Submission deadline: 15 February 2022
Publication: October 2022
A software supply chain (SSC) is the sequence of events required to analyze, design, and deliver a software service or product. Although there are similar challenges with SSCs as there are in traditional supply chains–such as outsourcing, risk analysis, and managing relationships–SSCs come with unique challenges that can be more difficult to manage.
An effective and optimized SSC is critical to the success of not only the organization but also its customers. Consider the case of security; there has been a 430% increase in SSC attacks. In the recent SolarWinds attack, a simple customer software update delivery also included a devastating virus. This infected update reached 425 of 500 US Fortune 500 companies, which included telecommunication companies, accounting firms, government, and academic institutions.
Malicious actors are also finding ways to compromise the tools and open source packages used by software developers. Part of the SSC process is making sure the code being developed satisfies the critical requirements of the software. Depending on the scale of the project, this process may include managing software development tools and processes to track and achieve numerous requirements (both functional and not), multiple developers, and unique delivery modes, such as open source, in which the quality and security of the software will be even more difficult to manage.
Just as in a traditional supply chain, once the product is complete, there is also marketing, sales, and retailers that require integration and management. Delivering the software internationally will bring an additional level of challenges such as compliance, translation, and vulnerabilities.
The goal of this special issue is to improve the state of the art and bring together the latest advances, experiences, findings, and developments related to SSCs. We invite novel, innovative, and exciting contributions relating to SSCs. Topics of interest for this special issue include (but are not limited to):
- SSC security
- SSC management
- SSC attacks
- SSC strategies
- SSC scalability and performance
- SSCs and e-business
- SSCs and open source
- SSC best practices
- SSC tools
Only submissions that describe previously unpublished, original, state-of-the-art research and that are not currently under review by a conference or journal will be considered. Extended versions of conference papers must be significantly different (e.g., 50%) from the original conference works.
Feature articles should be no longer than 4,200 words and have no more than 20 references (with tables and figures counting as 300 words each). Illustrations and figures must be camera-ready—they will not be edited and will appear exactly as you submit them.
Submissions are subject to peer review on both technical merit and relevance to Computer’s readership. Articles should be understandable by a broad audience of computer science and engineering professionals, avoiding a focus on theory, mathematics, jargon, and abstract concepts. Accepted papers will be lightly edited for grammar and formatting.
Please direct any correspondence before submission to the guest editors at firstname.lastname@example.org.
Joanna F. DeFranco, Penn State University (USA)
Nir Kshetri, The University of North Carolina at Greensboro (USA)