ossf
Reference: Dead Link to CNCF_SSCP_v1.pdf
Dead Link
The link https://github.com/cncf/tag-security/blob/main/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf in
https://github.com/ossf/s2c2f/blob/af55382be27f76aa0a7937ee89eccb8d722bd667/specification/framework.md?plain=1#L410
is no longer functional.
It seems to have moved to https://github.com/cncf/tag-security/blob/main/community/working-groups/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf.
Suggestion: Change Link and use perma-link: https://github.com/cncf/tag-security/blob/554168c3addcb49a1a21c9ca2aa0c95ff9192a76/community/working-groups/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf
Withdrawn reference
https://github.com/ossf/s2c2f/blob/af55382be27f76aa0a7937ee89eccb8d722bd667/specification/framework.md?plain=1#L405
This specification was withdrawn. The newest version can be found here: https://doi.org/10.6028/NIST.SP.800-161r1-upd1. I have not checked if they are comparable from their content and this might affect further references in the specification. Not sure if this should be fixed.
Login needed for reference
https://github.com/ossf/s2c2f/blob/af55382be27f76aa0a7937ee89eccb8d722bd667/specification/framework.md?plain=1#L407
This reference cannot be accessed without login.
For 1+2 I'm happy to contribute with a PR, if you agree on the change & accept PRs from strangers.
