Gateway to Think Tanks
来源类型 | Report |
规范类型 | 报告 |
DOI | https://doi.org/10.7249/PEA2072-1 |
来源ID | PE-A2072-1 |
Disclosure of Software Supply Chain Risks | |
Sasha Romanosky; Jonathan W. Welburn | |
发表日期 | 2022-05-26 |
出版年 | 2022 |
页码 | 12 |
语种 | 英语 |
摘要 | The nation's reliance on computer software to run and manage critical business services has increased dramatically over many decades and only continues to grow. But with this reliance comes risk. The increasing rate of and impact from the exploitation of software vulnerabilities has caused billions of dollars of damage and losses to thousands of companies across the world. And the malicious compromise — or even accidental failure — of software threatens firms across all industries throughout the United States. Moreover, it has become increasingly true that modern software applications are built on a foundation of third-party and open-source software components, developed by thousands of professional and volunteer contributors across the world. This complexity and decentralized nature of the modern software ecosystem mean that firms are more separated from the oversight of the software that runs their businesses and increasingly exposed to risks because of this expanding software supply chain. Although many federal government agencies are vocal in addressing this issue in their own way, the U.S. Securities and Exchange Commission (SEC) has been relatively quiet. This Perspective presents a set of proposed disclosure rules that the SEC could implement to help address software supply chain security. |
主题 | Critical Infrastructure Protection ; Cybersecurity ; Data Science ; Supply Chain Management |
URL | https://www.rand.org/pubs/perspectives/PEA2072-1.html |
来源智库 | RAND Corporation (United States) |
引用统计 | |
资源类型 | 智库出版物 |
条目标识符 | http://119.78.100.153/handle/2XGU8XDN/525047 |
推荐引用方式 GB/T 7714 | Sasha Romanosky,Jonathan W. Welburn. Disclosure of Software Supply Chain Risks. 2022. |
条目包含的文件 | ||||||
文件名称/大小 | 资源类型 | 版本类型 | 开放类型 | 使用许可 | ||
RAND_PEA2072-1.pdf(157KB) | 智库出版物 | 限制开放 | CC BY-NC-SA | 浏览 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。