OWASP Software Component Verification Standard
The Software Component Verification Standard (SCVS is a community-driven effort to establish a framework for identifying activities, processes, and best practices which can help in identifying and reducing risk in a software supply chain.
Software supply chains involve technology, people, processes, environmental and geo-political factors, partnerships, and many other variables which make supply chains challenging to secure. Identifying and reducing risk in the software supply chain requires agility and iterative execution from cross-functional teams.
SCVS has the following goals:
- Develop a common taxonomy of activities, processes, and best-practices that can reduce risk in a software supply chain
- Devise a path for baselining and maturing software supply chain vigilance
