The reviewed record of science sign in
Pith

arxiv: 2308.06850 · v1 · pith:GQP3N6LY · submitted 2023-08-13 · cs.CR

S3C2 Summit 2023-06: Government Secure Supply Chain Summit

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:GQP3N6LYrecord.jsonopen to challenge →

classification cs.CR
keywords chainsoftwaresupplygovernmentsummitindustrysecureagencies
0
0 comments X
read the original abstract

Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing fatal damage to businesses and organizations. Past well-known examples of software supply chain attacks are the SolarWinds or log4j incidents that have affected thousands of customers and businesses. The US government and industry are equally interested in enhancing software supply chain security. On June 7, 2023, researchers from the NSF-supported Secure Software Supply Chain Center (S3C2) conducted a Secure Software Supply Chain Summit with a diverse set of 17 practitioners from 13 government agencies. The goal of the Summit was two-fold: (1) to share our observations from our previous two summits with industry, and (2) to enable sharing between individuals at the government agencies regarding practical experiences and challenges with software supply chain security. For each discussion topic, we presented our observations and take-aways from the industry summits to spur conversation. We specifically focused on the Executive Order 14028, software bill of materials (SBOMs), choosing new dependencies, provenance and self-attestation, and large language models. The open discussions enabled mutual sharing and shed light on common challenges that government agencies see as impacting government and industry practitioners when securing their software supply chain. In this paper, we provide a summary of the Summit.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 2 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. S3C2 Summit 2025-09: Industry Secure Supply Chain Summit

    cs.CR 2026-05 unverdicted novelty 2.0

    The paper summarizes key takeaways from an industry-academia summit on securing software supply chains, covering vulnerable dependencies, malicious commits, build infrastructure, and related topics.

  2. S3C2 Summit 2025-07: Government Secure Supply Chain Summit

    cs.CR 2026-05 unverdicted novelty 1.0

    A descriptive report summarizing discussions from a government secure software supply chain summit covering SBOMs, compliance, malicious commits, build infrastructure, culture, and LLMs.