# Understanding security challenges in the software supply chain through causal relationships

**Authors:** Aylin Adem, Erman Çakıt, Metin Dağdeviren, Beata Mrugalska, Waldemar Karwowski

PMC · DOI: 10.1371/journal.pone.0344098 · 2026-03-05

## TL;DR

This paper explores how different security challenges in software supply chains are connected, identifying key issues that need focused attention to improve cybersecurity.

## Contribution

The study introduces a novel analysis of interrelated security challenges in the software supply chain using the DEMATEL technique.

## Key findings

- Insecure software distribution mechanisms are a top challenge in software supply chain security.
- Lack of continuous monitoring and incident response capabilities significantly weakens security.
- Complex and diverse cyber-attacks pose growing threats to software supply chain integrity.

## Abstract

In recent years, the Software Supply Chain (SSC) has become a key target for cyberattacks due to its complex structure and dependence on third-party and open-source components. These attacks pose serious risks to the integrity and security of software systems. While many studies have explored solutions to specific security issues in the SSC, the relationships among the barriers to achieving robust security have not been comprehensively analyzed—particularly in the context of SSC security challenges using the Decision-Making Trial and Evaluation Laboratory (DEMATEL) technique. This study addresses this gap by identifying and analyzing the major challenges that weaken SSC security. To do this, the DEMATEL method was used to explore how different security challenges affect each other. Ten key challenges were identified based on a detailed literature review. The findings indicated that the three most significant challenges are insecure software distribution mechanisms, inadequate continuous monitoring and incident response capabilities, and the growing complexity and diversity of cyber-attacks. By visualizing the relationships between these challenges, this study clarifies where to focus security efforts. Solving root causes can lead to broader improvements across the entire software supply chain. The findings offer practical insights for decision-makers seeking to improve cybersecurity strategies in software development environments.

## Full-text entities

- **Diseases:** SSC (MESH:D007161), SBOM (MESH:D005119)
- **Chemicals:** SSC (-)
- **Species:** Homo sapiens (human, species) [taxon 9606]

## Figures

17 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12962526/full.md

---
Source: https://tomesphere.com/paper/PMC12962526