The commercial software publishing sector generated AU$5.4 billion in revenue in 2020 year for the Australian economy. Which is expected to grow by 10.7% between 2021 and 2026. It is estimated that around 90% of commercial software products are also actively employing Open-Source Software (OSS) components. Open source in this case, refers to software where the owner grants a free license-for-use to others. Software creators employ these components to improve productivity, save on development time and provide a large amount of flexibility. The use of these components, however, can also build up long, complex and sometimes opaque supply chains. For example, a vendor can provide a component which itself is employing several OSS components, each of which in turn, is employing other OSS components. The end customer is seldom aware of the entire chain, instead relying on trust that the supplier has performed all necessary checks and maintains proper security controls. This trust however is also leading to a new range of security issues that exploit the reliance between vendors and customers. These security issues, dubbed “Supply Chain Attacks” are increasing, with 929 reported between July 2019 and May 2020, a 430% year on year increase.
This research titled “Software supply chain protection using statistical analysis of development behaviour” seeks to investigate if it is possible to classify GitHub code commits that fall outside normal development patterns. Once classified as an outlier, this could indicate that the commit requires some additional scrutiny and security review The project is being undertaken as part of the requirements of a PhD course at Edith Cowan University, Western Australia.
If you are contributing to one of the projects selected for this study, please read the Participant Information Letter and notify the researcher via email should you wish your data to be excludes from the study. You must do this before 8th May 2022 after which time the data will be collated. All identifying information about your contribution will be anonymised.
To Opt-out email rgreene0@ecu.edu.au with your GitHub username and all data will be removed.
Final results and details will be available from this site, expected June/July 2022.