Understanding security challenges in the software supply chain through causal relationships
Aylin Adem, Erman Çakıt, Metin Dağdeviren, Beata Mrugalska, Waldemar Karwowski

TL;DR
This paper explores how different security challenges in software supply chains are connected, identifying key issues that need focused attention to improve cybersecurity.
Contribution
The study introduces a novel analysis of interrelated security challenges in the software supply chain using the DEMATEL technique.
Findings
Insecure software distribution mechanisms are a top challenge in software supply chain security.
Lack of continuous monitoring and incident response capabilities significantly weakens security.
Complex and diverse cyber-attacks pose growing threats to software supply chain integrity.
Abstract
In recent years, the Software Supply Chain (SSC) has become a key target for cyberattacks due to its complex structure and dependence on third-party and open-source components. These attacks pose serious risks to the integrity and security of software systems. While many studies have explored solutions to specific security issues in the SSC, the relationships among the barriers to achieving robust security have not been comprehensively analyzed—particularly in the context of SSC security challenges using the Decision-Making Trial and Evaluation Laboratory (DEMATEL) technique. This study addresses this gap by identifying and analyzing the major challenges that weaken SSC security. To do this, the DEMATEL method was used to explore how different security challenges affect each other. Ten key challenges were identified based on a detailed literature review. The findings indicated that the…
Genes, proteins, chemicals, diseases, species, mutations and cell lines named across the full text — each resolved to its canonical identifier and authoritative record.
Click any figure to enlarge with its caption.
Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7
Figure 8
Figure 9
Figure 10
Figure 11
Figure 12
Figure 13
Figure 14
Figure 15
Figure 16
Figure 17Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security · Supply Chain Resilience and Risk Management · Software Engineering Techniques and Practices
