Securing the Software Supply Chain: Research, Outreach, Education

Authors:
Laurie Williams, Yasemin Acar, Michel Cukier, William Enck, Alexandros Kapravelos, Christian Kästner, and Dominik Wermke.
Venue:
Request for Information on Open-Source Software Security: Areas of Long-Term Focus and Prioritization (RFI)
Date:
November 14, 2023
Type:
Other (non-peer reviewed) publication

Abstract

Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing fatal damage to businesses and organizations. Past well-known examples of software supply chain attacks are the SolarWinds or log4j incidents that have affected thousands of customers and businesses. The goal of this response is to aid the Open-Source Software Security Initiative (OS3I) in identifying focus areas for prioritization by sharing the outcomes of research, outreach, and education by the NSF-sponsored Secure Software Supply Chain Center (S3C2) since its inception in 2022. The S3C2 experiences and outcomes to date provide the authors with a unique purview of open challenges in securing the software supply chain