Authors: Laurie Williams, Sammy Migues, Jamie Boote, Ben Hutchison

Published on: April 18, 2024

Impact Score: 7.8

Arxiv code: Arxiv:2404.12300

Summary

• What is new: P SSCRM integrates and unifies insights from leading software supply chain risk management initiatives and several government and industry standards, offering a unique, comprehensive framework.
• Why this is important: The lack of a unified framework that synthesizes the best practices and standards for managing risks in software supply chains.
• What the research proposes: Creation of the P SSCRM, a framework that distills common principles from existing initiatives and standards to aid organizations in developing robust software supply chain risk management programs.
• Results: P SSCRM provides a model for understanding, quantifying, and improving secure software supply chain management, enabling organizations to evaluate and enhance their risk management initiatives in line with industry best practices.

Technical Details

Technological frameworks used: P SSCRM Framework

Models used: Quantitative and qualitative models for risk assessment and management

Data used: Data from nine industry-leading initiatives and analysis of ten government and industry documents, frameworks, and standards

Potential Impact

Software development and IT security companies, especially in sectors with critical infrastructure or high reliance on software integrity, may find strategic advantages or necessary adjustments in response to the insights from this paper.

Want to implement this idea in a business?

We have generated a startup concept here: SecuraChain.