Murphy Security Research Institute

Securing the Digital World Through Supply Chain Security

Murphy Security Research Institute focuses on cutting-edge research in software supply chain security, dedicated to discovering and alerting security risks in open-source components, providing enterprises and developers with professional security governance solutions and industry insights.

View Latest Report

Industry Research Reports

In-depth insights into software supply chain security trends

NEW2026-02-28

2025 Annual Software Supply Chain Poisoning Risk Report

This report provides an in-depth analysis of global software supply chain poisoning attack trends in 2025, covering security risk data across major ecosystems including npm, PyPI, and Maven, revealing the latest attack techniques and defense strategies.

Over 12,000 poisoning incidents detected throughout the year
npm ecosystem remains the largest target, accounting for 58%
AI-generated malicious code emerges as a new threat
Enterprise losses from supply chain attacks increased by 340% YoY

Supply Chain SecurityPoisoning AttacksOpen Source Security

Download Report

Industry Best Practices

Aggregating industry wisdom to build security governance standards

BEST PRACTICE2026-04-20

Security Metrics Best Practices 2026

A practical guide for enterprise security measurement, covering metric-system design, risk identification, measurement evaluation, and continuous improvement to help organizations build a more quantifiable and actionable security program.

Security MetricsSecurity OperationsMetrics FrameworkContinuous Improvement

Download Practice

2026-03-13

Open Source Security Governance Best Practices 2026

An enterprise-level guide to open source software security governance, covering the full lifecycle from component selection, vulnerability management to compliance auditing. Based on practical governance experience from hundreds of enterprises.

Open Source GovernanceSupply Chain SecurityComplianceVulnerability Management

Download Practice