"Software Supply Chain Security Risks Are Here: Are We Equipped to Act Accordingly? Purdue Tandem Tackles Thorny Cybersecurity Issue"
Two Purdue University researchers are working to combat the rising number of supply chain attacks, especially those targeting third-party software suppliers and vendors. Sabine Brunswicker, a professor of digital innovation and communication, is collaborating with Santiago Torres-Arias, an assistant professor of electrical and computer engineering, to gain a deeper understanding of the structure of software supply chains in order to develop countermeasures against cyberattacks resulting from the use of open source software. Google donated $200,000 to Brunswicker and Torres-Arias in support of their research in this area. A supply chain attack is the breach of goods, services, or technology supplied by a vendor to a customer, which poses a risk to the customer base. The prevalence of such attacks has prompted the development of methods to improve the security posture of software companies. As open source components are present throughout the software lifecycle, the researchers emphasize the need for organizations to first secure their open source software. Using the funding from Google, one of the key factors the Purdue University researchers are focusing on is developing tools to mine software supply chain data in real-time to create and use models that quantify and predict software supply chain risks. In addition, they will create a platform that is accessible to the public and incorporates tools that can help inform and enable early action to mitigate risks and prevent future software supply chain attacks. This article continues to discuss the Purdue University researchers building on new funding from Google to find solutions to tackle digital supply chain software attacks.