U.1 Identify SSC Control Gaps Identify controls that have not been recorded in one or more SSC frameworks. Controls P.3.5 Prevent component vetting bypass Ensure developers are not bypassing the component vetting process D.1.5 Emergency artifact fix Fix a zero-day vulnerability. G.3.x Support Upstream Dependencies Sustainable open-source software. E.3.x Development Environment Scanning Tools Detect anomalies in the development infrastructure. D.1.x Establish Response Partnerships Develop external incident information sources through collaboration.