Pith. sign in

REVIEW 2 cited by

S3C2 Summit 2023-02: Industry Secure Supply Chain Summit

Not yet reviewed by Pith; the record is open.

This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.

SPECIMEN: schema-true, not a live event

T0 review · schema-true

One-sentence machine reading of the paper's core claim.

pith:XXXXXXXX · record.json · timestamp

arxiv 2307.16557 v1 pith:T7HQWTEA submitted 2023-07-31 cs.CR

S3C2 Summit 2023-02: Industry Secure Supply Chain Summit

classification cs.CR
keywords chainsoftwaresupplysummitindustrysecurepractitionersattacks
verification ladder T0 review T1 audit T2 compute T3 formal T4 reserved
0 comments
read the original abstract

Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing fatal damage to businesses and organizations. Past well-known examples of software supply chain attacks are the SolarWinds or log4j incidents that have affected thousands of customers and businesses. The US government and industry are equally interested in enhancing software supply chain security. On February 22, 2023, researchers from the NSF-supported Secure Software Supply Chain Center (S3C2) conducted a Secure Software Supply Chain Summit with a diverse set of 17 practitioners from 15 companies. The goal of the Summit is to enable sharing between industry practitioners having practical experiences and challenges with software supply chain security and helping to form new collaborations. We conducted six-panel discussions based upon open-ended questions regarding software bill of materials (SBOMs), malicious commits, choosing new dependencies, build and deploy,the Executive Order 14028, and vulnerable dependencies. The open discussions enabled mutual sharing and shed light on common challenges that industry practitioners with practical experience face when securing their software supply chain. In this paper, we provide a summary of the Summit. Full panel questions can be found in the appendix.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 2 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. S3C2 Summit 2025-09: Industry Secure Supply Chain Summit

    cs.CR 2026-05 unverdicted novelty 2.0

    The paper summarizes key takeaways from an industry-academia summit on securing software supply chains, covering vulnerable dependencies, malicious commits, build infrastructure, and related topics.

  2. S3C2 Summit 2025-07: Government Secure Supply Chain Summit

    cs.CR 2026-05 unverdicted novelty 1.0

    A descriptive report summarizing discussions from a government secure software supply chain summit covering SBOMs, compliance, malicious commits, build infrastructure, culture, and LLMs.