Enhancing Software Supply Chain Security Workshop Position Paper: On Minimum Requirements for Testing Software Source Code

Abstract

Analyzing practices and risks, particularly by looking at the wealth of metadata associated with software repositories, is a scalable and powerful approach to assessing software supply chain security. This approach addresses two key questions for software supply chains: 1. Are there identifiable supply chain attacks present in this repository currently? 2. Does this repository follow good software development practices which reduce the risk of vulnerabilities or supply chain.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 02, 2021
Accession Number
AD1156890

Entities

People

  • Andrew A. Lilley Brinker
  • Andrew Buttner

Organizations

  • MITRE Corporation

Tags

Communities of Interest

  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Abstracts
  • Acquisition
  • Air Force
  • Computer Programming
  • Computer Programs
  • Contracts
  • Corporations
  • Department Of Defense
  • Digital Information
  • Governments
  • Information Security
  • Metadata
  • National Governments
  • Open Source Software
  • Organizational Structure
  • Procurement
  • Security
  • Software Assurance
  • Software Development
  • Storage
  • Supply Chain
  • Supply Chain Integrity
  • Vulnerability

Fields of Study

  • Computer science
  • Engineering

Readers

  • Cybersecurity.
  • Theoretical Analysis.