{"id":49321,"date":"2022-11-16T18:00:00","date_gmt":"2022-11-16T18:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=124758"},"modified":"2022-11-16T18:00:00","modified_gmt":"2022-11-16T18:00:00","slug":"microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\/","title":{"rendered":"Microsoft contributes S2C2F to OpenSSF to improve supply chain security"},"content":{"rendered":"<p>On August 4, 2022, Microsoft publicly <a href=\"https:\/\/github.com\/ossf\/s2c2f\/blob\/main\/specification\/Secure_Supply_Chain_Consumption_Framework_(S2C2F).pdf\">shared a framework<\/a> that it has been using to secure its own development practices since 2019, the <a href=\"https:\/\/github.com\/ossf\/s2c2f\" target=\"_blank\" rel=\"noreferrer noopener\">Secure Supply Chain Consumption Framework<\/a> (S2C2F), previously the Open Source Software-Supply Chain Security (OSS-SSC) Framework. As a massive consumer of and contributor to open source, Microsoft understands the importance of a robust strategy around securing how developers consume and manage open source software (OSS) dependencies when building software. We are pleased to announce that the S2C2F has been <a href=\"https:\/\/openssf.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">adopted by the OpenSSF<\/a> under the Supply Chain Integrity Working Group and formed into its own Special Initiative Group (SIG). Our peers at the OpenSSF and across the globe agree with Microsoft when it comes to how fundamental this work is to improving supply chain security for everyone.<\/p>\n<h2>What is the S2C2F?<\/h2>\n<p>We built the S2C2F as a consumption-focused framework that uses a threat-based, risk-reduction approach to mitigate real-world threats. One of its primary strengths is how well it pairs with any producer-focused framework, such as SLSA.<sup>1<\/sup> The framework enumerates a list of real-world supply chain threats specific to OSS and explains how the framework\u2019s requirements mitigate those threats. It also includes a high-level platform- and software-agnostic set of focuses that are divided into eight different areas of practice:<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"alignleft size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/11\/OpenSSF.jpg\" alt=\"Sunburst chart conveying the eight areas of practice requirements to address the threats and reduce risk: ingest, inventory, update, enforce, audit, scan, rebuild, and fix and upstream. \" class=\"wp-image-124762\" width=\"439\" height=\"436\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/11\/OpenSSF.jpg 585w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/11\/OpenSSF-300x298.jpg 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/11\/OpenSSF-150x150.jpg 150w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/11\/OpenSSF-100x100.jpg 100w\" sizes=\"auto, (max-width: 439px) 100vw, 439px\"><\/figure>\n<\/div>\n<p>Each of the eight practices are comprised of requirements to address the threats and reduce risk. The requirements are organized into four levels of maturity. We have seen massive success with both internal and external projects who have adopted this framework. Using the S2C2F, teams and organizations can more efficiently prioritize their efforts in accordance with the maturity model. The ability to target a specific level of compliance within the framework means teams can make intentional and incremental progress toward reducing their supply chain risk.<\/p>\n<p>Each maturity level has a theme represented in Levels (1 to 4). <strong>Level 1<\/strong> represents the previous conventional wisdom of inventorying your OSS, scanning for known vulnerabilities, and then updating OSS dependencies, which is the minimum necessary for an OSS governance program. <strong>Level 2<\/strong> builds upon Level 1 by leveraging technology that helps improve your mean time to remediate (MTTR) vulnerabilities in OSS with the goal of patching faster than the adversary can operate. <strong>Level 3<\/strong> is focused on proactive security analysis combined with preventative controls that mitigate against accidental consumption of compromised or malicious OSS. <strong>Level 4<\/strong> represents controls that mitigate against the most sophisticated attacks but are also the controls that are the most difficult to implement at scale\u2014therefore, these should be considered aspirational and reserved for your dependencies in your most critical projects.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"2030\" height=\"1078\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/11\/OpenSSF-2.jpg\" alt=\"The S2C2F has four levels of maturity. Level 1: running a minimum OSS governance program. Level 2: improving MTTR vulnerabilities. Level 3: adding defenses from compromised OSS. Level 4: mitigating against the most sophisticated adversaries.\" class=\"wp-image-124765\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/11\/OpenSSF-2.jpg 2030w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/11\/OpenSSF-2-300x159.jpg 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/11\/OpenSSF-2-1024x544.jpg 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/11\/OpenSSF-2-768x408.jpg 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/11\/OpenSSF-2-1536x816.jpg 1536w\" sizes=\"auto, (max-width: 2030px) 100vw, 2030px\"><\/figure>\n<p>The S2C2F includes a guide to assess your organization\u2019s maturity, and an implementation guide that recommends tools from across the industry to help meet the framework requirements. For example, both <a href=\"https:\/\/docs.github.com\/en\/get-started\/learning-about-github\/about-github-advanced-security\" target=\"_blank\" rel=\"noreferrer noopener\">GitHub Advanced Security<\/a> (GHAS) and <a href=\"https:\/\/devblogs.microsoft.com\/devops\/integrate-security-into-your-developer-workflow-with-github-advanced-security-for-azure-devops\/\" target=\"_blank\" rel=\"noreferrer noopener\">GHAS on Azure DevOps<\/a> (ADO) already provide a suite of security tools that will help teams and organizations achieve S2C2F Level 2 compliance.<\/p>\n<h2>The S2C2F is critical to the future of supply chain security<\/h2>\n<p>According to Sonatype\u2019s 2022 State of the Software Supply Chain report,<sup>2<\/sup> supply chain attacks specifically targeting OSS have increased by 742 percent annually over the past three years. The S2C2F is designed from the ground up to protect developers from accidentally consuming malicious and compromised packages helping to mitigate supply chain attacks by decreasing consumption-based attack surfaces. As new threats emerge, the OpenSSF S2C2F SIG under the Supply Chain Integrity Working Group, led by a team from Microsoft, is committed to reviewing and maintaining the set of S2C2F requirements to address them.