appsec in plain english
Discover & learn everything you'd need to know about Software Supply Chain Security[ivory-search id="2806" title="Default Search Form"]
Federal Risk and Authorization Management Program (FedRAMP)
The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security authorizations for Cloud Service Offerings. This report covers a company’s controls and its operating effectiveness.
MITRE System of Trust (SoT)
MITRE’s System of Trust (SoT) is a recently announced framework designed to help evaluate suppliers, supplies, and service providers; this is done to help mitigate software supply chain attacks. MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations and has helped formulate the SoT.
NIST SSDF is a framework designed to help insure the integrity of critical software infrastructure, spurred by executive order 16025. While compulsory for federal agencies, this framework may be applied to any government, private, public, or non-profit organization.
OpenSSF SLSA (formerly Google SLSA), announced in mid-2021, is a framework for ensuring the integrity of software artifacts throughout the software supply chain. SLSA is best described as a checklist of standards and controls to prevent tampering, improve software integrity, and secure packages and infrastructure. SLSA provides an industry standard for communicating a recognizable and ... Read more