English

Proactive Software Supply Chain Risk Management Framework (P-SSCRM)

Cryptography and Security 2025-05-16 v4

Abstract

The Proactive Software Supply Chain Risk Management Framework (P SSCRM) described in this document is designed to help you understand and plan a secure software supply chain risk management initiative. P SSCRM was created through a process of understanding and analyzing real world data from nine industry leading software supply chain risk management initiatives as well as through the analysis and unification of ten government and industry documents, frameworks, and standards. Although individual methodologies and standards differ, many initiatives and standards share common ground. P SSCRM describes this common ground and presents a model for understanding, quantifying, and developing a secure software supply chain risk management program and determining where your organization's existing efforts stand when contrasted with other real world software supply chain risk management initiatives.

Keywords

Cite

@article{arxiv.2404.12300,
  title  = {Proactive Software Supply Chain Risk Management Framework (P-SSCRM)},
  author = {Laurie Williams and Sammy Migues and Jamie Boote and Ben Hutchison},
  journal= {arXiv preprint arXiv:2404.12300},
  year   = {2025}
}

Comments

17 pages, 3 figures, 2 tables, will not be submitted to a conference

R2 v1 2026-06-28T15:58:55.411Z