Global supply lines have been severely disrupted by the COVID-19 epidemic and the conflict between Russia and Ukraine, which has sharply increased the price of commodities and generated inflation. These incidents highlight how critical it is to improve supply chain resilience (SCRES) in order to fend off unforeseen setbacks. Controlling both internal and external interruptions, such as transportation problems brought on by natural catastrophes and wars, is the responsibility of SCRES. Enhancing resilience in supply chains requires accurate and timely information transfer. Promising answers to these problems can be found in the Metaverse and ChatGPT, two new digital technologies. The Metaverse may imitate real-world situations and offer dynamic, real-time 3D representations of supply chain data by integrating blockchain, IoT, network connection, and computer power.Large-scale natural language processing model ChatGPT improves communication and data translation accuracy and speed. To manage risk and facilitate decision making in Supply Chain management, firms should increase information transmission, Speed and quality. This study aim to show the importance of ChatGPT and Metaverse technologies to improve SCRES, with an emphasis on the most important criteria for SCRES, and maturity factor that can influence directly the SC development.
Software supply chain attacks have increased exponentially since 2020. The primary attack vectors for supply chain attacks are through: (1) software components; (2) the build infrastructure; and (3) humans (a.k.a software practitioners). Software supply chain risk management frameworks provide a list of tasks that an organization can adopt to reduce software supply chain risk. Exhaustively adopting all the tasks of these frameworks is infeasible, necessitating the prioritized adoption of tasks. Software organizations can benefit from being guided in this prioritization by learning what tasks other teams have adopted. The goal of this study is to aid software development organizations in understanding the adoption of security tasks that reduce software supply chain risk through an interview study of software practitioners engaged in software supply chain risk management efforts. An interview study was conducted with 61 practitioners at nine software development organizations that have focused efforts on reducing software supply chain risk. The results of the interviews indicate that organizations had implemented the most adopted software tasks before the focus on software supply chain security. Therefore, their implementation in organizations is more mature. The tasks that mitigate the novel attack vectors through software components and the build infrastructure are in the early stages of adoption. Adoption of these tasks should be prioritized.
While the transition to electric vehicles (EVs) is essential for decarbonizing the transportation system, the production and distribution of EVs entail substantial carbon costs. To ensure these emissions are accurately accounted for and effectively mitigated, this research introduces a digital twin of the EV's supply chain, addressing a critical gap in current EV life cycle analyses and providing the first comprehensive quantification of its environmental sustainability and resilience. This simulation model replicates global market dynamics and captures the complexity and uncertainty of the EV supply chain, enabling a thorough evaluation of its carbon footprint, sustainability, resilience, and what-if counterfactual scenarios for alternative market structures. The results reveal that average supply chain emissions range from 6.42 to 6.94 Kg e-CO2/KWh across different battery technologies. Additionally, the mass flow analysis shows unbalanced dependencies at all supply phases, with one geographical region significantly dominating the supply chain structure, highlighting the current supply chain architecture's low resilience and high vulnerability. In light of these findings, the study introduces an optimization model for hub and resource allocation configuration, effectively reducing vulnerability levels and supply chain emissions by up to 80%.
Patrick Herbke, Sid Lamichhane, Kaustabh Barman
et al.
Supply chain data management faces challenges in traceability, transparency, and trust. These issues stem from data silos and communication barriers. This research introduces DIDChain, a framework leveraging blockchain technology, Decentralized Identifiers, and the InterPlanetary File System. DIDChain improves supply chain data management. To address privacy concerns, DIDChain employs a hybrid blockchain architecture that combines public blockchain transparency with the control of private systems. Our hybrid approach preserves the authenticity and reliability of supply chain events. It also respects the data privacy requirements of the participants in the supply chain. Central to DIDChain is the cheqd infrastructure. The cheqd infrastructure enables digital tracing of asset events, such as an asset moving from the milk-producing dairy farm to the cheese manufacturer. In this research, assets are raw materials and products. The cheqd infrastructure ensures the traceability and reliability of assets in the management of supply chain data. Our contribution to blockchain-enabled supply chain systems demonstrates the robustness of DIDChain. Integrating blockchain technology through DIDChain offers a solution to data silos and communication barriers. With DIDChain, we propose a framework to transform the supply chain infrastructure across industries.
