• Research on network security v...

*Result*: Research on network security vulnerability risk contagion in software supply chain based on system dynamics.

Title:
Research on network security vulnerability risk contagion in software supply chain based on system dynamics.
Authors:
Cai H; Sino-British College, University of Shanghai for Science and Technology, Shanghai, China., Xiong Q; School of Management, Jiangsu University, Zhenjiang, Jiangsu, China., Lian S; School of Management, Jiangsu University, Zhenjiang, Jiangsu, China.
Source:
PloS one [PLoS One] 2025 Nov 21; Vol. 20 (11), pp. e0335128. Date of Electronic Publication: 2025 Nov 21 (Print Publication: 2025).
Publication Type:
Journal Article
Language:
English
Journal Info:
Publisher: Public Library of Science Country of Publication: United States NLM ID: 101285081 Publication Model: eCollection Cited Medium: Internet ISSN: 1932-6203 (Electronic) Linking ISSN: 19326203 NLM ISO Abbreviation: PLoS One Subsets: MEDLINE
Imprint Name(s):
Original Publication: San Francisco, CA : Public Library of Science
MeSH Terms:
Computer Security* , Software*, Humans ; Computer Simulation ; Models, Theoretical
References:
IEEE Trans Cybern. 2019 May;49(5):1979-1986. (PMID: 29993854)
Sci Rep. 2023 Sep 13;13(1):15109. (PMID: 37704659)
Entry Date(s):
Date Created: 20251121 Date Completed: 20251121 Latest Revision: 20251124
Update Code:
20260130
PubMed Central ID:
PMC12637968
DOI:
10.1371/journal.pone.0335128
PMID:
41270065
Database:
MEDLINE

*Further Information*

*Software supply chains have emerged as a critical battleground in cyberspace security, with their compromise posing direct threats to critical infrastructure and information systems. The inherent multi-level structures and complex interdependencies among supply chain entities have introduced novel challenges in network and information security. This study investigates the contagion mechanisms of information security risks in software supply chains, aiming to identify key factors influencing risk propagation and evaluate effective defense strategies under multi-layer network conditions. We employ system dynamics (SD) modeling to construct a risk contagion framework for software supply chains, incorporating multi-layer network structures. Dynamic simulations are conducted to analyze risk transmission patterns under different attack and defense scenarios. The simulation results show that the risk transmission rate of software supply chain information security is influenced by the attack path. As compared to random attacks, selective attacks result in a faster risk transmission. In terms of defense strategy, increasing information security investment and improving the level of software quality are more effective for defense against random attacks. In terms of governance measures, increasing technological progress is more effective as compared to reducing the vulnerability rate. The results show that the marginal benefits of the technological progress rate show a decreasing trend. The study quantitatively validates the cascading effects of security risks in multi-layer supply chain networks and provides actionable insights and establishes a system dynamics foundation for predictive risk assessment in complex software supply chain ecosystems.
(Copyright: © 2025 Cai et al. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.)*

*The authors have declared that no competing interests exist.*