Jing-chang WANG,Gen-cai CHEN

DOI: https://doi.org/10.3969/j.issn.1671-7147.2005.02.008

2005-01-01

Abstract:There are a lot of risks in the software developing process. To control the risk, the sorts of risk are defined from the software development and project management. The paper presents four main parts of risk identification and risk analysis. The risks during software development process and possible solutions are analyzed while the risk quantity method, parameter model and experience data are presented. According to these risk identification methods and every phase situation of software development, the strategy of risk control is proposed. About eighty percent risk can be identified and controlled in the statistic application.

Yijun Shen,Xiang Gao,Hailong Sun,Yu Guo

DOI: https://doi.org/10.1007/s10664-024-10581-2

IF: 3.762

2024-11-08

Empirical Software Engineering

Abstract:Due to the dependency relations among software, vulnerabilities in software supply chains (SSC) may cause more serious security threats than independent software systems. This poses new challenges for ensuring software security including the spread of risks and the increase in maintenance costs.

computer science, software engineering

杨磊,郑仲玉,陈文钊

DOI: https://doi.org/10.3969/j.issn.1005-152x.2010.01.032

2010-01-01

Abstract:Through considering the definition,structural properties and stability of supply chains,the paper proposes an approach to supply chain risk management based on systems analysis method,which includes the supply chain risk classification based on multi-angle analysis,the enterprise activity inspection based on cause-effect analysis and the supply chain risk response system based on flowchart method and qualitative hierachical analysis,etc.It is hoped that the application of these systems analysis methods in SCM would improve that stability of supply chain systems and enable them to effectively avoid damage from possible risk exposure.

Betul Gokkaya,Leonardo Aniello,Basel Halak

DOI: https://doi.org/10.48550/arXiv.2305.14157

2023-05-23

Cryptography and Security

Abstract:The software product is a source of cyber-attacks that target organizations by using their software supply chain as a distribution vector. As the reliance of software projects on open-source or proprietary modules is increasing drastically, SSC is becoming more and more critical and, therefore, has attracted the interest of cyber attackers. While existing studies primarily focus on software supply chain attacks' prevention and detection methods, there is a need for a broad overview of attacks and comprehensive risk assessment for software supply chain security. This study conducts a systematic literature review to fill this gap. We analyze the most common software supply chain attacks by providing the latest trend of analyzed attacks, and we identify the security risks for open-source and third-party software supply chains. Furthermore, this study introduces unique security controls to mitigate analyzed cyber-attacks and risks by linking them with real-life security incidence and attacks.

Donglin Liu,Chunxiang Wang

2006-01-01

Abstract:In recent years the issue of supply chain risk has been pushed to the fore. Widespread disruptions caused by a variety of supply chain risk sources have underlined the vulnerability of modem supply chains. Supply chain risks can become full-fledged supply chain problems, causing unanticipated changes in flow due to disruptions or delays. This paper seeks to provide practitioners and academicians a starting point for understanding supply chain risks and insights as to how supply chain risks can be managed. To that end the authors go on to clarify the concept of supply chain risk management and to provide a working definition. Next, it describes three categories of risk sources in supply chains: environmental risk sources, intra-organizational risk sources and inter-organizational risk sources. Finally, the research analyzes supply chain risk/reward trade-offs and presents risk-mitigating strategies for the supply chain.

Marcela S. Melara,Mic Bowman

DOI: https://doi.org/10.48550/arXiv.2209.04006

2022-09-08

Cryptography and Security

Abstract:The software supply chain involves a multitude of tools and processes that enable software developers to write, build, and ship applications. Recently, security compromises of tools or processes has led to a surge in proposals to address these issues. However, these proposals commonly overemphasize specific solutions or conflate goals, resulting in unexpected consequences, or unclear positioning and usage. In this paper, we make the case that developing practical solutions is not possible until the community has a holistic view of the security problem; this view must include both the technical and procedural aspects. To this end, we examine three use cases to identify common security goals, and present a goal-oriented taxonomy of existing solutions demonstrating a holistic overview of software supply chain security.

