Every single piece of software running on every computing device today is produced through a complex supply chain that often involves a myriad of individuals and spans multiple organizations and administrative domains. Recent attacks on the software supply chain, such as Solarwinds, Log4j, Codecov and colors (npm) have highlighted the challenges and the current limitations to safely consume, vet, and maintain third-party software at scale.

Addressing the technical and social challenges to building trustworthy software for deployment in sensitive and/or large-scale enterprise or governmental settings requires innovative solutions and an interdisciplinary approach. The workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED) is a venue that brings together industry practitioners, academics, and policymakers to present and discuss security vulnerabilities, novel defenses against attacks, project demos, adoption requirements and best practices in the software supply chain.

Important Dates