International Association of Engineers
Now-a-days, software supply chain participants have become international distributors, which make software supply chain more and more complex. This complexity makes manager understand, acquire, monitor and manage software supply chain products and processes more difficult than ever, and then relevant security problems happen, such as software with security holes. But most of security problems are different from other supply chains. Therefore, based on system's perspective and current several analysis methods of software supply chain, the paper analyzes and summarizes software supply chain risks, software supply chain risk management methods, and puts forward some basic risk management practices to protect software supply chain's security.