Chang-bin CHEN,Li-xin MIU

DOI: https://doi.org/10.3969/j.issn.1009-6043.2009.10.045

2009-01-01

Abstract:Under the condition of competition and cooperation,allying type between enterprises promotes the formation of supply chain.Due to a large quantity of uncertain factors,the supply chain will be interrupted provided some risk appears,which shows the vulnerability of the whole supply chain,and all risks of supply chain occur hereby.The vulnerability of supply chain mainly contains valuing efficiency,outsourcing trend,global influence,concentrating production and sale,decrease of suppliers' number,frequent variation of need,and lack of visibility and confidence.The management methods of solving supply-chain risk consist of double-source purchase and multiparty purchase,suppliers' early involvement and construction of stable supply chain,etc.

Zhi-ping DU,Gui-yan HU,Yong-sheng LIU

DOI: https://doi.org/10.3969/j.issn.1007-8266.2011.06.010

2011-01-01

Abstract:The vulnerability of supply chain is an important factor that imposes impact on supply chain operations.Based on the recent study of the vulnerability of supply chain,the authors analyze the origination of the moral,market and decision risk of supply chain integration in such three fields as the complexity of supply chain integration,operation and environment.And these risks enhance the vulnerability of supply chain.To reduce the risk of supply chain and weaken the vulnerability of supply chain,we should strengthen the construction of corporate culture in the organization of supply chain,introduce the mechanism of "coordination",improve the "flexibility" of supply chain integration,deal with the relation between information resources and profit and rationally define the boundary of supply chain.

Yingwu Chen,Guoping Jiang

DOI: https://doi.org/10.1109/iemc.2004.1407480

2004-01-01

Abstract:This paper characterizes software industry and software project risk management in China nowadays, discusses the potential ways to improve risk management capability of Chinese software industry. Based on the development status of software industry, we probe into the countermeasures of software project risk management. Construct mature software companies; implement metrics program to support quantitative risk management; increase companies' scale, confront risk with large scale; strengthen research on risk management technology and enhance project managers' risk management consciousness. We will go into details of these perspectives from the viewpoint of software companies. © 2004 IEEE.

Badis Hammi,Sherali Zeadally

DOI: https://doi.org/10.1109/mc.2023.3273491

2023-07-01

Computer

Abstract:Software application development involves various actors and organizations in what is called the software supply chain. We discuss how we can achieve strong resilience of the software supply chain to cyberthreats and then propose a holistic end-to-end security approach for the software supply chain.

computer science, software engineering, hardware & architecture

Beatriz M. Reichert,Rafael R. Obelheiro

DOI: https://doi.org/10.1080/1206212x.2024.2390978

2024-08-21

International Journal of Computers and Applications

Abstract:In recent years, software supply chain security has attracted significant research attention. This research subject is concerned both with the security of infrastructures used to build software and deliver it to end users and with the security of software that contains external dependencies such as third-party packages and libraries, and its chief goal is to ensure that no vulnerabilities are introduced in the path between developers and users. This paper presents a Systematic Literature Review to identify knowledge gaps in software supply chain security. For this, we considered studies published between 2012 and 2023 in the search engines of IEEE Xplore, ACM Digital Library, Engineering Village, Scopus, and arXiv. Of the 2051 studies obtained in the primary survey, only 85 are relevant for this research. Analyzing the studies, we observed gaps such as little discussion of software supply chains that involve cloud components, few proposals focused on the software distribution process, and a lack of use of threat modeling frameworks to help identify threats to the supply chain and validate the results.

Wenjie Sun,Zheng Shan,Fudong Liu,Xingwei Li,Meng Qiao,Chunyan Zhang

DOI: https://doi.org/10.1088/1742-6596/1601/5/052020

2020-01-01

Journal of Physics Conference Series

Abstract:The supply of open source and open source components is growing at an alarming rate, while vulnerabilities in open source components are everywhere. Software supply chain analysis aims to discover third-party components and open source code used in a software, and analyze the software’s dependence on components. In this paper, we propose a software component analysis method and a known vulnerabilities detecting method. By scanning the open source components of the binary file and conducting vulnerability analysis, the known vulnerabilities are detected. This paper mainly solves the problem of detecting known vulnerabilities in the supply chain of binary files. We conducted a case analysis and achieved good results.

MA Jing-lia

Abstract:Supply chain is easily vulnerable to be influenced by internal and external environments because of the characteristics of multiple links,multiple participants,cross-boundary and other features,leading to the risk of supply chain. Therefore,based on complex network theory,we summed up the complex network characteristics of supply chain,analyzed the research status of network simulation analysis and complex network theory in supply chain network. Combining with the characteristics of complex network,we summed up the evaluation methods to the risk of supply chain on complex network from different scholars at home and abroad,proposed several open issues in researching risk communication in supply chain of complex network,and also proposed the research direction of supply chain risk management based on the theory of complex network,which can provide the direction for future research.

