S3C2 Summit 2024-03: Industry Secure Supply Chain Summit

TL;DR

This paper summarizes the discussions and insights from the S3C2 Summit 2024, focusing on industry practices and collaboration to enhance supply chain security in the open source ecosystem.

Contribution

It provides an overview of expert opinions, best practices, and future directions in supply chain security based on summit discussions.

Findings

Industry consensus on best practices

Identified challenges in supply chain security

Proposed collaborative approaches for improvement

Abstract

Supply chain security has become a very important vector to consider when defending against adversary attacks. Due to this, more and more developers are keen on improving their supply chains to make them more robust against future threats. On March 7th, 2024 researchers from the Secure Software Supply Chain Center (S3C2) gathered 14 industry leaders, developers and consumers of the open source ecosystem to discuss the state of supply chain security. The goal of the summit is to share insights between companies and developers alike to foster new collaborations and ideas moving forward. Through this meeting, participants were questions on best practices and thoughts how to improve things for the future. In this paper we summarize the responses and discussions of the summit. The panel questions can be found in the appendix.