The reviewed record of science sign in
Pith

arxiv: 2307.16557 · v1 · pith:T7HQWTEA · submitted 2023-07-31 · cs.CR

S3C2 Summit 2023-02: Industry Secure Supply Chain Summit

Reviewed by Pithpith:T7HQWTEAopen to challenge →

classification cs.CR
keywords chainsoftwaresupplysummitindustrysecurepractitionersattacks
0
0 comments X
read the original abstract

Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing fatal damage to businesses and organizations. Past well-known examples of software supply chain attacks are the SolarWinds or log4j incidents that have affected thousands of customers and businesses. The US government and industry are equally interested in enhancing software supply chain security. On February 22, 2023, researchers from the NSF-supported Secure Software Supply Chain Center (S3C2) conducted a Secure Software Supply Chain Summit with a diverse set of 17 practitioners from 15 companies. The goal of the Summit is to enable sharing between industry practitioners having practical experiences and challenges with software supply chain security and helping to form new collaborations. We conducted six-panel discussions based upon open-ended questions regarding software bill of materials (SBOMs), malicious commits, choosing new dependencies, build and deploy,the Executive Order 14028, and vulnerable dependencies. The open discussions enabled mutual sharing and shed light on common challenges that industry practitioners with practical experience face when securing their software supply chain. In this paper, we provide a summary of the Summit. Full panel questions can be found in the appendix.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 2 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. S3C2 Summit 2025-09: Industry Secure Supply Chain Summit

    cs.CR 2026-05 unverdicted novelty 2.0

    The paper summarizes key takeaways from an industry-academia summit on securing software supply chains, covering vulnerable dependencies, malicious commits, build infrastructure, and related topics.

  2. S3C2 Summit 2025-07: Government Secure Supply Chain Summit

    cs.CR 2026-05 unverdicted novelty 1.0

    A descriptive report summarizing discussions from a government secure software supply chain summit covering SBOMs, compliance, malicious commits, build infrastructure, culture, and LLMs.