What are weak links in the npm supply chain?-Reference-Cited by-同舟云学术

What are weak links in the npm supply chain?

Published:2022-05-21 Issue: Volume: Page:
ISSN:
Container-title:Proceedings of the 44th International Conference on Software Engineering: Software Engineering in Practice
language:
Short-container-title:

Author:

Zahan Nusrat¹,Zimmermann Thomas²,Godefroid Patrice²,Murphy Brendan²,Maddila Chandra²,Williams Laurie¹

Affiliation:

1. North Carolina State University

2. Microsoft Research

Funder

NCSU Secure Computing Institute

Cisco Systems

Publisher

ACM

Link

https://dl.acm.org/doi/pdf/10.1145/3510457.3513044

Reference46 articles.

1. Bird, Christian, 2009 . Does distributed development affect software quality? an empirical case study of windows vista . In 2009 IEEE 31st International Conference on Software Engineering. IEEE, 518--528 . Bird, Christian, et al. 2009. Does distributed development affect software quality? an empirical case study of windows vista. In 2009 IEEE 31st International Conference on Software Engineering. IEEE, 518--528.

2. Bird, Christian, 2011 . Don't touch my code! Examining the effects of ownership on software quality . In Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering. 4--14 . Bird, Christian, et al. 2011. Don't touch my code! Examining the effects of ownership on software quality. In Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering. 4--14.

3. Myles Borins. 2022. Top-100 npm package maintainers now require 2FA. https://github.blog/2022-02-01-top-100-npm-package-maintainers-require-2fa-additional-security/ Myles Borins. 2022. Top-100 npm package maintainers now require 2FA. https://github.blog/2022-02-01-top-100-npm-package-maintainers-require-2fa-additional-security/

4. Catalin Cimpanu. 2018. Backdoored Python Library Caught Stealing SSH Credentials. https://www.bleepingcomputer.com/news/security/backdoored-python-library-caught-stealing-ssh-credentials/ Catalin Cimpanu. 2018. Backdoored Python Library Caught Stealing SSH Credentials. https://www.bleepingcomputer.com/news/security/backdoored-python-library-caught-stealing-ssh-credentials/

5. Codecov. 2021. Bash Uploader Security Update. https://about.codecov.io/security-update/ Codecov. 2021. Bash Uploader Security Update. https://about.codecov.io/security-update/

Cited by 28 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. SBOM Ouverture: What We Need and What We Have;Proceedings of the 19th International Conference on Availability, Reliability and Security;2024-07-30

2. Bloat beneath Python’s Scales: A Fine-Grained Inter-Project Dependency Analysis;Proceedings of the ACM on Software Engineering;2024-07-12

3. On the Accuracy of GitHub's Dependency Graph;Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering;2024-06-18

4. Just another copy and paste? Comparing the security vulnerabilities of ChatGPT generated code and StackOverflow answers;2024 IEEE Security and Privacy Workshops (SPW);2024-05-23

5. Weird Machines in Package Managers: A Case Study of Input Language Complexity and Emergent Execution in Software Systems;2024 IEEE Security and Privacy Workshops (SPW);2024-05-23