Suggestion: Add a new section to the "Guide to Security Tools" to cover tools that improve MTTR for OSS vulnerabilities #48
Comments
adriandiglio
added a commit
to adriandiglio/wg-security-tooling
that referenced
this issue
May 9, 2023
Added a section called Dependency Updated & Hygiene Tools. This is in reference to ossf#48 Signed-off-by: Adrian Diglio <[email protected]>
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary: add a new section to the Guide to Security Tools about tools that help improve OSS patching speed (i.e. Mean Time To Remediate (MTTR)). These are tools/capabilities that are recommended by the Secure Supply Chain Consumption Framework (S2C2F)
https://openssf.slack.com/archives/C019Q1VEA87/p1674671096846249
Tools that have functionality such as automatic OSS patching (i.e. Dependabot) and tools that present OSS vulnerabilities as comments in Pull Requests (i.e. such as Dependency Review in GitHub Advanced Security) are the types of tools that we believe development teams and organizations should be adopting.
The text was updated successfully, but these errors were encountered: