MITRE’s System of Trust (SoT) is a recently announced framework designed to help evaluate suppliers, supplies, and service providers; this is done to help mitigate software supply chain attacks. MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations and has helped formulate the SoT.
OpenSSF SLSA (formerly Google SLSA), announced in mid-2021, is a framework for ensuring the integrity of software artifacts throughout the software supply chain. SLSA is best described as a checklist of standards and controls to prevent tampering, improve software integrity, and secure packages and infrastructure. SLSA provides an industry standard for communicating a recognizable and … Read more