New Paper in IEEE: Continuous Verification of Open Source Components in a World of Weak Links

I published a research paper titled "Continuous Verification of Open Source Components in a World of Weak Links" available through IEEE.

The paper addresses security risks in open source software, noting that 99% of today's software utilizes open source. These next-generation supply chain attacks have increased 430% in the last year.

The work presents six continuous verification controls that enable organizations to make data-driven decisions and mitigate breaches. In case studies, the controls identified high levels of risk immediately even though the package is widely used and has over 7 million downloads a week.

Dissertation Proposal Defended

I defended my dissertation proposal at the University of Colorado at Colorado Springs. My research focuses on supply chain security threats in open source software.

We are heading for a perfect storm, making open source software poisoning and next-generation supply chain attacks much easier to execute, which could have major implications for organizational security postures.

99% of modern software contains open source components, and supply chain attacks have increased 430% annually according to Sonatype.

My Top 5 Research Tools for Computer Science

1. Zotero - Zotero provides an easy way to manage bibliographies and includes easy export for Bibtex.

2. Overleaf - Overleaf is a great tool for working with LaTex. It provides a web based editor for individuals or teams to work on documents.

3. GitHub - GitHub provides Git repositories for team collaboration.

4. Student Developer Pack - The student developer pack from GitHub provides tons of goodies from companies like Amazon Web Services, Data Dog, Digital Ocean and others.

5. Google Scholar - Google Scholar provides great resources for researchers. Everything from research papers to H-index and conference rankings.