Panel Discussion: ML (for) Supply Chain Security: Promises, Pitfalls and Opportunities

Machine learning (ML) has become ubiquitous in assisting us in tasks as mundane as sending text messages and as critical as diagnosing cancer in patients. The emergence of generative AI (GenAI) over the past few years has opened further opportunities in other domains. For software development, in particular, there’s been a lot of recent talk about how GenAI shows promise for improving the security of tasks like coding, application testing and vulnerability analysis. Yet, the ML supply chain is itself not immune to vulnerabilities, raising questions about its ability to effectively enhance software security. At the same time, it has become especially important to address the major gaps in software supply chain security that would, in turn, benefit GenAI applications.

In this panel discussion, the speakers will share their perspectives on leveraging ML and GenAI for supply chain security, and discuss open challenges in addressing security gaps in the software and ML supply chain. Looking ahead, the speakers will also offer their thoughts on the main opportunities for academia and industry to collaborate on solutions, and their view of the evolving software and GenAI landscape.

Invited Panel Speakers

Mihai Maruseac, Google

Mihai Maruseac is a Staff Software Engineer at Google, where he leads the work on OSS AI Supply Chain Security as part of SAIF, as a member of Google’s OSS Security Team (GOSST). Previously, he helped in launching GUAC, an OpenSSF project to analyze and understand the software supply chain. Before joining GOSST, he worked on TensorFlow developer infrastructure and created the TensorFlow security team. Mihai has experience with AI, operating systems, differential privacy and functional programming – Haskell being his favorite programming language. He blogs at mihai.page, from time to time.

Sarah Evans, Dell

Sarah is a security innovation researcher at Dell Technologies, on the Product and Operations Global CTO Research & Development team. She focuses on innovation for secure technology adoption, especially functionality that improves security of AI systems and supply chains. Prior to Dell, Sarah has had roles at a large financial institution, the defense industry, a regional Midwest construction company, and as computer information systems faculty at Missouri State University. Sarah also contributes to OpenSSF, working with industry peers and open-source projects to secure the open source software supply chain. Sarah is based in Denver, Colorado.

Hai Phan, New Jersey Institute of Technology

Dr. Phan is an Associate Professor at the New Jersey Institute of Technology (NJIT) and a founding Data Science Department faculty member. Dr. Phan’s topic of interest mainly focuses on Trustworthy AI and ML, particularly natural language modeling, software engineering, computer vision, and health informatics applications. How to guarantee that AI can be applied responsibly with reliable outcomes in critical and commercial applications, e.g., code generation, in which privacy, robustness, fairness, and transparency are crucial to our society. Dr. Phan research was published at leading venues, including ACM CCS, IEEE S&P, ICML, ECML, AAAI, IJCAI, IEEE ICDM, IEEE PerCom, with an AAAI 2023 Distinguished Paper Award and several selected as best papers, i.e., IEEE SDS'22, IEEE ICDM’17, Springer CSoNet’19, Springer CSoNet’18, ACM BCB’15, IEEE/ACM ASONAM’15. Phan’s research has been generously supported by NSF and (long-term) industry partners, including Microsoft, Qualcomm Technology Inc., Adobe System Inc., and Wells Fargo.