security Engineer at Gitlab. “We needed to present the safety neighborhood a single level of reference to proactively assess their very own methods for securing their software program provide chains and to check options,” he continued.
The OSC&R framework will replace as new ways and strategies emerge and evolve. It can even help red-teaming actions by serving to set the scope required for a pentest or a crimson workforce train, serving as a scorecard each throughout and after the check. The framework can even now be open for different cybersecurity leaders and practitioners to contribute to OSC&R.
“I imagine the OSC&R framework will assist organizations scale back their assault floor,” stated Naor Penso, Head of Product Security at FICO. “I’m proud to participate in a undertaking that may have such a serious affect on the long run safety panorama, and to share our information and experience.”
The OSC&R framework is now on-line: https://pbom.dev/
About OX Security
OX Security believes that safety ought to be an integral a part of the software program improvement course of, not an afterthought. Founded by Neatsun Ziv and Lior Arzi, who beforehand led Check Point’s Security Group, OX is the primary end-to-end software program provide chain safety answer. OX offers DevSecOps groups with the automation, visibility, and threat insights they should carry safety and integrity to each step of the availability chain, from the earliest planning phases till deployment to manufacturing.
SOURCE Ox Security