Enhancing Software Supply Chain Resilience: Strategy For Mitigating Software Supply Chain Security Risks And Ensuring Security Continuity In Development Lifecycle

• URL: http://arxiv.org/abs/2407.13785v1
• Date: Mon, 8 Jul 2024 18:10:47 GMT
• Title: Enhancing Software Supply Chain Resilience: Strategy For Mitigating Software Supply Chain Security Risks And Ensuring Security Continuity In Development Lifecycle
• Authors: Ahmed Akinsola, Abdullah Akinde,
• Abstract summary: This article delves into the strategic approaches and preventive measures necessary to safeguard the software supply chain against evolving threats. It aims to foster an understanding of the challenges and vulnerabilities inherent in software supply chain resilience. The article contributes to the ongoing effort to strengthen the security posture of software supply chains.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: This article delves into the strategic approaches and preventive measures necessary to safeguard the software supply chain against evolving threats. It aims to foster an understanding of the challenges and vulnerabilities inherent in software supply chain resilience and to promote transparency and trust in the digital infrastructure that underpins contemporary society. By examining the concept of software supply chain resilience and assessing the current state of supply chain security, the article provides a foundation for discussing strategies and practices that can mitigate security risks and ensure security continuity throughout the development lifecycle. Through this comprehensive analysis, the article contributes to the ongoing effort to strengthen the security posture of software supply chains, thereby ensuring the reliable and secure operation of digital systems in a connected world

Related papers

• SPOQchain: Platform for Secure, Scalable, and Privacy-Preserving Supply Chain Tracing and Counterfeit Protection [46.68279506084277]
  This work proposes SPOQchain, a novel blockchain-based platform that provides comprehensive traceability and originality verification. It provides an analysis of privacy and security aspects, demonstrating the need and qualification of SPOQchain for the future of supply chain tracing.
  arXiv  Detail & Related papers  (2024-08-30T07:15:43Z)
• S3C2 Summit 2023-11: Industry Secure Supply Chain Summit [60.025314516749205]
  This paper summarizes the Industry Secure Supply Chain Summit held on November 16, 2023. The goal of this summit was to enable open discussions, mutual sharing, and shedding light on common challenges that industry practitioners with practical experience face when securing their software supply chain.
  arXiv  Detail & Related papers  (2024-08-29T13:40:06Z)
• Enhancing Supply Chain Visibility with Knowledge Graphs and Large Language Models [49.898152180805454]
  This paper presents a novel framework leveraging Knowledge Graphs (KGs) and Large Language Models (LLMs) to enhance supply chain visibility. Our zero-shot, LLM-driven approach automates the extraction of supply chain information from diverse public sources. With high accuracy in NER and RE tasks, it provides an effective tool for understanding complex, multi-tiered supply networks.
  arXiv  Detail & Related papers  (2024-08-05T17:11:29Z)
• SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties [6.1570934202202725]
  This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain.
  arXiv  Detail & Related papers  (2024-06-14T15:16:09Z)
• SoK: A Defense-Oriented Evaluation of Software Supply Chain Security [3.165193382160046]
  We argue that the next stage of software supply chain security research and development will benefit greatly from a defense-oriented approach. This paper introduces the AStRA model, a framework for representing fundamental software supply chain elements and their causal relationships.
  arXiv  Detail & Related papers  (2024-05-23T18:53:48Z)
• Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
  We investigate the security implications of and software-based Open Radio Access Network (RAN) systems. We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
  arXiv  Detail & Related papers  (2024-05-03T07:18:45Z)
• Securing OPEN-RAN Equipment Using Blockchain-Based Supply Chain Verification [0.0]
  This paper puts forth a novel blockchain-based approach to secure OPEN-RAN equipment through its lifecycle. We architect a tamper-resistant ecosystem to track provenance. There is a vivid potential to make OPEN-RAN supply chains corner to corner secure, igniting further research and real-world deployment.
  arXiv  Detail & Related papers  (2024-02-27T15:58:32Z)
• Leveraging Traceability to Integrate Safety Analysis Artifacts into the Software Development Process [51.42800587382228]
  Safety assurance cases (SACs) can be challenging to maintain during system evolution. We propose a solution that leverages software traceability to connect relevant system artifacts to safety analysis models. We elicit design rationales for system changes to help safety stakeholders analyze the impact of system changes on safety.
  arXiv  Detail & Related papers  (2023-07-14T16:03:27Z)
• Trust in Software Supply Chains: Blockchain-Enabled SBOM and the AIBOM Future [28.67753149592534]
  This study introduces a blockchain-empowered architecture for SBOM sharing, leveraging verifiable credentials to allow for selective disclosure. This paper broadens the remit of SBOM to encompass AI systems, thereby coining the term AI Bill of Materials (AIBOM)
  arXiv  Detail & Related papers  (2023-07-05T07:56:48Z)
• Software supply chain: review of attacks, risk assessment strategies and security controls [0.13812010983144798]
  The software product is a source of cyber-attacks that target organizations by using their software supply chain as a distribution vector. We analyze the most common software supply chain attacks by providing the latest trend of analyzed attacks. This study introduces unique security controls to mitigate analyzed cyber-attacks and risks by linking them with real-life security incidence and attacks.
  arXiv  Detail & Related papers  (2023-05-23T15:25:39Z)
• Will bots take over the supply chain? Revisiting Agent-based supply chain automation [71.77396882936951]
  Agent-based supply chains have been proposed since early 2000; industrial uptake has been lagging. We find that agent-based technology has matured, and other supporting technologies that are penetrating supply chains are filling in gaps. For example, the ubiquity of IoT technology helps agents "sense" the state of affairs in a supply chain and opens up new possibilities for automation.
  arXiv  Detail & Related papers  (2021-09-03T18:44:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.