Microsoft has announced that it has approved the OpenSSF framework, which will allow the community it serves to extend and improve it. ..
Microsoft has been using S2C2F for the past three years as a way to secure how developers consume and manage OSS dependencies when building software. ..
OpenSSF, a community-led framework for hyperscale computing, today announced that Microsoft will continue to serve as the group’s leader. As necessary, OpenSSF will work closely with the other OpenSSF Working Groups, such as the Best Practices and End Users WGs. ..
OpenSSF’s Supply Chain Integrity Working Group adopted a consumption-centric framework to lessen actual cyber threats. This framework describes how the requirements address potential supply chain threats related to OpenSSF and identifies and lists those threats.
The main component of any software development team’s or organization’s supply chain, is the use of open source software. “The S2C2F criteria provide clarity and empower teams throughout the world to take action to improve security,” he continued. “Workflows for developers should include open source.”
