s2c2f icon indicating copy to clipboard operation
s2c2f copied to clipboard

Published 20 hours ago verified publisher icon ossf

Map threats to maturity level

Open joshuagl opened this issue 1 year ago • 3 comments
trafficstars

When thinking about S2C2F adoption I found myself wanting to easily understand at what level of maturity the different common OSS supply chain threats would be mitigated. I thought this information could be generally useful to other readers and potential adopters, so updated the specification text to include this as a column in the supply chain threats table.

joshuagl avatar Apr 09 '24 12:04 joshuagl

I've just updated this PR to account for the removal of AUD-5 in #51

joshuagl avatar Apr 22 '24 17:04 joshuagl

Any thoughts on this? It feels like a simple change which provides a readability win for new readers.

joshuagl avatar May 01 '24 09:05 joshuagl

I just added a commit here which adds a threat entirely mitigated by maturity level 1, the node-ipc relicence to DBAD, to fix #49.

It felt appropriate to include it in this PR because both changes edit the same table (and were inspired by the same detailed readthrough).

joshuagl avatar May 01 '24 10:05 joshuagl

I've started to review this

tombedfordgit avatar May 24 '24 10:05 tombedfordgit