Motivation-achievement cycles in learning: A literature review and research agenda
The question of how learners' motivation influences their academic achievement and vice
versa has been the subject of intensive research due to its theoretical relevance and …
versa has been the subject of intensive research due to its theoretical relevance and …
Research directions in software supply chain security
Reusable software libraries, frameworks, and components, such as those provided by open-
source ecosystems and third-party suppliers, accelerate digital innovation. However, recent …
source ecosystems and third-party suppliers, accelerate digital innovation. However, recent …
Lastpymile: identifying the discrepancy between sources and packages
Open source packages have source code available on repositories for inspection (eg on
GitHub) but developers use pre-built packages directly from the package repositories (such …
GitHub) but developers use pre-built packages directly from the package repositories (such …
Bad snakes: Understanding and improving python package index malware scanning
Open-source, community-driven package repositories see thousands of malware packages
each year, but do not currently run automated malware detection systems. In this work, we …
each year, but do not currently run automated malware detection systems. In this work, we …
A needle is an outlier in a haystack: hunting malicious pypi packages with code clustering
W Liang, X Ling, J Wu, T Luo… - 2023 38th IEEE/ACM …, 2023 - ieeexplore.ieee.org
As the most popular Python software repository, PyPI has become an indispensable part of
the Python ecosystem. Regrettably, the open nature of PyPI exposes end-users to …
the Python ecosystem. Regrettably, the open nature of PyPI exposes end-users to …
A benchmark comparison of python malware detection approaches
While attackers often distribute malware to victims via open-source, community-driven
package repositories, these repositories do not currently run automated malware detection …
package repositories, these repositories do not currently run automated malware detection …
1+ 1> 2: Integrating Deep Code Behaviors with Metadata Features for Malicious PyPI Package Detection
PyPI, the official package registry for Python, has seen a surge in the number of malicious
package uploads in recent years. Prior studies have demonstrated the effectiveness of …
package uploads in recent years. Prior studies have demonstrated the effectiveness of …
[PDF][PDF] An analysis of malicious behaviors of open-source packages using dynamic analysis
DL Vu, TC Nguyen, NC Debnath - researchgate.net
There has been an increasing number of malicious open-source packages in recent years.
A recent backdoor attack on the Linux xz utility has shown the importance of security checks …
A recent backdoor attack on the Linux xz utility has shown the importance of security checks …