LAGOON Final Report / Demonstration, Including OSS Contributor Ascendency
Abstract
DoD applications continue to rely on Open Source Software (OSS) for economic and labor force purposes. Ensuring the supply-chain integrity of these dependencies is crucial for the security of downstream applications. The LAGOON project has resulted in a brand-new, open source platform which helps analysts understand OSS communities from a social-oriented security perspective. Focusing on the observable artifacts produced within these communities, LAGOON provides a full suite of tools for ingesting different kinds of data, fusing it into a unified, sociotechnical and spatiotemporal graph, and then leveraging Machine Learning (ML)-enabled capabilities to help predict and prevent future attacks against OSS software that has real-world effects on downstream projects, all of which is shown in the figure below. The platform is currently designed to be an efficient tool for Observe, Orient, Decide, Act (OODA) loop scenarios, though a continuous integration version could be developed in the future.
Document Details
- Document Type
- Technical Report
- Publication Date
- Feb 24, 2022
- Accession Number
- AD1162746
Entities
Organizations
- Galois, Inc.