s2c2f
s2c2f copied to clipboard
ossf
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to secu...
On 2023-06-06 Melba Lopez walked through a number of comments on the S2C2 document. See the [WG meeting notes](https://docs.google.com/document/d/10Q_VOvKsGaYJoK-5yJY4868mTkYZjEo-6xV6ghYS84k/edit#) for the discussion we had then. We need to walk through...
Crosswalk S2C2F with ["Taxonomy of Attacks on OSS Supply Chains" by Ladisa et al.](https://arxiv.org/abs/2204.04008) Perhaps we should use their terminology, or at least mention its alternative names.
Per discussion 2023-02-28, S2C2F should ensure that expansion of binary patches is equivalent to what would be downloaded from scratch.
This Issue establishes the formal creation of this workstream under the S2C2F Project within the Supply Chain Integrity WG with a workstream lead and contributors. Working doc: ([link](https://docs.google.com/document/d/1UyvpC52feo7dZsDee2vQLWIMOjoD-dfAIr-cG0dqoHc/edit?usp=sharing)) This workstream...
LF formation team requested that the charter be removed as it was never formalized and no Series LLC exists, so this needs to removed.
# Dead Link The link `https://github.com/cncf/tag-security/blob/main/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf` in https://github.com/ossf/s2c2f/blob/af55382be27f76aa0a7937ee89eccb8d722bd667/specification/framework.md?plain=1#L410 is no longer functional. It seems to have moved to `https://github.com/cncf/tag-security/blob/main/community/working-groups/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf`. Suggestion: Change Link and use perma-link: `https://github.com/cncf/tag-security/blob/554168c3addcb49a1a21c9ca2aa0c95ff9192a76/community/working-groups/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf` # Withdrawn reference https://github.com/ossf/s2c2f/blob/af55382be27f76aa0a7937ee89eccb8d722bd667/specification/framework.md?plain=1#L405...
