OSC&R in the Wild: A New Look at the Most Common Software Supply Chain Exposures

This first-of-its-kind research report identifies trends and patterns of malicious behavior centered on software supply chain attacks. The research team analyzed over one hundred million software supply chain security alerts from tens of thousands of repositories, cloud-deployed applications, and organizations, and parsed them against the Open Software Supply Chain Attack Reference (OSC&R) framework.

Learn how adversaries view and target the attack surface of a software supply chain. Insights in this report provide a foundation that can enable your AppSec, DevOps, and Product Security teams to recognize, prioritize, and remediate weaknesses in their software development environments more effectively and efficiently.