Ідентифікація процесів кібербезпеки в ланцюгах постачання програмного забезпечення

Abstract

Розглянуто ідентифікацію процесів кібербезпеки в ланцюгах постачання програмного забезпечення (ПЗ).

The paper addresses cybersecurity in software supply chains, presenting a mathematical model based on set descriptions and dependency graphs for structured assessment of security risks and protective measures. The identification of cybersecurity processes in software supply chains is considered. A mathematical model based on set descriptions and dependency graphs is proposed, allowing for the structuring of security processes, risk assessment, and the implementation of protective measures. The study investigates the identification of cybersecurity processes within software supply chains. A mathematical model, based on multiple descriptions and dependency graphs, is presented, enabling a structured risk assessment and the implementation of protective measures. The analysis focuses on threats associated with component compromise at various stages of the software lifecycle, including open-source vulnerabilities, supply chain attacks, and threats arising during integration and deployment processes.