We are proud to congratulate our Software Innovation New Zealand members — Professor Stephen G. MacDonell, Associate Professor Jens Dietrich, Associate Professor Kelly Blincoe, Dr Valerio Terragni, and Dr Elliott Wen — for being awarded a MBIE Endeavour Fund Research Programme grant for their work on the project: Tūwhana – Finding, observing, and reducing threats in domestic and global software supply chains (SSC-FORT).
The four-year project, which began on 1 October 2025, has a contract value of $7,775,000 (GST excl.) and aims to strengthen software supply chain security through three main sets of actions:
DETECT:
• Improve the accuracy of SBOM construction and Software Composition Analysis, including true positive detection through the synthesis of exploits.
• Find vulnerabilities in AI datasets that can be used as novel attack vectors, similar to CVE-2024-27318 and CVE-2024-27322.
• Identify sources of variability that lead to failing reproducible and alternative builds.
RESPOND:
• Develop tools to prioritise software composition results, improving the utility of SBOMs.
• Create tools to compare and assess binaries resulting from different builds of the same sources.
• Build tools to prevent the use of vulnerable AI datasets.
ADAPT, REPORT AND COMPLY:
There are multiple existing and emerging standards related to software supply chain security — including SBOM, VEX, OpenSSF Scorecard, in-toto and SLSA — alongside evolving legislation such as the US Executive Order 14028 and the EU Cyber Resilience Act. With further changes expected globally, the project will identify current practices, barriers to adoption, and help New Zealand organisations adapt and adopt tools, technologies, and standards developed both locally and internationally.
The SSC-FORT project includes funding for several research positions at different levels. For details, please visit https://ssc-fort.github.io/vacancies.html.
This grant highlights the depth of software research expertise in New Zealand and the valuable role our SINZ members play in projects of international significance. For more details on the project, visit: https://ssc-fort.github.io/