Sok: Taxonomy of attacks on open-source software supply chains
The widespread dependency on open-source software makes it a fruitful target for malicious
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …
Kee** authorities" honest or bust" with decentralized witness cosigning
The secret keys of critical network authorities--such as time, name, certificate, and software
update services--represent high-value targets for hackers, criminals, and spy agencies …
update services--represent high-value targets for hackers, criminals, and spy agencies …
Towards measuring supply chain attacks on package managers for interpreted languages
Package managers have become a vital part of the modern software development process.
They allow developers to reuse third-party code, share their own code, minimize their …
They allow developers to reuse third-party code, share their own code, minimize their …
The state‐of‐the‐art in container technologies: Application, orchestration and security
Containerization is a lightweight virtualization technology enabling the deployment and
execution of distributed applications on cloud, edge/fog, and Internet‐of‐Things platforms …
execution of distributed applications on cloud, edge/fog, and Internet‐of‐Things platforms …
Sigstore: Software signing for everybody
Software supply chain compromises are on the rise. From the effects of XCodeGhost to
SolarWinds, hackers have identified that targeting weak points in the supply chain allows …
SolarWinds, hackers have identified that targeting weak points in the supply chain allows …
{CHAINIAC}: Proactive {Software-Update} transparency via collectively signed skipchains and verified builds
Software-update mechanisms are critical to the security of modern systems, but their
typically centralized design presents a lucrative and frequently attacked target. In this work …
typically centralized design presents a lucrative and frequently attacked target. In this work …
Signing in four public software package registries: Quantity, quality, and influencing factors
Many software applications incorporate open-source third-party packages distributed by
public package registries. Guaranteeing authorship along this supply chain is a challenge …
public package registries. Guaranteeing authorship along this supply chain is a challenge …
Software supply chain: review of attacks, risk assessment strategies and security controls
The software product is a source of cyber-attacks that target organizations by using their
software supply chain as a distribution vector. As the reliance of software projects on open …
software supply chain as a distribution vector. As the reliance of software projects on open …
Taxonomy of attacks on open-source software supply chains
The widespread dependency on open-source software makes it a fruitful target for malicious
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …
[HTML][HTML] eUF: A framework for detecting over-the-air malicious updates in autonomous vehicles
Software updates are highly significant in autonomous vehicles. These updates are utilized
to provide enhanced features and updated security mechanisms. In order to ensure …
to provide enhanced features and updated security mechanisms. In order to ensure …