Suggested Readings ================== Prospective authors may find the following themes and example readings helpful for understanding the scope of the workshop. These are intended as orientation points rather than required citations. Ecosystems and Practices ------------------------ Submissions that characterize research software supply chains in scientific projects, laboratories, and institutions are a strong fit, including empirical studies of development, distribution, maintenance, and deployment practices. - Kalu et al., `Operationalizing Research Software for Supply Chain Security `_ — presents an RSSC-oriented taxonomy and a taxonomy-aware measurement approach for research software ecosystems. - Murphy et al., `SciCat: A Curated Dataset of Scientific Software Repositories `_. Threats and Consequences ------------------------ This theme covers threat models, vulnerabilities, real-world incidents, and the consequences of insecure research software supply chains for reproducibility, trust, and scientific validity — including security defects in scientific software projects and risks introduced by scientific workflows, AI-enabled science, and autonomous research agents. - Murphy et al., `A Curated Dataset of Security Defects in Scientific Software Projects `_. Technical Mechanisms and Deployment ------------------------------------ Papers on provenance, transparency, integrity, attestation, SBOMs, signing, and related security mechanisms for research software are particularly encouraged, especially experience reports on deploying such controls in scientific computing environments, laboratories, and institutions. - Tam et al., `A Containerization Framework for Bioinformatics Software to Advance Scalability, Portability, and Maintainability `_. Adoption and Governance ----------------------- Research on usability, maturity, organizational coordination, policy, and governance issues that shape whether security measures are adopted in practice fits well here. This includes institutional and policy frameworks relevant to research security, such as disclosure and accountability requirements associated with NSPM-33 and related NSF guidance. - `NSPM-33 `_, Presidential Memorandum on US Government-Supported R&D National Security Policy. - `NSF NSPM-33 Implementation Guidance `_, NSF's policy page with disclosure requirements and implementation guidance.