Supply chain networks are critical to the operational efficiency of industries, yet their increasing complexity presents significant challenges in mapping relationships and identifying the roles of various entities. Traditional methods for constructing supply chain networks rely heavily on structured datasets and manual data collection, limiting their scope and efficiency. In contrast, recent advancements in Natural Language Processing (NLP) and large language models (LLMs) offer new opportunities for discovering and analyzing supply chain networks using unstructured text data. This paper proposes a novel approach that leverages LLMs to extract and process raw textual information from publicly available sources to construct a comprehensive supply chain graph. We focus on the civil engineering sector as a case study, demonstrating how LLMs can uncover hidden relationships among companies, projects, and other entities. Additionally, we fine-tune an LLM to classify entities within the supply chain graph, providing detailed insights into their roles and relationships. The results show that domain-specific fine-tuning improves classification accuracy, highlighting the potential of LLMs for industry-specific supply chain analysis. Our contributions include the development of a supply chain graph for the civil engineering sector, as well as a fine-tuned LLM model that enhances entity classification and understanding of supply chain networks.
In the current global economy, supply chain transparency plays a pivotal role in ensuring this security by enabling companies to monitor supplier performance and fostering accountability and responsibility. Despite the advancements in supply chain relationship datasets like Bloomberg and FactSet, supply chain transparency remains a significant challenge in emerging economies due to issues such as information asymmetry and institutional gaps in regulation. This study proposes a novel approach to enhance supply chain transparency in emerging economies by leveraging online content and large language models (LLMs). We develop a Supply Chain Knowledge Graph Mining System that integrates advanced LLMs with web crawler technology to automatically collect and analyze supply chain information. The system's effectiveness is validated through a case study focusing on the semiconductor supply chain, a domain that has recently gained significant attention due to supply chain risks. Our results demonstrate that the proposed system provides greater applicability for emerging economies, such as mainland China, complementing the data gaps in existing datasets. However, challenges including the accurate estimation of monetary and material flows, the handling of time series data, synonyms disambiguation, and mitigating biases from online contents still remains. Future research should focus on addressing these issues to further enhance the system's capabilities and broaden its application to other emerging economies and industries.
The supply chain is a critical segment of the product manufacturing cycle, continuously influenced by risky, uncertain, and undesirable events. Optimizing flexibility in the supply chain presents a complex, multi-objective, and nonlinear programming challenge. In the poultry supply chain, the development of mass customization capabilities has led manufacturing companies to increasingly focus on offering tailored and customized services for individual products. To safeguard against data tampering and ensure the integrity of setup costs and overall profitability, a multi-signature decentralized finance (DeFi) protocol, integrated with the IoT on a blockchain platform, is proposed. Managing the poultry supply chain involves uncertainties that may not account for parameters such as delivery time to retailers, reorder time, and the number of requested products. To address these challenges, this study employs an adaptive neuro-fuzzy inference system (ANFIS), combining neural networks with fuzzy logic to compensate for the lack of data training in parameter identification. Through MATLAB simulations, the study investigates the average shop delivery duration, the reorder time, and the number of products per order. By implementing the proposed technique, the average delivery time decreases from 40 to 37 minutes, the reorder time decreases from five to four days, and the quantity of items requested per order grows from six to eleven. Additionally, the ANFIS model enhances overall supply chain performance by reducing transaction times by 15\% compared to conventional systems, thereby improving real-time responsiveness and boosting transparency in supply chain operations, effectively resolving operational issues.
Lukas Hueller, Tim Kuffner, Matthias Schneider
et al.
Enabling supply chain transparency (SCT) is essential for regulatory compliance and meeting sustainability standards. Multi-tier SCT plays a pivotal role in identifying and mitigating an organization's operational, environmental, and social (ESG) risks. While research observes increasing efforts towards SCT, a minority of companies are currently publishing supply chain information. Using the Design Science Research approach, we develop a collaborative platform for supply chain transparency. We derive design requirements, formulate design principles, and evaluate the artefact with industry experts. Our artefact is initialized with publicly available supply chain data through an automated pipeline designed to onboard future participants to our platform. This work contributes to SCT research by providing insights into the challenges and opportunities of implementing multi-tier SCT and offers a practical solution that encourages organizations to participate in a transparent ecosystem.
Eman Abu Ishgair, Marcela S. Melara, Santiago Torres-Arias
The software supply chain comprises a highly complex set of operations, processes, tools, institutions and human factors involved in creating a piece of software. A number of high-profile attacks that exploit a weakness in this complex ecosystem have spurred research in identifying classes of supply chain attacks. Yet, practitioners often lack the necessary information to understand their security posture and implement suitable defenses against these attacks. We argue that the next stage of software supply chain security research and development will benefit greatly from a defense-oriented approach that focuses on holistic bottom-up solutions. To this end, this paper introduces the AStRA model, a framework for representing fundamental software supply chain elements and their causal relationships. Using this model, we identify software supply chain security objectives that are needed to mitigate common attacks and systematize knowledge on recent and well-established security techniques for their ability to meet these objectives. We validate our model against prior attacks and taxonomies. Finally, we identify emergent research gaps and propose opportunities to develop novel software development tools and systems that are secure-by-design.
