Supply Chain Security Metrics
Research Contributions:
-
Identify weak links signals in the npm dependency graph.
-
Empirical evaluation of open-source software to identify actionable security practice metrics.
-
ML model to identify Which practices are most important to understand the relationship between security practices and vulnerability counts.
-
A Software Supply Chain Risk Assessment Framework (SSCRAF) to assess and evaluate the risk of software products.
