Lessons From OSC&R on Protecting the Software Supply Chain

A new report from the Open Software Supply Chain Attack Reference (OSC&R) team provides a framework to reduce how much vulnerable software reaches production.