DTCC-Supply Chain Research (GY)

Goal:

Conduct research using NYU Academia and Industry knowledge in conjunction with Supply Chain Cyber threat Intelligence and DTCC internal perspective/knowledge to publish a research paper. 

1. Exploring and drafting a White paper as part of NYU VIP - This whitepaper could consider what are the different use cases that intoto (software attestation tool) could be used to monitor for supply chain intrusions if an environment is compromised- this would help the system admins and  SOC/Hunt teams (for us called TMC) understand what to analyze or look for when it comes to supply chain alerts generated from a tool like intoto or any another supply chain tooling/detection) 
2. As part of NYU VIP engaging in exploratory research (informally known as fishing expedition) topic associated to Supply Chain – Measuring Dependencies and adjacent thoughts:
   1. Is there a mechanism to identify which code is risky (supply chain angle/context)
   2. Is there a mechanism to identify which dependencies in a code is Risky (supply chain angle/context) 

Outcome: 

Publish a joint research/ whitepaper. Possible testing of software attestation and SBOM capabilities of SBOMit in a controlled test environment similar to DTCC prod.

Majors and Areas of Interest: 

Someone who willing to explore innovative ways of using AI enabled solutions in real world enterprise developer ecosystem in fintech industry

Primary Instructors

• Justin Cappos, NYU Advisor
  • jcappos@nyu.edu
• Dan Chacko
  • dchacko@dtcc.com