The parameters and equations of system dynamics.

Software supply chains have emerged as a critical battleground in cyberspace security, with their compromise posing direct threats to critical infrastructure and information systems. The inherent multi-level structures and complex interdependencies among supply chain entities have introduced novel challenges in network and information security. This study investigates the contagion mechanisms of information security risks in software supply chains, aiming to identify key factors influencing risk propagation and evaluate effective defense strategies under multi-layer network conditions. We employ system dynamics (SD) modeling to construct a risk contagion framework for software supply chains, incorporating multi-layer network structures. Dynamic simulations are conducted to analyze risk transmission patterns under different attack and defense scenarios. The simulation results show that the risk transmission rate of software supply chain information security is influenced by the attack path. As compared to random attacks, selective attacks result in a faster risk transmission. In terms of defense strategy, increasing information security investment and improving the level of software quality are more effective for defense against random attacks. In terms of governance measures, increasing technological progress is more effective as compared to reducing the vulnerability rate. The results show that the marginal benefits of the technological progress rate show a decreasing trend. The study quantitatively validates the cascading effects of security risks in multi-layer supply chain networks and provides actionable insights and establishes a system dynamics foundation for predictive risk assessment in complex software supply chain ecosystems.

软件供应链已成为网络空间安全领域的关键战场，其遭受破坏会对关键基础设施与信息系统构成直接威胁。供应链参与主体间固有的多层级结构与复杂依存关联，为网络与信息安全带来了全新挑战。本研究针对软件供应链中的信息安全风险传染机制展开探究，以期识别影响风险传播的核心要素，并评估多层网络（multi-layer network）场景下的可行防御策略。我们采用系统动力学（System Dynamics, SD）建模方法，构建融合多层网络结构的软件供应链风险传染框架，并开展动态仿真实验，以分析不同攻防场景下的风险传导规律。仿真结果显示，软件供应链信息安全的风险传导速率受攻击路径影响：相较于随机攻击，选择性攻击会引发更快的风险扩散速度。在防御策略维度，提升信息安全投入与优化软件质量水平，对抵御随机攻击更为有效；在治理措施维度，提升技术进步速率相较降低漏洞发生率更为高效。研究同时发现，技术进步速率的边际效益呈递减态势。本研究定量验证了多层供应链网络中安全风险的级联效应，可为复杂软件供应链生态系统的风险预测评估提供具有实操价值的洞见，并为该场景下的风险预测评估奠定了系统动力学层面的研究基础。