Related papers: S3C2 SICP Summit 2025-06: Vulnerability Response Summit

S3C2 SICP Summit 2025-06: Vulnerability Response Summit

URL: http://arxiv.org/abs/2512.02600v1
Date: Tue, 02 Dec 2025 10:05:41 GMT
Title: S3C2 SICP Summit 2025-06: Vulnerability Response Summit
Authors: Anna Lena Rotthaler, Simon Oberthür, Juraj Somorovsky, Kirsten Thommes, Simon Trang, Yasemin Acar, Michel Cukier, William Enck, Alexandros Kapravelos, Christian Kästner, Dominik Wermke, Laurie Williams,
Abstract summary: Researchers from the NSF-supported Secure Software Supply Chain Center (S3C2) and the Software Innovation Campus Paderborn (SICP) conducted a Vulnerability Response Summit.<n>The goal of the Summit is to enable sharing between industry practitioners having practical experiences and challenges with software supply chain security.
Score: 51.90004414779634
License: http://creativecommons.org/licenses/by-nc-sa/4.0/
Abstract: Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing significant damage to businesses and organizations. The US and EU governments and industry are equally interested in enhancing software security, including supply chain and vulnerability response. On June 26, 2025, researchers from the NSF-supported Secure Software Supply Chain Center (S3C2) and the Software Innovation Campus Paderborn (SICP) conducted a Vulnerability Response Summit with a diverse set of 9 practitioners from 9 companies. The goal of the Summit is to enable sharing between industry practitioners having practical experiences and challenges with software supply chain security, including vulnerability response, and helping to form new collaborations. We conducted five panel discussions based on open-ended questions regarding experiences with vulnerability reports, tools used for vulnerability discovery and management, organizational structures to report vulnerability response and management, preparedness and implementations for Cyber Resilience Act1 (CRA) and NIS22, and bug bounties. The open discussions enabled mutual sharing and shed light on common challenges that industry practitioners with practical experience face when securing their software supply chain, including vulnerability response. In this paper, we provide a summary of the Summit. Full panel questions can be found in the appendix.

Related papers

S3C2 Summit 2025-03: Industry Secure Supply Chain Summit [48.11564259257153]
Software supply chains provide immense economic and software development value.<n>In the past several years, there has been an exponential increase in cyberattacks targeting vulnerable links in critical software supply chains.<n>Four researchers from the NSF-backed Secure Software Supply Chain Center (S3C2) conducted a Secure Software Supply Chain Summit.
arXiv Detail & Related papers (2025-10-28T19:47:07Z)
S3C2 Summit 2024-09: Industry Secure Software Supply Chain Summit [50.93790634176803]
Over the past several years, there has been an exponential increase in cyberattacks targeting software supply chains.<n>The ever-evolving threat of software supply chain attacks has garnered interest from the software industry and the US government.<n>Three researchers from the NSF-backed Secure Software Supply Chain Center (S3C2) conducted a Secure Software Supply Chain Summit with a diverse set of 12 practitioners from 9 companies.
arXiv Detail & Related papers (2025-05-15T17:48:14Z)
S3C2 Summit 2024-08: Government Secure Supply Chain Summit [51.99432298381618]
Supply chain security has become a very important vector to consider when defending against adversary attacks.<n>On August 29, 2024 researchers from the Secure Software Supply Chain Center (S3C2) gathered 14 practitioners from 10 government agencies to discuss the state of supply chain security.<n>The goal of the summit is to share insights between companies and developers alike to foster new collaborations and ideas moving forward.
arXiv Detail & Related papers (2025-04-01T15:54:41Z)
S3C2 Summit 2023-11: Industry Secure Supply Chain Summit [60.025314516749205]
This paper summarizes the Industry Secure Supply Chain Summit held on November 16, 2023. The goal of this summit was to enable open discussions, mutual sharing, and shedding light on common challenges that industry practitioners with practical experience face when securing their software supply chain.
arXiv Detail & Related papers (2024-08-29T13:40:06Z)
Security Challenges of Complex Space Applications: An Empirical Study [0.0]
I investigate the security challenges of the development and management of complex space applications. I discuss the four most critical security challenges identified by the interviewed experts: verification of software artifacts, verification of the deployed application, single point of security failure, and data tampering by trusted stakeholders. I propose future research of new DevSecOps strategies, practices, and tools which would enable better methods of software integrity verification in the space and defense industries.
arXiv Detail & Related papers (2024-08-15T10:02:46Z)
S3C2 Summit 2024-03: Industry Secure Supply Chain Summit [51.12259456590232]
Supply chain security has become a very important vector to consider when defending against adversary attacks. On March 7th, 2024 researchers from the Secure Software Supply Chain Center (S3C2) gathered 14 industry leaders, developers and consumers of the open source ecosystem to discuss the state of supply chain security. The goal of the summit is to share insights between companies and developers alike to foster new collaborations and ideas moving forward.
arXiv Detail & Related papers (2024-05-14T16:53:14Z)
Adversarial Machine Learning and Cybersecurity: Risks, Challenges, and Legal Implications [0.4665186371356556]
In July 2022, the Center for Security and Emerging Technology at Georgetown University and the Program on Geopolitics, Technology, and Governance at the Stanford Cyber Policy Center convened a workshop of experts to examine the relationship between vulnerabilities in artificial intelligence systems and more traditional types of software vulnerabilities. Topics discussed included the extent to which AI vulnerabilities can be handled under standard cybersecurity processes, the barriers currently preventing the accurate sharing of information about AI vulnerabilities, legal issues associated with adversarial attacks on AI systems, and potential areas where government support could improve AI vulnerability management and mitigation.
arXiv Detail & Related papers (2023-05-23T22:27:53Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.