Related papers: S3C2 Summit 2023-11: Industry Secure Supply Chain Summit

S3C2 Summit 2023-11: Industry Secure Supply Chain Summit

URL: http://arxiv.org/abs/2408.16529v1
Date: Thu, 29 Aug 2024 13:40:06 GMT
Title: S3C2 Summit 2023-11: Industry Secure Supply Chain Summit
Authors: Nusrat Zahan, Yasemin Acar, Michel Cukier, William Enck, Christian Kästner, Alexandros Kapravelos, Dominik Wermke, Laurie Williams,
Abstract summary: This paper summarizes the Industry Secure Supply Chain Summit held on November 16, 2023. The goal of this summit was to enable open discussions, mutual sharing, and shedding light on common challenges that industry practitioners with practical experience face when securing their software supply chain.
Score: 60.025314516749205
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Cyber attacks leveraging or targeting the software supply chain, such as the SolarWinds and the Log4j incidents, affected thousands of businesses and their customers, drawing attention from both industry and government stakeholders. To foster open dialogue, facilitate mutual sharing, and discuss shared challenges encountered by stakeholders in securing their software supply chain, researchers from the NSF-supported Secure Software Supply Chain Center (S3C2) organize Secure Supply Chain Summits with stakeholders. This paper summarizes the Industry Secure Supply Chain Summit held on November 16, 2023, which consisted of \panels{} panel discussions with a diverse set of \participants{} practitioners from the industry. The individual panels were framed with open-ended questions and included the topics of Software Bills of Materials (SBOMs), vulnerable dependencies, malicious commits, build and deploy infrastructure, reducing entire classes of vulnerabilities at scale, and supporting a company culture conductive to securing the software supply chain. The goal of this summit was to enable open discussions, mutual sharing, and shedding light on common challenges that industry practitioners with practical experience face when securing their software supply chain.

Related papers

Enhancing Supply Chain Visibility with Knowledge Graphs and Large Language Models [49.898152180805454]
This paper presents a novel framework leveraging Knowledge Graphs (KGs) and Large Language Models (LLMs) to enhance supply chain visibility. Our zero-shot, LLM-driven approach automates the extraction of supply chain information from diverse public sources. With high accuracy in NER and RE tasks, it provides an effective tool for understanding complex, multi-tiered supply networks.
arXiv Detail & Related papers (2024-08-05T17:11:29Z)
Enhancing Software Supply Chain Resilience: Strategy For Mitigating Software Supply Chain Security Risks And Ensuring Security Continuity In Development Lifecycle [0.0]
This article delves into the strategic approaches and preventive measures necessary to safeguard the software supply chain against evolving threats. It aims to foster an understanding of the challenges and vulnerabilities inherent in software supply chain resilience. The article contributes to the ongoing effort to strengthen the security posture of software supply chains.
arXiv Detail & Related papers (2024-07-08T18:10:47Z)
An Industry Interview Study of Software Signing for Supply Chain Security [5.433194344896805]
Many cybersecurity frameworks, standards, and regulations recommend the use of software signing. Recent surveys have found that the adoption rate and quality of software signatures are low. We interviewed 18 high-ranking industry practitioners across 13 organizations.
arXiv Detail & Related papers (2024-06-12T13:30:53Z)
S3C2 Summit 2024-03: Industry Secure Supply Chain Summit [51.12259456590232]
Supply chain security has become a very important vector to consider when defending against adversary attacks. On March 7th, 2024 researchers from the Secure Software Supply Chain Center (S3C2) gathered 14 industry leaders, developers and consumers of the open source ecosystem to discuss the state of supply chain security. The goal of the summit is to share insights between companies and developers alike to foster new collaborations and ideas moving forward.
arXiv Detail & Related papers (2024-05-14T16:53:14Z)
Analyzing Maintenance Activities of Software Libraries [65.268245109828]
Industrial applications heavily integrate open-source software libraries nowadays. I want to introduce an automatic monitoring approach for industrial applications to identify open-source dependencies that show negative signs regarding their current or future maintenance activities.
arXiv Detail & Related papers (2023-06-09T16:51:25Z)
Towards Security Enhancement of Blockchain-based Supply Chain Management [0.0]
The cybersecurity of modern systems has dramatically increased attention from both industrial and academia perspectives. This paper shed the light on the blockchain and specifically on a smart contract technology which been used to handle the process of creation, verification and checking data over the supply chain management process.
arXiv Detail & Related papers (2022-09-11T18:52:11Z)
Will bots take over the supply chain? Revisiting Agent-based supply chain automation [71.77396882936951]
Agent-based supply chains have been proposed since early 2000; industrial uptake has been lagging. We find that agent-based technology has matured, and other supporting technologies that are penetrating supply chains are filling in gaps. For example, the ubiquity of IoT technology helps agents "sense" the state of affairs in a supply chain and opens up new possibilities for automation.
arXiv Detail & Related papers (2021-09-03T18:44:26Z)
'They're all about pushing the products and shiny things rather than fundamental security' Mapping Socio-technical Challenges in Securing the Smart Home [1.52292571922932]
Insecure connected devices can cause serious threats not just to smart home owners, but also the underlying infrastructural network as well. There has been increasing academic and regulatory interest in addressing cybersecurity risks from both the standpoint of Internet of Things (IoT) vendors and that of end-users. We interviewed 13 experts in the field of IoT and identified three main categories of barriers to making IoT products usably secure.
arXiv Detail & Related papers (2021-05-25T08:38:36Z)
A System for Automated Open-Source Threat Intelligence Gathering and Management [53.65687495231605]
SecurityKG is a system for automated OSCTI gathering and management. It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
arXiv Detail & Related papers (2021-01-19T18:31:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.