<\/p>\n<h2>Learn more<\/h2>\n<p><a href=\"https:\/\/github.com\/ossf\/s2c2f\/blob\/main\/specification\/framework.md\" target=\"_blank\" rel=\"noreferrer noopener\">View the S2C2F requirements<\/a> or <a href=\"https:\/\/github.com\/ossf\/s2c2f\/blob\/main\/specification\/Secure_Supply_Chain_Consumption_Framework_(S2C2F).pdf\" target=\"_blank\" rel=\"noreferrer noopener\">download the guide<\/a> now to see how you can improve the security of your OSS consumption practices in your team or organization. Come join the <a href=\"https:\/\/calendar.google.com\/calendar\/u\/0\/r?cid=czYzdm9lZmhwNWk5cGZsdGI1cTY3bmdwZXNAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ&amp;pli=1\" target=\"_blank\" rel=\"noreferrer noopener\">S2C2F community discussion<\/a> within the OpenSSF Supply Chain Integrity Working Group.<\/p>\n<p>To learn more about Microsoft Security solutions,&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/\">visit our&nbsp;website<\/a>.&nbsp;Bookmark the&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/blog\/\">Security blog<\/a>&nbsp;to keep up with our expert coverage on security matters. Also, follow us at&nbsp;<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noreferrer noopener\">@MSFTSecurity<\/a>&nbsp;for the latest news and updates on cybersecurity.<\/p>\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\">\n<p><sup>1<\/sup><a href=\"https:\/\/slsa.dev\/\" target=\"_blank\" rel=\"noreferrer noopener\">Supply chain Levels for Software Artifacts<\/a> (SLSA).<\/p>\n<p><sup>2<\/sup><a href=\"https:\/\/www.sonatype.com\/state-of-the-software-supply-chain\/introduction\" target=\"_blank\" rel=\"noreferrer noopener\">8<sup>th<\/sup> Annual State of the Software Supply Chain Report<\/a>, Sonatype.<\/p>\n<p> READ MORE <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/11\/16\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We are pleased to announce that the S2C2F has been adopted by the OpenSSF under the Supply Chain Integrity Working Group and formed into its own Special Initiative Group. Our peers at the OpenSSF and across the globe agree with Microsoft when it comes to how fundamental this work is to improving supply chain security for everyone.<br \/>\nThe post Microsoft contributes S2C2F to OpenSSF to improve supply chain security appeared first on Microsoft Security Blog. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":49322,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[276],"tags":[347,77,236,8612],"class_list":["post-49321","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-secure","tag-cybersecurity","tag-iot","tag-iot-security","tag-iot-security-series"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft contributes S2C2F to OpenSSF to improve supply chain security 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft contributes S2C2F to OpenSSF to improve supply chain security 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-16T18:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/11\/OpenSSF.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Microsoft contributes S2C2F to OpenSSF to improve supply chain security\",\"datePublished\":\"2022-11-16T18:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\\\/\"},\"wordCount\":728,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security.jpg\",\"keywords\":[\"Cybersecurity\",\"IoT\",\"IoT security\",\"IoT security series\"],\"articleSection\":[\"Microsoft Secure\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\\\/\",\"name\":\"Microsoft contributes S2C2F to OpenSSF to improve supply chain security 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security.jpg\",\"datePublished\":\"2022-11-16T18:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security.jpg\",\"width\":585,\"height\":581},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/cybersecurity\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Microsoft contributes S2C2F to OpenSSF to improve supply chain security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft contributes S2C2F to OpenSSF to improve supply chain security 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft contributes S2C2F to OpenSSF to improve supply chain security 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-11-16T18:00:00+00:00","og_image":[{"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/11\/OpenSSF.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Microsoft contributes S2C2F to OpenSSF to improve supply chain security","datePublished":"2022-11-16T18:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\/"},"wordCount":728,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/11\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security.jpg","keywords":["Cybersecurity","IoT","IoT security","IoT security series"],"articleSection":["Microsoft Secure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\/","url":"https:\/\/www.threatshub.org\/blog\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\/","name":"Microsoft contributes S2C2F to OpenSSF to improve supply chain security 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/11\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security.jpg","datePublished":"2022-11-16T18:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/11\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/11\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security.jpg","width":585,"height":581},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.threatshub.org\/blog\/tag\/cybersecurity\/"},{"@type":"ListItem","position":3,"name":"Microsoft contributes S2C2F to OpenSSF to improve supply chain security"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49321","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=49321"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49321\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/49322"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=49321"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=49321"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=49321"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}