Committed to trust: A qualitative study on security & trust in open source software projects
Open Source Software plays an important role in many software ecosystems. Whether in
operating systems, network stacks, or as low-level system drivers, software we encounter …
operating systems, network stacks, or as low-level system drivers, software we encounter …
It's like flossing your teeth: On the importance and challenges of reproducible builds for software supply chain security
The 2020 Solarwinds attack was a tip** point that caused a heightened awareness about
the security of the software supply chain and in particular the large amount of trust placed in …
the security of the software supply chain and in particular the large amount of trust placed in …
No one drinks from the firehose: How organizations filter and prioritize vulnerability information
The number of published software vulnerabilities is increasing every year. How do
organizations stay in control of their attack surface despite their limited staff resources? Prior …
organizations stay in control of their attack surface despite their limited staff resources? Prior …
[HTML][HTML] Exploring topic models to discern cyber threats on Twitter: A case study on Log4Shell
Gathering information about cyber threats from various sources can help organisations
improve proactive cyber defense and mitigate potential cyber attacks. Recently, Twitter has …
improve proactive cyber defense and mitigate potential cyber attacks. Recently, Twitter has …
No spring chicken: quantifying the lifespan of exploits in iot malware using static and dynamic analysis
The Internet of things (IoT) is composed by a wide variety of software and hardware
components that inherently contain vulnerabilities. Previous research has shown that it takes …
components that inherently contain vulnerabilities. Previous research has shown that it takes …
Cybersecurity information sharing: analysing an email corpus of coordinated vulnerability disclosure
Abstract Information sharing is widely held to improve cybersecurity outcomes whether its
driven by market forces or by cooperation among firms and individuals. Formal institutions …
driven by market forces or by cooperation among firms and individuals. Formal institutions …
Towards system security: What a comparison of national vulnerability databases reveals
I Forain, R de Oliveira Albuquerque… - 2022 17th Iberian …, 2022 - ieeexplore.ieee.org
System vulnerabilities are ubiquitous nowadays. In 2021, millions of cyberattacks exploited
system flaws resulting in billions of losses. Despite massive vulnerability databases …
system flaws resulting in billions of losses. Despite massive vulnerability databases …
Discovery of timeline and crowd reaction of software vulnerability disclosures
Reusing third-party libraries increases productivity and saves time and costs for developers.
However, the downside is the presence of vulnerabilities in those libraries, which can lead to …
However, the downside is the presence of vulnerabilities in those libraries, which can lead to …
A mixed-methods study of open-source software maintainers on vulnerability management and platform security features
In open-source software (OSS), software vulnerabilities have significantly increased.
Although researchers have investigated the perspectives of vulnerability reporters and OSS …
Although researchers have investigated the perspectives of vulnerability reporters and OSS …
A statistical relational learning approach towards products, software vulnerabilities and exploits
CF Pereira, JGL de Oliveira, RA Santos… - … on Network and …, 2023 - ieeexplore.ieee.org
Data on software vulnerabilities, products, and exploits are typically collected from multiple
non-structured sources. Valuable information, eg, on which products are affected by which …
non-structured sources. Valuable information, eg, on which products are affected by which …