Ads supply personalization aims to balance the revenue and user engagement, two long-term objectives in social media ads, by tailoring the ad quantity and density. In the industry-scale system, the challenge for ads supply lies in modeling the counterfactual effects of a conservative supply treatment (e.g., a small density change) over an extended duration. In this paper, we present a streamlined framework for personalized ad supply. This framework optimally utilizes information from data collection policies through the doubly robust learning. Consequently, it significantly improves the accuracy of long-term treatment effect estimates. Additionally, its low-complexity design not only results in computational cost savings compared to existing methods, but also makes it scalable for billion-scale applications. Through both offline experiments and online production tests, the framework consistently demonstrated significant improvements in top-line business metrics over months. The framework has been fully deployed to live traffic in one of the world's largest social media platforms.
Jonathan L. Fasig, Barry K. Gilbert, Erik S. Daniel
As ASIC supply voltages approach one volt, the source-impedance goals for power distribution networks are driven ever lower as well. One approach to achieving these goals is to add decoupling capacitors of various values until the desired impedance profile is obtained. An unintended consequence of this approach can be reduced power supply stability and even oscillation. In this paper, we present a case study of a system design which encountered these problems and we describe how these problems were resolved. Time-domain and frequency-domain analysis techniques are discussed and measured data is presented.
In this note, we illustrate the computation of the approximation of the supply curves using a one-step basis. We derive the expression for the L2 approximation and propose a procedure for the selection of nodes of the approximation. We illustrate the use of this approach with three large sets of bid curves from European electricity markets.
Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing fatal damage to businesses and organizations. Past well-known examples of software supply chain attacks are the SolarWinds or log4j incidents that have affected thousands of customers and businesses. The US government and industry are equally interested in enhancing software supply chain security. On February 22, 2023, researchers from the NSF-supported Secure Software Supply Chain Center (S3C2) conducted a Secure Software Supply Chain Summit with a diverse set of 17 practitioners from 15 companies. The goal of the Summit is to enable sharing between industry practitioners having practical experiences and challenges with software supply chain security and helping to form new collaborations. We conducted six-panel discussions based upon open-ended questions regarding software bill of materials (SBOMs), malicious commits, choosing new dependencies, build and deploy,the Executive Order 14028, and vulnerable dependencies. The open discussions enabled mutual sharing and shed light on common challenges that industry practitioners with practical experience face when securing their software supply chain. In this paper, we provide a summary of the Summit. Full panel questions can be found in the appendix.
Hasina Sultana, Sharmila Rani Mallick, Jahidul Hassan
et al.
Given the present rising trends in changing lifestyle and consumption patterns, watermelon production has shifted from big to small-sized fruits having desirable quality attributes. Hence, analyses of fruit quality traits of mini watermelon are crucial to develop improved cultivars with enhanced nutritional compositions, consumer-preferred traits and extended storage life. In this context, fruit morphological and nutritional attributes of five mini watermelon genotypes namely BARI watermelon 1 (W1), BARI watermelon 2 (W2), L-32468 (W3), L-32236 (W4) and L-32394 (W5) were evaluated to appraise promising genotypes with better fruit quality. The evaluated genotypes expressed different levels of diversity for fruit physical qualitative traits including differences in shape, rind and flesh color and texture. The study also revealed significant variability among the genotypes regarding all observed fruit morphological and nutritional aspects as well as bioactive compounds. Among the studied genotypes, W1 stood out with the highest TSS as well as rind vitamin C and total phenolic content accompanied by higher fruit weight and thick rind. On the other hand, W3 genotype was featured with higher amount of \b{eta} carotene, total phenolic and flavonoid content in its flesh along with rind enriched with \b{eta} carotene and minerals. However, comparatively higher amount of sugar and total flavonoid content was recorded in the rind of W5 genotype. Therefore, W1 and W3 could be exploited for table purpose and using in breeding program to develop mini watermelon cultivars with more attractive fruits in terms of quality acceptance and nutritional value in Bangladesh. Furthermore, rind of BARI watermelon 1 and L-32394 could be considered as the potential cheap source of bioactive compounds to be used for dietary and industrial purpose which would decrease the solid waste in the environment.
