Update the Supply Chain Best Practices whitepaper link (#1463)

* Update the Supply Chain Best Practices whitepaper link

v2 is now available!

Signed-off-by: Ben Cotton <[email protected]>

* Reorder by descending date

Signed-off-by: Ben Cotton <[email protected]>

---------

Signed-off-by: Ben Cotton <[email protected]>

Author: funnelfiasco

README.md

@@ -26,19 +26,19 @@ We aim to significantly reduce the probability and impact of attacks, breaches,
 
 Below is a list of publications by TAG Security. For a comprehensive collection of our works in various formats, please visit the [publications](community/publications/README.md) directory.
 
-| Publication | Date |
+| Publication | Latest Release |
 |-------------|------|
-| [Formal Verification for Policy Configurations](community/working-groups/archive/policy/overview-policy-formal-verification.md) | August, 2019 |
 | [Catalog of Supply Chain Compromises](community/catalog/compromises) | November 2019 - Present |
-| [Software Supply Chain Best Practices](community/working-groups/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf) | May, 2021 |
-| [Evaluating your Supply Chain Security](community/working-groups/supply-chain-security/supply-chain-security-paper/secure-supply-chain-assessment.md) | May, 2021 |
-| [Cloud Native Security Lexicon](community/resources/security-lexicon/cloud-native-security-lexicon.md) | August, 2021 |
-| [Cloud Native Security Whitepaper](community/resources/security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-May2022-v2.pdf) | May, 2022 |
-| [Cloud Native Security Controls Catalog](community/working-groups/archive/controls/phase-one-announcement.md) | May, 2022 |
+| [Software Supply Chain Best Practices](community/working-groups/supply-chain-security/supply-chain-security-paper-v2/Software_Supply_Chain_Practices_whitepaper_v2.pdf) | March, 2025 |
+| [Open and Secure - A Manual for Practicing Threat Modeling to Assess and Fortify Open Source Security](community/assessments/Open_and_Secure.pdf) | November, 2023 |
 | [Handling Build-time Dependency Vulnerabilities](community/working-groups/archive/policy/overview-policy-build-time-dependency-vulns.md) | June, 2022 |
 | [Secure Software Factory: A Reference Architecture to Securing the Software Supply Chain](community/working-groups/supply-chain-security/secure-software-factory/Secure_Software_Factory_Whitepaper.pdf) | May, 2022 |
+| [Cloud Native Security Controls Catalog](community/working-groups/archive/controls/phase-one-announcement.md) | May, 2022 |
+| [Cloud Native Security Whitepaper](community/resources/security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-May2022-v2.pdf) | May, 2022 |
 | [Secure Defaults](community/resources/security-whitepaper/secure-defaults-cloud-native-8.md) | February, 2022 |
-| [Open and Secure - A Manual for Practicing Threat Modeling to Assess and Fortify Open Source Security](community/assessments/Open_and_Secure.pdf) | November, 2023 |
+| [Cloud Native Security Lexicon](community/resources/security-lexicon/cloud-native-security-lexicon.md) | August, 2021 |
+| [Evaluating your Supply Chain Security](community/working-groups/supply-chain-security/supply-chain-security-paper/secure-supply-chain-assessment.md) | May, 2021 |
+| [Formal Verification for Policy Configurations](community/working-groups/archive/policy/overview-policy-formal-verification.md) | August, 2019 |
 
 ## Governance