Software supply chain: review of attacks, risk assessment strategies and security controls
Software supply chain: review of attacks, risk assessment strategies and security controls
The software product is a source of cyber-attacks that target organizations by using their software supply chain as a distribution vector. As the reliance of software projects on open-source or proprietary modules is increasing drastically, SSC is becoming more and more critical and, therefore, has attracted the interest of cyber attackers. While existing studies primarily focus on software supply chain attacks' prevention and detection methods, there is a need for a broad overview of attacks and comprehensive risk assessment for software supply chain security. This study conducts a systematic literature review to fill this gap. We analyze the most common software supply chain attacks by providing the latest trend of analyzed attacks, and we identify the security risks for open-source and third-party software supply chains. Furthermore, this study introduces unique security controls to mitigate analyzed cyber-attacks and risks by linking them with real-life security incidence and attacks.
Software Supply Chain, Security, Risk, Attack, Security Controls
Gokkaya, Betul
7c7964ae-106f-4f4f-8ea4-01fb4c65caac
Aniello, Leonardo
9846e2e4-1303-4b8b-9092-5d8e9bb514c3
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
23 May 2023
Gokkaya, Betul
7c7964ae-106f-4f4f-8ea4-01fb4c65caac
Aniello, Leonardo
9846e2e4-1303-4b8b-9092-5d8e9bb514c3
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
[Unknown type: UNSPECIFIED]
Abstract
The software product is a source of cyber-attacks that target organizations by using their software supply chain as a distribution vector. As the reliance of software projects on open-source or proprietary modules is increasing drastically, SSC is becoming more and more critical and, therefore, has attracted the interest of cyber attackers. While existing studies primarily focus on software supply chain attacks' prevention and detection methods, there is a need for a broad overview of attacks and comprehensive risk assessment for software supply chain security. This study conducts a systematic literature review to fill this gap. We analyze the most common software supply chain attacks by providing the latest trend of analyzed attacks, and we identify the security risks for open-source and third-party software supply chains. Furthermore, this study introduces unique security controls to mitigate analyzed cyber-attacks and risks by linking them with real-life security incidence and attacks.
Text
2305.14157v1
- Author's Original
More information
Published date: 23 May 2023
Keywords:
Software Supply Chain, Security, Risk, Attack, Security Controls
Identifiers
Local EPrints ID: 503718
URI: http://eprints.soton.ac.uk/id/eprint/503718
PURE UUID: 305d0a1e-14af-4d2c-a353-5838e67e2ed0
Catalogue record
Date deposited: 11 Aug 2025 16:53
Last modified: 22 Aug 2025 02:28
Export record
Altmetrics
Contributors
Author:
Betul Gokkaya
Author:
Leonardo Aniello
Author:
Basel Halak
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics