Current and former cybersecurity leaders such as Microsoft, Google, GitLab, Check Point, OWASP and Fortinet have already joined the open framework initiative led by OX Security.
Tel Aviv, Israel, February 1, 2023 /PR Newswire/ — OX Securityis the first end-to-end software supply chain security solution and today announced OSC&R (Open Software Supply Chain Attack Reference), The first and only open framework for understanding and assessing existing security threats across the software supply chain.
The founding consortium of cybersecurity leaders behind OSC&R includes: David Cross, former Microsoft and Google Cloud Security Executive. He is Neatsun Ziv, co-founder and CEO of OX Security. Lior Alji, co-founder and CPO of OX Security. Hiroki Suezawa, Senior Security Engineer at GitLab. Eyal PazHead of Research at OX Security. Phil Cade, former CISO of Fortinet.Doctor chenxi wanformer OWASP Global Board member. Shai SivanCISO of Kaltura. Naor Penso, Head of Product Security at FICO.When Roy FinetouchFormer Cloud CTO of Check Point Technologies.
Discussions with hundreds of industry leaders have revealed a very specific need for a MITER-like framework to help professionals better understand and measure supply chain risk. This is a process that until now could only be based on intuition and experience. OSC&R understands and analyzes the tactics, techniques, and procedures (TTPs) attackers use to compromise the software supply chain. It is designed to provide a common language and structure for
“It’s not productive to talk about supply chain security without a shared understanding of what constitutes a software supply chain,” says Neatsun, who was vice president of cyber security at Check Point before founding OX. Mr Ziv said. “Without an agreed definition of the software supply chain, security strategies are often siled.”
Security teams use OSC&R to assess existing defenses, define which threats need to be prioritized, how existing coverage addresses those threats, It can help you track your behavior.
“OSC&R helps security teams build a security strategy with confidence. We wanted to provide a single point of reference for comparison,” he continued.
The OSC&R framework will be updated as new tactics and techniques emerge and evolve. It also aids in red teaming efforts by helping set the required scope for pentesting or redteaming exercises and acting as a scorecard both during and after testing. The framework is also open for other cybersecurity leaders and practitioners to contribute to his OSC&R.
“We believe the OSC&R framework will help organizations reduce their attack surface.” Naor Penso, FICO’s Product Security Officer. “We are proud to be a part of a project that could have a significant impact on the security landscape of the future and to share our knowledge and expertise.”
The OSC&R framework is now online. https://pbom.dev/
About OX Security
OX Security believes security should be an integral part of the software development process, not an afterthought. Founded by Neatsun Ziv, Lior AljiFormerly leading Check Point’s Security Group, OX is the first end-to-end software supply chain security solution. OX gives DevSecOps teams the automation, visibility, and risk insight they need to bring security and integrity to every step of the supply chain, from early planning through deployment into production.
SOURCE Ox Security
