English
Related papers

Related papers: Towards Measuring Supply Chain Attacks on Package …

200 papers

In recent years, various software supply chain (SSC) attacks have posed significant risks to the global community. Severe consequences may arise if developers integrate insecure code snippets that are vulnerable to SSC attacks into their…

Cryptography and Security · Computer Science 2025-09-25 Xiaofan Li , Xing Gao

Given programming languages can provide different types and levels of security support, it is critically important to consider security aspects while selecting programming languages for developing software systems. Inadequate consideration…

Software Engineering · Computer Science 2021-11-29 Roland Croft , Yongzheng Xie , Mansooreh Zahedi , M. Ali Babar , Christoph Treude

During software development, balancing security and non security issues is challenging. We focus on security awareness and approaches taken by non-security experts using software development issue trackers when considering security. We…

Software Engineering · Computer Science 2023-08-28 Léon McGregor , Manuel Maarek , Hans-Wolfgang Loidl

The NPM package repository contains over two million packages and serves tens of billions of downloads per-week. Nearly every single JavaScript application uses the NPM package manager to install packages from the NPM repository. NPM relies…

Software Engineering · Computer Science 2023-04-04 Donald Pinckney , Federico Cassano , Arjun Guha , Jonathan Bell

Open-source software (OSS) supply chain enlarges the attack surface, which makes package registries attractive targets for attacks. Recently, package registries NPM and PyPI have been flooded with malicious packages. The effectiveness of…

Cryptography and Security · Computer Science 2025-05-05 Junan Zhang , Kaifeng Huang , Yiheng Huang , Bihuan Chen , Ruisi Wang , Chong Wang , Xin Peng

Software containers are widely adopted for developing and deploying software applications. Despite their popularity, major security concerns arise during container development and deployment. Software Engineering (SE) research literature…

Software Engineering · Computer Science 2025-12-16 Maha Sroor , Teerath Das , Rahul Mohanani , Tommi Mikkonen

Context: Mining software repositories is a popular means to gain insights into a software project's evolution, monitor project health, support decisions and derive best practices. Tools supporting the mining process are commonly applied by…

Software Engineering · Computer Science 2025-11-13 Nicole Hoess , Carlos Paradis , Rick Kazman , Wolfgang Mauerer

LLM app stores have seen rapid growth, leading to the proliferation of numerous custom LLM apps. However, this expansion raises security concerns. In this study, we propose a three-layer concern framework to identify the potential security…

Cryptography and Security · Computer Science 2024-07-30 Xinyi Hou , Yanjie Zhao , Haoyu Wang

Code generation large language models (LLMs) are increasingly integrated into modern software development workflows. Recent work has shown that these models are vulnerable to backdoor and poisoning attacks that induce the generation of…

Cryptography and Security · Computer Science 2026-03-19 Shenao Yan , Shimaa Ahmed , Shan Jin , Sunpreet S. Arora , Yiwei Cai , Yizhen Wang , Yuan Hong

Package managers for software repositories based on a single programming language are very common. Examples include npm (JavaScript), and PyPI (Python). These tools encourage code reuse, making it trivial for developers to import external…

Software Engineering · Computer Science 2020-03-10 Matthew Taylor , Ruturaj K. Vaidya , Drew Davidson , Lorenzo De Carli , Vaibhav Rastogi

As large language models (LLMs) increasingly integrate native code interpreters, they enable powerful real-time execution capabilities, substantially expanding their utility. However, such integrations introduce potential system-level…

Cryptography and Security · Computer Science 2025-07-28 Gabriel Chua

Security of software supply chains is necessary to ensure that software updates do not contain maliciously injected code or introduce vulnerabilities that may compromise the integrity of critical infrastructure. Verifying the integrity of…

Software updates reduce the opportunity for exploitation. However, since updates can also introduce breaking changes, enterprises face the problem of balancing the need to secure software with updates with the need to support operations. We…

Cryptography and Security · Computer Science 2022-05-26 Giorgio Di Tizio , Michele Armellini , Fabio Massacci

Context:The extent of post-release use of software affects the number of faults, thus biasing quality metrics and adversely affecting associated decisions. The proprietary nature of usage data limited deeper exploration of this subject in…

Software Engineering · Computer Science 2020-02-25 Tapajit Dey , Audris Mockus

Reviewing source code from a security perspective has proven to be a difficult task. Indeed, previous research has shown that developers often miss even popular and easy-to-detect vulnerabilities during code review. Initial evidence…

Software Engineering · Computer Science 2022-02-15 Larissa Braz , Christian Aeberhard , Gül Çalikli , Alberto Bacchelli

Package managers such as NPM, Maven, and PyPI play a pivotal role in open-source software (OSS) ecosystems, streamlining the distribution and management of various freely available packages. The fine-grained details within software packages…

Software Engineering · Computer Science 2024-04-18 Xiaoyan Zhou , Feiran Liang , Zhaojie Xie , Yang Lan , Wenjia Niu , Jiqiang Liu , Haining Wang , Qiang Li

This paper examines software vulnerabilities in common Python packages used particularly for web development. The empirical dataset is based on the PyPI package repository and the so-called Safety DB used to track vulnerabilities in…

Software Engineering · Computer Science 2019-03-12 Jukka Ruohonen

Nowadays, the open-source software (OSS) ecosystem suffers from security threats of software supply chain (SSC) attacks. Interpreted OSS malware plays a vital role in SSC attacks, as criminals have an arsenal of attack vectors to deceive…

Cryptography and Security · Computer Science 2024-07-12 Ying Zhang , Xiaoyan Zhou , Hui Wen , Wenjia Niu , Jiqiang Liu , Haining Wang , Qiang Li

Advanced software supply chain (SSC) attacks are increasingly runtime-only and leave fragmented evidence across hosts, services, and build/dependency layers, so any single telemetry stream is inherently insufficient to reconstruct full…

Cryptography and Security · Computer Science 2026-03-18 Zhuoran Tan , Wenbo Guo , Taylor Brierley , Jiewen Luo , Jeremy Singer , Christos Anagnostopoulos

The Software Supply Chain (SSC) has captured considerable attention from attackers seeking to infiltrate systems and undermine organizations. There is evidence indicating that adversaries utilize Social Engineering (SocE) techniques…

‹ Prev 1 4 5 6 7 8 10 Next ›