An Exploratory Study on Teaching Software Supply Chain Security Concepts to High School Students

Software supply chain security is steadily gaining importance as more attacks on the software supply chain take place. Yet, it is uncommon that software supply chain security concepts are part of computer science curricula. This paper presents a two-day lecture series for high school students, employing engaging pedagogical methods like serious games to raise awareness of this attack vector. We evaluate competence gains and knowledge retention via competency tests, as well as the subjective impressions of students regarding lecture quality through evaluation forms. Our evaluation reveals that despite lacking prior knowledge, students were able to independently identify and explain key software supply chain security concepts and positively engaged with the serious game as a learning tool.