InfoQ

Software Supply Chain Framework OSC&R Created to Help Mitigate Security Threats

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Nextgov

White House in talks with industry to build legal framework for software liability

SAN FRANCISCO — The Biden administration recently initiated discussions with software developers in an effort to craft frameworks that would legally incentivize the private sector to take steps to ...
The Patriot Ledger

A SOC for Supply Chain report can help reveal a business’s vulnerabilities

In March 2020, it was brought to light that the delivered version of SolarWinds Orion, a security monitoring software, was infected with malware. These types of attacks are an ever-present risk and a ...
Computer Weekly

A framework for software development self-service

Software development is associated with the idea of not reinventing the wheel, which means developers often select components or software libraries with pre-built functionality, rather than write code ...
CSOonline

New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs

A new open framework has been launched to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the ...
Dark Reading

Google: Use SLSA Framework for Better Software Security

Organizations should implement the Supply Chain Levels for Software Artifacts (SLSA) framework when building software to ensure better software security and integrity, advocates Google — after the ...
SD Times

SD Times Open-Source Project of the Week: Developer Productivity and Happiness Framework

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...