Computer Science,Business,Engineering

Chinenye Okafor,Taylor R. Schorlemmer,Santiago Torres-Arias,James C. Davis

2024-06-14

Abstract:This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain: transparency, validity, and separation. The paper describes current security approaches and maps them to the proposed security properties, including research ideas and case studies of supply chains in practice. It discusses the strengths and weaknesses of current approaches relative to known attacks and details the various security frameworks put out to ensure the security of the software supply chain. Finally, the paper highlights potential gaps in actor and operation-centered supply chain security techniques

Cryptography and Security,Software Engineering

Ahmed Akinsola,Abdullah Akinde

DOI: https://doi.org/10.5121/ijsc.2024.15201

2024-07-09

Abstract:This article delves into the strategic approaches and preventive measures necessary to safeguard the software supply chain against evolving threats. It aims to foster an understanding of the challenges and vulnerabilities inherent in software supply chain resilience and to promote transparency and trust in the digital infrastructure that underpins contemporary society. By examining the concept of software supply chain resilience and assessing the current state of supply chain security, the article provides a foundation for discussing strategies and practices that can mitigate security risks and ensure security continuity throughout the development lifecycle. Through this comprehensive analysis, the article contributes to the ongoing effort to strengthen the security posture of software supply chains, thereby ensuring the reliable and secure operation of digital systems in a connected world

Cryptography and Security

Maoyang Wang,Peng Wu,Qin Luo

DOI: https://doi.org/10.3390/math11234856

IF: 2.4

2023-12-02

Mathematics

Abstract:With the rapid growth of the software industry, the software supply chain (SSC) has become the most intricate system in the complete software life cycle, and the security threat situation is becoming increasingly severe. For the description of the SSC, the relevant research mainly focuses on the perspective of developers, lacking a comprehensive understanding of the SSC. This paper proposes a chain portrait framework of the SSC based on a resource perspective, which comprehensively depicts the threat model and threat surface indicator system of the SSC. The portrait model includes an SSC threat model and an SSC threat indicator matrix. The threat model has 3 levels and 32 dimensions and is based on a generative artificial intelligence model. The threat indicator matrix is constructed using the Attack Net model comprising 14-dimensional attack strategies and 113-dimensional attack techniques. The proposed portrait model’s effectiveness is verified through existing SSC security events, domain experts, and event visualization based on security analysis models.

mathematics

Ai Xu,Xiangpei Hu,Shufeng Gao

2010-01-01

Abstract:Supply chain management can bring high efficiency and profit to e-commerce enterprises, but how to identify and control the risks of the supply chain cannot be ignored. The paper elaborates the reasons and characteristics of supply chain risk for B2B e-commerce enterprises. Then it analyzes the critical risk factors of B2B e-commerce enterprises supply chain in detail and puts forward an approach based on fuzzy comprehensive evaluation.

CHENG Shu-ping,ZHANG De-hua,LI Zhen

DOI: https://doi.org/10.3969/j.issn.1007-3221.2012.04.034

2012-01-01

Abstract:The complexity of the project caused the universality of risks,and Risk Management is key problem in Construction Management.According to insufficient of traditional Risk Management,the paper re-examined Construction Risk from perspective of Construction Supply Chain(CSC),based on the construction life cycle.CSC is a complex system,composed by three sub-systems: Supplier Management,Supply Chain Operation Management and Manufacturers Management,and interruption and delayed risks are resulted by internal and external factors of system or sub-system,so there are six components of Construction Supply Chain Risk.In this paper,a framework of multidimensional identifying Construction Supply Chain Risk was built,risk sources are identified form the above six components and control strategies are proposed.

XU feng,HOU yun-zhang

DOI: https://doi.org/10.3969/j.issn.1001-8409.2013.06.027

2013-01-01

Soft Science

Abstract:This paper,from the view of the supply chain network risks,aims at analyzing the related risks of individual’s decision making in micro-level,dynamic supply chain network structure and its risks in macro-level.The relevant literatures are analyzed,and some key problems are proposed for future research.