Following high-profile assaults like SolarWinds and Log4j, supply chain security has been all the rage, but there is no single, agreed-upon way to describe or quantify it. MITRE has developed a prototype framework for information and communications technology (ICT) that defines and quantifies supply chain risks and security concerns, including software.
The System of Trust (SoT) prototype framework developed by MITRE is essentially a standard process for evaluating suppliers, supplies, and service providers. It can be used to examine a supplier or product across a business, not simply by cybersecurity professionals. Read More…