Research on Security Risk Identification and Evaluation in Open-Source Software Supply Chain

Research on Security Risk Identification and Evaluation in Open-Source Software Supply Chain

연구 분야: Safety

학회: DMIT '25: Proceedings of the 2025 International Conference on Digital Management and Information Technology

This article provides an inclusive investigation on the present research exploration in identifying the security risks in open source software supply chains. Additionally, it emphasizes on threat classification techniques involving machine learning and graph neural networks. These techniques support in the effectual detection of hazardous elements and inconsistent chain activity. The accuracy and timeliness of the risk classifications help in improving the platforms that depend on software behavior analysis and threat intelligence. There are few features such as difficulties in data acquisition, model complexity, and insufficient generalization capabilities that are considered as the challenges in research works carried out. These may have impact on the training of the model and their real-time applications. The study suggests a number of improvement techniques to deal with these problems. The refinement techniques are preprocessing data from various data sources, using fusion technologies between open source software and artificial intelligence, and building security risk identification models using graph attention networks. This solicits to progress with system proficiency, improve data eminence, and strengthen supply channels for open source software. The research discussed in this article offers a thorough viewpoint and in-depth analysis of the software chain. It also highlights existing gaps in current knowledge and suggests detailed refinements to advance supply chain security in open-source software.