Research directions in software supply chain security
Reusable software libraries, frameworks, and components, such as those provided by open-
source ecosystems and third-party suppliers, accelerate digital innovation. However, recent …
source ecosystems and third-party suppliers, accelerate digital innovation. However, recent …
On the way to sboms: Investigating design issues and solutions in practice
The increase of software supply chain threats has underscored the necessity for robust
security mechanisms, among which the Software Bill of Materials (SBOM) stands out as a …
security mechanisms, among which the Software Bill of Materials (SBOM) stands out as a …
Signing in four public software package registries: Quantity, quality, and influencing factors
Many software applications incorporate open-source third-party packages distributed by
public package registries. Guaranteeing authorship along this supply chain is a challenge …
public package registries. Guaranteeing authorship along this supply chain is a challenge …
Boms away! inside the minds of stakeholders: A comprehensive study of bills of materials for software systems
Software Bills of Materials (SBOMs) have emerged as tools to facilitate the management of
software dependencies, vulnerabilities, licenses, and the supply chain. While significant …
software dependencies, vulnerabilities, licenses, and the supply chain. While significant …
Sbom generation tools under microscope: A focus on the npm ecosystem
Generating accurate Software Bill of Materials (SBOM) is challenging due to the complex
dependencies in the diverse components used in software and also the way software is built …
dependencies in the diverse components used in software and also the way software is built …
Automatic specialization of third-party java dependencies
Large-scale code reuse significantly reduces both development costs and time. However,
the massive share of third-party code in software projects poses new challenges, especially …
the massive share of third-party code in software projects poses new challenges, especially …
SBOM. EXE: Countering Dynamic Code Injection based on Software Bill of Materials in Java
Software supply chain attacks have become a significant threat as software development
increasingly relies on contributions from multiple, often unverified sources. The code from …
increasingly relies on contributions from multiple, often unverified sources. The code from …
Accuracy Evaluation of SBOM Tools for Web Applications and System-Level Software
A Halbritter, D Merli - Proceedings of the 19th International Conference …, 2024 - dl.acm.org
Recent vulnerabilities in software like Log4j raise the question whether the software supply
chain is secured sufficiently. Governmental initiatives in the United States (US) and the …
chain is secured sufficiently. Governmental initiatives in the United States (US) and the …
Java Bytecode Normalization for Code Similarity Analysis
Analyzing the similarity of two code fragments has many applications, including code clone,
vulnerability and plagiarism detection. Most existing approaches for similarity analysis work …
vulnerability and plagiarism detection. Most existing approaches for similarity analysis work …
Osmy: A Tool for Periodic Software Vulnerability Assessment and File Integrity Verification using SPDX Documents
R Kishimoto, T Kanda, Y Manabe… - … on Software Analysis …, 2024 - ieeexplore.ieee.org
Libraries have become integral to modern software development, yet their management
often falls short, resulting in issues such as delayed responses to vulnerabilities. To address …
often falls short, resulting in issues such as delayed responses to vulnerabilities. To address …