The software supply chain is becoming a widespread analogy to designate the series of steps taken to go from source code published by developers to executables running on the users? computers. A security vulnerability in any of these steps puts users at risk, and evidence shows that attacks on the supply chain are becoming more common. The consequences of an attack on the software supply chain can be tragic in a society that relies on many interconnected software systems, and this has led research interest as well as governmental incentives for supply chain security to rise. GNU Guix is a software deployment tool and software distribution that supports provenance tracking, reproducible builds, and reproducible software environments. Unlike many software distributions, it consists exclusively of source code: it provides a set of package definitions that describe how to build code from source. Together, these properties set it apart from many deployment tools that center on the distribution of binaries. This paper focuses on one research question: how can Guix and similar systems allow users to securely update their software? Guix source code is distributed using the Git version control system; updating Guix-installed software packages means, first, updating the local copy of the Guix source code. Prior work on secure software updates focuses on systems very different from Guix -- systems such as Debian, Fedora, or PyPI where updating consists in fetching metadata about the latest binary artifacts available -- and is largely inapplicable in the context of Guix. By contrast, the main threats for Guix are attacks on its source code repository, which could lead users to run inauthentic code or to downgrade their system. Deployment tools that more closely resemble Guix, from Nix to Portage, either lack secure update mechanisms or suffer from shortcomings. Our main contribution is a model and tool to authenticate new Git revisions. We further show how, building on Git semantics, we build protections against downgrade attacks and related threats. We explain implementation choices. This work has been deployed in production two years ago, giving us insight on its actual use at scale every day. The Git checkout authentication at its core is applicable beyond the specific use case of Guix, and we think it could benefit to developer teams that use Git. As attacks on the software supply chain appear, security research is now looking at every link of the supply chain. Secure updates are one important aspect of the supply chain, but this paper also looks at the broader context: how Guix models and implements the supply chain, from upstream source code to binaries running on computers. While much recent work focuses on attestation -- certifying each link of the supply chain -- Guix takes a more radical approach: enabling independent verification of each step, building on reproducible builds, "bootstrappable" builds, and provenance tracking. The big picture shows how Guix can be used as the foundation of secure software supply chains.
Kristina Gligoric, Arnaud Chiolero, Emre Kıcıman
et al.
The SARS-CoV-2 virus has altered people's lives around the world. Here we document population-wide shifts in dietary interests in 18 countries in 2020, as revealed through time series of Google search volumes. We find that during the first wave of the COVID-19 pandemic there was an overall surge in food interest, larger and longer-lasting than the surge during typical end-of-year holidays in Western countries. The shock of decreased mobility manifested as a drastic increase in interest in consuming food at home and a corresponding decrease in consuming food outside of home. The largest (up to threefold) increases occurred for calorie-dense carbohydrate-based foods such as pastries, bakery products, bread, and pies. The observed shifts in dietary interests have the potential to globally affect food consumption and health outcomes. These findings can inform governmental and organizational decisions regarding measures to mitigate the effects of the COVID-19 pandemic on diet and nutrition.
Nicolas Harrand, Thomas Durieux, David Broman
et al.
Despite its obvious benefits, the increased adoption of package managers to automate the reuse of libraries has opened the door to a new class of hazards: supply chain attacks. By injecting malicious code in one library, an attacker may compromise all instances of all applications that depend on the library. To mitigate the impact of supply chain attacks, we propose the concept of Library Substitution Framework. This novel concept leverages one key observation: when an application depends on a library, it is very likely that there exists other libraries that provide similar features. The key objective of Library Substitution Framework is to enable the developers of an application to harness this diversity of libraries in their supply chain. The framework lets them generate a population of application variants, each depending on a different alternative library that provides similar functionalities. To investigate the relevance of this concept, we develop ARGO, a proof-of-concept implementation of this framework that harnesses the diversity of JSON suppliers. We study the feasibility of library substitution and its impact on a set of 368 clients. Our empirical results show that for 195 of the 368 java applications tested, we can substitute the original JSON library used by the client by at least 15 other JSON libraries without modifying the client's code. These results show the capacity of a Library Substitution Framework to diversify the supply chain of the client applications of the libraries it targets.
Shashank Kumar Anand, Milad Hooshyar, Jan Martin Nordbotten
et al.
Numerous complex systems, both natural and artificial, are characterized by the presence of intertwined supply and/or drainage networks. Here we present a minimalist model of such co-evolving networks in a spatially continuous domain, where the obtained networks can be interpreted as a part of either the counter-flowing drainage or co-flowing supply and drainage mechanisms. The model consists of three coupled, nonlinear partial differential equations that describe spatial density patterns of input and output materials by modifying a mediating scalar field, on which supply and drainage networks are carved. In the 2-dimensional case, the scalar field can be viewed as the elevation of a hypothetical landscape, of which supply and drainage networks are ridges and valleys, respectively. In the 3-dimensional case, the scalar field serves as the chemical signal strength, in which vascularization of the supply and drainage networks occurs above a critical 'erosion' strength. The steady-state solutions are presented as a function of non-dimensional channelization indices for both materials. The spatial patterns of the emerging networks are classified within the branched and congested extreme regimes, within which the resulting networks are characterized based on the absolute as well as the relative values of two non-dimensional indices.