【英文】CSIAC报告：人工智能在保护美国国防工业基础软件供应链中的应用（48页）

英文研究报告 2024年04月22日 12:46 管理员

Managing the intricate and diverse supply chain within the U.S. government involves a heavy reliance on an extensive and varied network of suppliers and vendors for software components. This dependence introduces a range of challenges in ensuring the security of these software components. To address these software supply chain (SSC) security challenges effectively, a combination of technical solutions, robust security practices, collaboration among stakeholders, and adherence to industry standards is essential. Prioritizing SSC security is critical for organizations to mitigate risks and safeguard against potential vulnerabilities and attacks. Unfortunately, federal entities often lack complete visibility into their SSCs, including information about the origin, integrity, and security of both packet and precursor components. This lack of visibility makes it challenging to identify and mitigate risks and vulnerabilities. Furthermore, reliance on thirdparty vendors introduces additional risks related to the security practices and integrity of provided software components.