SoK: Taxonomy of Attacks on Open-Source Software Supply Chains
Author:
Affiliation:
1. SAP Security Research
2. Université Polytechnique Hauts-de-France
3. Université de Rennes 1, Inria, IRISA
Publisher
IEEE
Link
http://xplorestaging.ieee.org/ielx7/10179215/10179280/10179304.pdf?arnumber=10179304
Reference194 articles.
1. Containing Malicious Package Updates in npm with a Lightweight Permission System
2. Supply-Chain Risk Management: Incorporating Security into Software Development
3. Building a supply chain attack with .NET, NuGet, DNS, source generators, and more!;balliauw,2021
4. Practical automated detection of malicious npm packages
5. Assuring software and hardware security and integrity throughout the supply chain
Cited by 40 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Maltracker: A Fine-Grained NPM Malware Tracker Copiloted by LLM-Enhanced Dataset;Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis;2024-09-11
2. Software supply chain security: a systematic literature review;International Journal of Computers and Applications;2024-08-19
3. SBOM Ouverture: What We Need and What We Have;Proceedings of the 19th International Conference on Availability, Reliability and Security;2024-07-30
4. PyRadar: Towards Automatically Retrieving and Validating Source Code Repository Information for PyPI Packages;Proceedings of the ACM on Software Engineering;2024-07-12
5. Shadows in the Interface: A Comprehensive Study on Dark Patterns;Proceedings of the ACM on Software Engineering;2024-07-12
1.学者识别学者识别
2.学术分析学术分析
3.人才评估人才评估
"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370
www.globalauthorid.com
TOP
Copyright © 2019-2024 北京同舟云网络信息技术有限公司 京公网安备11010802033243号 京ICP备18003416号-3