Counting Broken Links: A Quants View of Software Supply Chain Security
Abstract
"Without data, you're just another person with an opinion."
—W. Edwards Deming
It is tempting to tune out the cyberattack news cycle, dismissing the seemingly random assortment of reported attacks as nothing more than chance encounters of lucky defenders with unlucky attackers. It is easy to see the noise. It takes more effort—what amounts to digital wading—to find the signal, especially when dealing with public reporting on cyberattacks, but wade we did to assess the extent of software supply chain attacks. These attacks prey on the trust that makes code reuse possible and that produces the modern software cornucopia enjoyed by software developers and consumers alike.
BIOS
John Speed Meyers is a Data Scientist in IQT Labs and a researcher who focuses on cybersecurity, especially network traffic analysis and software supply chain security. He holds a PhD in policy analysis from the Pardee RAND Graduate School. He’s ambivalent about computers.
Bentz Tozer is a Senior Member of Technical Staff in In-QTel’s Cyber Practice, where he identifies and works with startups with the potential for high impact on national security. In previous roles, he has performed security research and software development with a focus on IoT devices and embedded systems. He has a PhD in systems engineering from George Washington University.