Secure Chain: A Knowledge Graph for Resilient, Trustworthy, and Secure Software Supply Chains
Primary Investigator:
Tianyi Zhang
Yifeng Di, Hadi Askari, Shushan Arakelyan, Xiangyu Zhang, Xiang Ren, Muhao Chen, Tianyi Zhang
Abstract
Software is now integral to critical U.S. infrastructures, with
software supply chains supporting rapid development but also
increasing risks. Bugs, vulnerabilities, or unauthorized changes
in upstream components can propagate downstream, posing
significant threats. We propose a comprehensive knowledge graph that models
the relationships between software, hardware, vulnerabilities,
and other entities in software supply chains. It captures rich,
up-to-date information about software components in
heterogeneous software ecosystems to support secure and
transparent management of software supply chains.