Estimating the Attack Surface from Residual Vulnerabilities in Open Source Software Supply Chain-Reference-Cited by-同舟云学术

Estimating the Attack Surface from Residual Vulnerabilities in Open Source Software Supply Chain

Published:2021-12 Issue: Volume: Page:
ISSN:
Container-title:2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS)
language:
Short-container-title:

Author:

Yan Dapeng¹,Niu Yuqing¹,Liu Kui¹,Liu Zhe¹,Liu Zhiming²,Bissyande Tegawende F.³

Affiliation:

1. Nanjing University of Aeronautics and Astronautics

2. Southwest University

3. University of Luxembourg,SnT

Funder

NUAA

Publisher

IEEE

Link

http://xplorestaging.ieee.org/ielx7/9724650/9724651/09724801.pdf?arnumber=9724801

Reference34 articles.

1. How do fixes become bugs?;zuoning;Proceedings of the 19th ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE-19) and the 13th European Software Engineering Conference,2011

2. An empirical study of fine-grained software modi-fications;daniel m;Empirical Software Engineering,2006

3. Toward understanding the rhetoric of small source code changes;ranjith;IEEE Transactions on Software Engineering,2005

4. Mining fix patterns for findbugs violations;kui;IEEE Transactions on Software Engineering,2021

5. What's a typical commit? A characterization of open source software repositories;abdulkareem;Proceedings of the 16th IEEE International Conference on Program Comprehension,2008

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Software supply chain security: a systematic literature review;International Journal of Computers and Applications;2024-08-19

2. Assessing Security Risks of Software Supply Chains Using Software Bill of Materials;2024 IEEE International Conference on Software Analysis, Evolution and Reengineering - Companion (SANER-C);2024-03-12

3. Securing the Software Supply Chain: A New Taxonomy for Attack Classification;2023 IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE);2023-12-14

4. Unreproducible builds: time to fix, causes, and correlation with external ecosystem factors;Empirical Software Engineering;2023-11-29

5. Uncovering Software Supply Chains Vulnerability: A Review of Attack Vectors, Stakeholders, and Regulatory Frameworks;2023 IEEE 47th Annual Computers, Software, and Applications Conference (COMPSAC);2023-06