# Preface Welcome to the Software Component Verification Standard (SCVS) version 1.0. The SCVS is a community-driven effort to establish a framework for identifying activities, controls, and best practices, which can help in identifying and reducing risk in a software supply chain. Managing risk in the software supply chain is important to reduce the surface area of systems vulnerable to exploits, and to measure technical debt as a barrier to remediation. Measuring and improving software supply chain assurance is crucial for success. Organizations with supply chain visibility are better equipped to protect their brand, increase trust, reduce time-to-market, and manage costs in the event of a supply chain incident. Software supply chains involve: * technology * people * processes * institutions * and additional variables Raising the bar for supply chain assurance requires the active participation of risk managers, mission owners, and business units like legal and procurement, which have not traditionally been involved with technical implementation. Determination of risk acceptance criteria is not a problem that can be solved by enterprise tooling: it is up to risk managers and business decision makers to evaluate the advantages and trade-offs of security measures based on system exposure, regulatory requirements, and constrained financial and human resources. Mandates that are internally unachievable, or that bring development or procurement to a standstill, constitute their own security and institutional risks. SCVS is designed to be implemented incrementally, and to allow organizations to phase in controls at different levels over time. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://owasp-scvs.gitbook.io/scvs/preface.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.