Research on multi-dimensional quantitative evaluation index system of software supply chain security

With the rapid development of software supply chain, software supply chain security has become an important field of network security research. The article deeply analyzes the software supply chain structure and its security problems, and analyzes several common software supply chain security tools. On this basis, for the structural characteristics of the software supply chain, the multi-dimensional quantitative evaluation system of the software supply chain is constructed from three dimensions of technical security, organizational management and ecological health, and a number of indexes are introduced, such as digital signature coverage, maintainer diversity index, and license conflict rate, etc. The results of the research provide a good basis for the security evaluation of software supply chain. The research results provide new ideas for the security evaluation of software supply chain, and help to find and solve the security problems of software supply chain in time.