Every single piece of software running on every computing device today is produced through a complex supply chain that often involves a myriad of individuals and spans multiple organizations and administrative domains. Recent attacks on the software supply chain have shed light on the fragility and importance of ensuring the security and integrity of this vital ecosystem. Addressing the technical and social challenges to building trustworthy software for deployment in sensitive and/or large-scale enterprise or governmental settings requires innovative solutions and an interdisciplinary approach. The workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED) is the leading venue for industry practitioners, academics, and policymakers to present and discuss security vulnerabilities, novel defenses against attacks, deployment experiences, adoption requirements and best practices in the software supply chain.

Value Statement

Recent supply-chain attacks, such as Solarwinds, Log4j, Codecov and colors (npm) have highlighted the challenges and the current limitations to safely consume, vet, and maintain third-party software at scale. In 2021, the US government issued a call for proposals to the community to foster ideas and discussions, but more interdisciplinary collaboration is needed to address this problem. SCORED is the first academic venue focused solely on software supply chain security challenges and solutions. Hosting SCORED as part of ACM CCS seeds further collaboration between academics, government, industry and the open source community, enabling work that is scientifically sound, intellectually novel, and grounded in practicality to solve pressing challenges in this area. By publishing proceedings in this space, SCORED also aids in crystallizing current knowledge to help all stakeholders drive innovation from a common understanding.

Important Dates

Past Workshops

2023 2022