The reviewed record of science sign in
Pith

arxiv: 2505.10538 · v1 · pith:4CHTUTHM · submitted 2025-05-15 · cs.CR

S3C2 Summit 2024-09: Industry Secure Software Supply Chain Summit

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:4CHTUTHMrecord.jsonopen to challenge →

classification cs.CR
keywords softwaresupplychainsummitcompaniesindustrysecuresecurity
0
0 comments X
read the original abstract

While providing economic and software development value, software supply chains are only as strong as their weakest link. Over the past several years, there has been an exponential increase in cyberattacks, specifically targeting vulnerable links in critical software supply chains. These attacks disrupt the day-to-day functioning and threaten the security of nearly everyone on the internet, from billion-dollar companies and government agencies to hobbyist open-source developers. The ever-evolving threat of software supply chain attacks has garnered interest from the software industry and the US government in improving software supply chain security. On September 20, 2024, three researchers from the NSF-backed Secure Software Supply Chain Center (S3C2) conducted a Secure Software Supply Chain Summit with a diverse set of 12 practitioners from 9 companies. The goals of the Summit were to: (1) to enable sharing between individuals from different companies regarding practical experiences and challenges with software supply chain security, (2) to help form new collaborations, (3) to share our observations from our previous summits with industry, and (4) to learn about practitioners' challenges to inform our future research direction. The summit consisted of discussions of six topics relevant to the companies represented, including updating vulnerable dependencies, component and container choice, malicious commits, building infrastructure, large language models, and reducing entire classes of vulnerabilities.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 2 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. S3C2 Summit 2025-09: Industry Secure Supply Chain Summit

    cs.CR 2026-05 unverdicted novelty 2.0

    The paper summarizes key takeaways from an industry-academia summit on securing software supply chains, covering vulnerable dependencies, malicious commits, build infrastructure, and related topics.

  2. S3C2 Summit 2025-07: Government Secure Supply Chain Summit

    cs.CR 2026-05 unverdicted novelty 1.0

    A descriptive report summarizing discussions from a government secure software supply chain summit covering SBOMs, compliance, malicious commits, build infrastructure, culture, and LLMs.