OWASP Software Component Verification Standard

The Software Component Verification Standard (SCVS is a community-driven effort to establish a framework for identifying activities, processes, and best practices which can help in identifying and reducing risk in a software supply chain.

Software supply chains involve technology, people, processes, environmental and geo-political factors, partnerships, and many other variables which make supply chains challenging to secure. Identifying and reducing risk in the software supply chain requires agility and iterative execution from cross-functional teams.

SCVS has the following goals:

  • Develop a common taxonomy of activities, processes, and best-practices that can reduce risk in a software supply chain
  • Devise a path for baselining and maturing software supply chain vigilance