Published July 10, 2022 | Version 1.0.0
Technical note Open

Supply Chain Threats in Software Industry Caused by Geo Political Influences and Business Model Changes

  • 1. ZORALab Enterprise

Description

Developing software since year 2005 was as easy and seamless as using a free pricing version control service provider such as but not limited to Bitbucket, GitHub, and GitLab. These service providers serve the global market easily by facilitating all-in-one facilities from development to product distribution of both source codes and compiled software archives. In fact, new generation software supply chain tools like Homebrew, Go Module, Ruby Bundle, and etc. are almost entirely developed surrounding these service providers, making software distributions seamlessly easy. However, such conveniences had made the global software supply chain (also known as "dependencies" or "dependencies of dependencies") overly centralized to a country or a single origin source where it can be weaponized by the politicians or the business owners themselves. This makes any software developers residing outside of the service provider’s country of origin or deeply locked into the vendor's services completely vulnerable and are forcefully to comply with laws and political norms they are not residing in and originated from. This is especially true for those who are from a country unfavorable to those country of origin.

 

This paper specifically addresses such supply chain vulnerability in software industry from both residences and non-residences of the service provider's country of origin and the consequences of such vulnerability when overlooked. The paper also explores current known methods to mitigate such vulnerability that is compatible for both types of developers.

Files

Picture-4p2p1.png

Files (448.0 kB)

Name Size Download all
md5:4e70309919d22d05857cbbf4762edcd7
86.4 kB Preview Download
md5:740ef19a803c07ecb81577fa99d5c7b8
52.5 kB Preview Download
md5:9bf5ec972bcbb46f5cca66639c3197f0
309.1 kB Preview Download

Additional details

References