"Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply Chain-Reference-Cited by-同舟云学术

"Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply Chain

Published:2023-05 Issue: Volume: Page:
ISSN:
Container-title:2023 IEEE Symposium on Security and Privacy (SP)
language:
Short-container-title:

Author:

Wermke Dominik¹,Klemmer Jan H.²,Wöhler Noah¹,Schmüser Juliane¹,Ramulu Harshini Sri³,Acar Yasemin³,Fahl Sascha¹

Affiliation:

1. CISPA Helmholtz Center for Information Security,Germany

2. Leibniz University Hannover,Germany

3. Paderborn University,Germany

Publisher

IEEE

Link

http://xplorestaging.ieee.org/ielx7/10179215/10179280/10179378.pdf?arnumber=10179378

Reference80 articles.

1. Empirical Analysis of Security Vulnerabilities in Python Packages

2. When the weakest link is strong: Secure collaboration in the case of the panama papers;mcgregor;Proceedings of the 26th USENIX Security Symposium (USENIX Security 17),2017

3. Ecosystem-level determinants of sustained activity in open-source projects: a case study of the PyPI ecosystem

4. Investigating the computer security practices and needs of journalists;mcgregor;Proceedings of the 24th USENIX Security Symposium (USENIX Security 15),2015

5. The Evolution of the R Software Ecosystem

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Everyone for Themselves? A Qualitative Study about Individual Security Setups of Open Source Software Contributors;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

2. "How do people decide?": A Model for Software Library Selection;Proceedings of the 2024 IEEE/ACM 17th International Conference on Cooperative and Human Aspects of Software Engineering;2024-04-14

3. Osmy: A Tool for Periodic Software Vulnerability Assessment and File Integrity Verification using SPDX Documents;2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER);2024-03-12

4. Developers’ Perspective on Trustworthiness of Code Generated by ChatGPT: Insights from Interviews;Communications in Computer and Information Science;2024

5. Lessons from the Long Tail: Analysing Unsafe Dependency Updates across Software Ecosystems;Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering;2023-11-30