The reviewed record of science sign in
Pith

arxiv: 2408.16529 · v1 · pith:TBBQDE4E · submitted 2024-08-29 · cs.CR

S3C2 Summit 2023-11: Industry Secure Supply Chain Summit

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:TBBQDE4Erecord.jsonopen to challenge →

classification cs.CR
keywords chainsupplysoftwareindustrysecuresummitsecuringstakeholders
0
0 comments X
read the original abstract

Cyber attacks leveraging or targeting the software supply chain, such as the SolarWinds and the Log4j incidents, affected thousands of businesses and their customers, drawing attention from both industry and government stakeholders. To foster open dialogue, facilitate mutual sharing, and discuss shared challenges encountered by stakeholders in securing their software supply chain, researchers from the NSF-supported Secure Software Supply Chain Center (S3C2) organize Secure Supply Chain Summits with stakeholders. This paper summarizes the Industry Secure Supply Chain Summit held on November 16, 2023, which consisted of \panels{} panel discussions with a diverse set of \participants{} practitioners from the industry. The individual panels were framed with open-ended questions and included the topics of Software Bills of Materials (SBOMs), vulnerable dependencies, malicious commits, build and deploy infrastructure, reducing entire classes of vulnerabilities at scale, and supporting a company culture conductive to securing the software supply chain. The goal of this summit was to enable open discussions, mutual sharing, and shedding light on common challenges that industry practitioners with practical experience face when securing their software supply chain.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 2 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. S3C2 Summit 2025-09: Industry Secure Supply Chain Summit

    cs.CR 2026-05 unverdicted novelty 2.0

    The paper summarizes key takeaways from an industry-academia summit on securing software supply chains, covering vulnerable dependencies, malicious commits, build infrastructure, and related topics.

  2. S3C2 Summit 2025-07: Government Secure Supply Chain Summit

    cs.CR 2026-05 unverdicted novelty 1.0

    A descriptive report summarizing discussions from a government secure software supply chain summit covering SBOMs, compliance, malicious commits, build infrastructure, culture, and LLMs.