S3C2 Summit 2202-09: Industry Secure Suppy Chain Summit
Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:QOAMDX4Hrecord.jsonopen to challenge →
read the original abstract
Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing fatal damage to businesses and organizations. Past well-known examples of software supply chain attacks are the SolarWinds or log4j incidents that have affected thousands of customers and businesses. The US government and industry are equally interested in enhancing software supply chain security. We conducted six panel discussions with a diverse set of 19 practitioners from industry. We asked them open-ended questions regarding SBOMs, vulnerable dependencies, malicious commits, build and deploy, the Executive Order, and standards compliance. The goal of this summit was to enable open discussions, mutual sharing, and shedding light on common challenges that industry practitioners with practical experience face when securing their software supply chain. This paper summarizes the summit held on September 30, 2022.
This paper has not been read by Pith yet.
Forward citations
Cited by 2 Pith papers
-
S3C2 Summit 2025-09: Industry Secure Supply Chain Summit
The paper summarizes key takeaways from an industry-academia summit on securing software supply chains, covering vulnerable dependencies, malicious commits, build infrastructure, and related topics.
-
S3C2 Summit 2025-07: Government Secure Supply Chain Summit
A descriptive report summarizing discussions from a government secure software supply chain summit covering SBOMs, compliance, malicious commits, build infrastructure, culture, and LLMs.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.