Backstabber’s Knife Collection: A Review of Open Source Software Supply Chain Attacks-Reference-Cited by-同舟云学术

Backstabber’s Knife Collection: A Review of Open Source Software Supply Chain Attacks

Published:2020 Issue: Volume: Page:23-43
ISSN:0302-9743
Container-title:Detection of Intrusions and Malware, and Vulnerability Assessment
language:
Short-container-title:

Author:

Ohm Marc,Plate Henrik,Sykosch Arnold,Meier Michael

Publisher

Springer International Publishing

Link

http://link.springer.com/content/pdf/10.1007/978-3-030-52683-2_2

Reference40 articles.

1. Chess, B., Lee, F.D.Q., West, J.: Attacking the build through cross-build injection: how your build process can open the gates to a trojan horse. https://www.fortify.com/downloads2/public/fortify_attacking_the_build.pdf (2007). Accessed 06 Mar 2019

2. Baker, G.: Keep your dependencies secure and up-to-date with GitHub and Dependabot (2019). https://github.blog/2019-01-31-keep-your-dependencies-secure-and-up-to-date-with-github-and-dependabot/ . Accessed 08 Oct 2019

3. Bertus: Cryptocurrency clipboard hijacker discovered in PyPi repository (2018). https://medium.com/@bertusk/cryptocurrency-clipboard-hijacker-discovered-in-pypi-repository-b66b8a534a8 . Accessed 09 Mar 2019

4. Bertus: Discord token stealer discovered in PyPi repository (2019). https://medium.com/@bertusk/discord-token-stealer-discovered-in-pypi-repository-e65ed9c3de06 . Accessed 02 July 2019

5. Bintray: Malicious packages reported in JCenter (2017). https://status.bintray.com/incidents/w4dfr0rpznkt . Accessed 14 Mar 2019

Cited by 95 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Maltracker: A Fine-Grained NPM Malware Tracker Copiloted by LLM-Enhanced Dataset;Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis;2024-09-11

2. OSSIntegrity: Collaborative open-source code integrity verification;Computers & Security;2024-09

3. The Technological and Societal Landscape;Information Technology and Law Series;2024-09-01

4. Software supply chain security: a systematic literature review;International Journal of Computers and Applications;2024-08-19

5. Dependabot and security pull requests: large empirical study;Empirical Software Engineering;2024-07-30