Edinburgh Napier University

  The way in which we develop and supply secure, trusted software is broken. The dominance of open-source software and the interconnectedness of software between organisations has raised cybersecurity risks in the software supply chain.

The Solarwinds, Kaseya and Notpetya attacks have cost companies and nation-states billions of dollars. Each of these incidents shares the same issue, which is that the attacks were possible because a threat actor managed to infiltrate and compromise software that was being developed by a software vendor in the long chain that exists from code being written to it being distributed to a customer. This is known as a software supply chain attack.

The software supply chain relates to developing and supplying software for use across all organisations and systems. This software supply chain needs to be managed by organisations that use software due to regulatory requirements and/or market pressure to ensure that their systems are not compromised, leading to potential financial or reputational loss.

Our solution aims to bring trust and transparency to the software supply chain. We will do this by bringing together a novel combination of blockchain, credential management and access control technologies.