{"id":750295,"date":"2021-06-01T15:44:34","date_gmt":"2021-06-01T22:44:34","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/?post_type=msr-project&#038;p=750295"},"modified":"2024-04-03T10:34:50","modified_gmt":"2024-04-03T17:34:50","slug":"supply-chain-security","status":"publish","type":"msr-project","link":"https:\/\/www.microsoft.com\/en-us\/research\/project\/supply-chain-security\/","title":{"rendered":"Supply Chain Security"},"content":{"rendered":"<section class=\"mb-3 moray-highlight\">\n\t<div class=\"card-img-overlay mx-lg-0\">\n\t\t<div class=\"card-background  has-background-grey card-background--full-bleed\">\n\t\t\t\t\t<\/div>\n\t\t<!-- Foreground -->\n\t\t<div class=\"card-foreground d-flex mt-md-n5 my-lg-5 px-g px-lg-0\">\n\t\t\t<!-- Container -->\n\t\t\t<div class=\"container d-flex mt-md-n5 my-lg-5 align-self-center\">\n\t\t\t\t<!-- Card wrapper -->\n\t\t\t\t<div class=\"w-100 w-lg-col-5\">\n\t\t\t\t\t<!-- Card -->\n\t\t\t\t\t<div class=\"card material-md-card py-5 px-md-5\">\n\t\t\t\t\t\t<div class=\"card-body \">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/www.microsoft.com\/en-us\/research\/group\/research-for-industry\/\" class=\"icon-link icon-link--reverse mb-2\" data-bi-cN=\"Research for Industry\">\n\t\t\t\t\t\t\t\t\t<span class=\"c-glyph glyph-chevron-left\" aria-hidden=\"true\"><\/span>\n\t\t\t\t\t\t\t\t\tResearch for Industry\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\n\n<h1 class=\"wp-block-heading h2\" id=\"supply-chain-security\">Supply Chain Security<\/h1>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n<\/section>\n\n\n\n\n\n<p>The software industry has been transitioning to continuous deployment practices which require complex build and deployment processes. In parallel, the software industry has increased the use of open-source software and processes, all of which are continually evolving. These changes have opened up a new attack vector, as demonstrated by SolarWinds, emphasizing the urgent need to identify how to ensure the security of the complete software supply chain.<\/p>\n\n\n\n<p>In this project, we build tools and techniques to secure the software supply chain. This project is focused on:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>data-driven tools that share information between tools and processes and leverage artificial intelligence and machine learning, <\/li>\n\n\n\n<li>the complete life cycle of the supply chain, allowing knowledge to be passed between tools, processes, and repositories, and <\/li>\n\n\n\n<li>the human aspects of applying security tools, through a focus on the real-world effectiveness of the tools. <\/li>\n<\/ol>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n","protected":false},"excerpt":{"rendered":"<p>This project is focused on building tools and techniques to secure the software supply chain.<\/p>\n","protected":false},"featured_media":482577,"template":"","meta":{"msr-url-field":"","msr-podcast-episode":"","msrModifiedDate":"","msrModifiedDateEnabled":false,"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"research-area":[13560,13558],"msr-locale":[268875],"msr-impact-theme":[],"msr-pillar":[],"class_list":["post-750295","msr-project","type-msr-project","status-publish","has-post-thumbnail","hentry","msr-research-area-programming-languages-software-engineering","msr-research-area-security-privacy-cryptography","msr-locale-en_us","msr-archive-status-active"],"msr_project_start":"","related-publications":[158160,158888,160082,750325,841966],"related-downloads":[],"related-videos":[],"related-groups":[144672,144860,714067],"related-events":[],"related-opportunities":[],"related-posts":[],"related-articles":[],"tab-content":[],"slides":[],"related-researchers":[{"type":"user_nicename","display_name":"Ranveer Chandra","user_id":33344,"people_section":"Section name 0","alias":"ranveer"},{"type":"user_nicename","display_name":"Riyaz Pishori","user_id":42312,"people_section":"Section name 0","alias":"riyazp"}],"msr_research_lab":[199561,199565],"msr_impact_theme":[],"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/750295","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/types\/msr-project"}],"version-history":[{"count":6,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/750295\/revisions"}],"predecessor-version":[{"id":1021965,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/750295\/revisions\/1021965"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media\/482577"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media?parent=750295"}],"wp:term":[{"taxonomy":"msr-research-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/research-area?post=750295"},{"taxonomy":"msr-locale","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-locale?post=750295"},{"taxonomy":"msr-impact-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-impact-theme?post=750295"},{"taxonomy":"msr-pillar","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-pillar?post=750295"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}