A Risk Analysis of Software Dependencies for the AI/ML Supply Chain

Abstract

Artificial intelligence (AI) and machine learning (ML) offer new capabilities for the overall technology ecosystem. As it forms the foundation for new technology, the security of a final software product depends greatly on that of the underlying supply chain, including its software dependencies. This study examines a portion of the supply chain for AI/ML by mapping the dependencies of a select sample of ML libraries for vulnerabilities. We search for a relationship between the depth of a dependency within a sample library's dependency tree and the amount of vulnerabilities discovered within the corresponding library's supply chain. We consider multiple development tools and libraries and their software dependencies, all of which exist as open-source software. Understanding the potential risks, vulnerabilities, and dependency relationships present in the development supply chain will inform further efforts to securely develop AI/ML products and secure its supply chain.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2023
Accession Number
AD1224368

Entities

People

  • Alexander S. Tum

Organizations

  • Naval Postgraduate School

Tags

Fields of Study

  • Computer science
  • Engineering

Readers

  • Logistics and Supply Chain Management.
  • Neural Network Machine Learning.
  • Software Engineering.

Technology Areas

  • AI & ML
  • AI & ML - DoD AI Strategy