English
Related papers

Related papers: Towards Measuring Supply Chain Attacks on Package …

200 papers

Attacks on software systems occur world-wide on a daily basis targeting individuals, corporations, and governments alike. The systems that facilitate maritime shipping are at risk of serious disruptions, and these disruptions can stem from…

Cryptography and Security · Computer Science 2020-06-23 Joseph O. Eichenhofer , Elisa Heymann , Barton P. Miller , Arnold Kang

The security of scripting languages such as PowerShell is critical given their powerful automation and administration capabilities, often exercised with elevated privileges. Today, securing these languages still demands substantial human…

Cryptography and Security · Computer Science 2026-01-13 Keyang Zhang , Zeyu Chen , Xuan Feng , Dongliang Fang , Yaowen Zheng , Zhi Li , Limin Sun

While providing economic and software development value, software supply chains are only as strong as their weakest link. Over the past several years, there has been an exponential increase in cyberattacks, specifically targeting vulnerable…

Cryptography and Security · Computer Science 2025-05-16 Imranur Rahman , Yasemin Acar , Michel Cukier , William Enck , Christian Kastner , Alexandros Kapravelos , Dominik Wermke , Laurie Williams

Static security analysis is a widely used technique for detecting software vulnerabilities across a wide range of weaknesses, application domains, and programming languages. While prior work surveyed static analyzes for specific weaknesses…

Cryptography and Security · Computer Science 2026-02-23 Kevin Hermann , Sven Peldszus , Thorsten Berger

Language Models (LLMs), such as transformer-based neural networks trained on billions of parameters, have become increasingly prevalent in software engineering (SE). These models, trained on extensive datasets that include code…

Software Engineering · Computer Science 2025-02-18 Daniel Rodriguez-Cardenas , Alejandro Velasco , Denys Poshyvanyk

Code large language models (CodeLLMs) and agents are increasingly being integrated into complex software engineering tasks spanning the entire Software Development Life Cycle (SDLC). Benchmarking is critical for rigorously evaluating these…

Software Engineering · Computer Science 2026-03-09 Kaixin Wang , Tianlin Li , Xiaoyu Zhang , Chong Wang , Weisong Sun , Yang Liu , Aishan Liu , Xianglong Liu , Chao Shen , Bin Shi

Modern software relies on a multitude of automated testing and quality assurance tools to prevent errors, bugs and potential vulnerabilities. This study sets out to provide a head-to-head, quantitative and qualitative evaluation of six…

Software Engineering · Computer Science 2025-08-07 Damian Gnieciak , Tomasz Szandala

Large Language Models (LLMs) have demonstrated potential in cybersecurity applications but have also caused lower confidence due to problems like hallucinations and a lack of truthfulness. Existing benchmarks provide general evaluations but…

Many industrial software development processes today have to comply with security standards such as the IEC~62443-4-1. These standards, written in natural language, are ambiguous and complex to understand. This is especially true for…

Software Engineering · Computer Science 2021-05-31 Fabiola Moyón , Daniel Méndez , Kristian Beckers , Sebastian Klepper

The software ecosystem is a trust-rich part of the world. Collaboratively, software engineers trust major hubs in the ecosystem, such as package managers, repository services, and programming language ecosystems. This trust, however, is…

Software Engineering · Computer Science 2021-01-18 Floris Jansen , Slinger Jansen , Fang Hou

Knowing what sensitive resources a dependency could potentially access would help developers assess the risk of a dependency before selection. One way to get an understanding of the potential sensitive resource usage by a dependency is…

Cryptography and Security · Computer Science 2025-03-19 Imranur Rahman , Ranidya Paramitha , Henrik Plate , Dominik Wermke , Laurie Williams

With the growing popularity of modularity in software development comes the rise of package managers and language ecosystems. Among them, npm stands out as the most extensive package manager, hosting more than 2 million third-party…

Cryptography and Security · Computer Science 2024-03-14 Cheng Huang , Nannan Wang , Ziyan Wang , Siqi Sun , Lingzi Li , Junren Chen , Qianchong Zhao , Jiaxuan Han , Zhen Yang , Lei Shi

Open-Source Projects and Libraries are being used in software development while also bearing multiple security vulnerabilities. This use of third party ecosystem creates a new kind of attack surface for a product in development. An…

Software Engineering · Computer Science 2018-08-15 Lorenzo Neil , Sudip Mittal , Anupam Joshi

Practitioners often struggle with the overwhelming number of security practices outlined in cybersecurity frameworks for risk mitigation. Given the limited budget, time, and resources, practitioners want to prioritize the adoption of…

Software Engineering · Computer Science 2025-08-05 Nusrat Zahan , Imranur Rahman , Laurie Williams

The rise of supply chain attacks via malicious Python packages demands robust detection solutions. Current approaches, however, overlook two critical challenges: robustness against adversarial source code transformations and adaptability to…

Cryptography and Security · Computer Science 2025-12-05 Biagio Montaruli , Luca Compagna , Serena Elisa Ponta , Davide Balzarotti

Code reuse is an important part of software development. The adoption of code reuse practices is especially common among Node.js developers. The Node.js package manager, NPM, indexes over 1 Million packages and developers often seek out…

Software Engineering · Computer Science 2023-01-03 Brittany Reid , Marcelo d`Amorim , Markus Wagner , Christoph Treude

The increasing adoption of Large Language Models (LLMs) in software engineering has sparked interest in their use for software vulnerability detection. However, the rapid development of this field has resulted in a fragmented research…

Software Engineering · Computer Science 2025-12-22 Sabrina Kaniewski , Fabian Schmidt , Markus Enzweiler , Michael Menth , Tobias Heer

To avoid software vulnerabilities, organizations are shifting security to earlier stages of the software development, such as at code review time. In this paper, we aim to understand the developers' perspective on assessing software…

Software Engineering · Computer Science 2022-08-09 Larissa Braz , Alberto Bacchelli

The exponential growth of open-source package ecosystems, particularly NPM and PyPI, has led to an alarming increase in software supply chain poisoning attacks. Existing static analysis methods struggle with high false positive rates and…

Cryptography and Security · Computer Science 2024-09-17 Xinyi Zheng , Chen Wei , Shenao Wang , Yanjie Zhao , Peiming Gao , Yuanchao Zhang , Kailong Wang , Haoyu Wang

Testing plays a crucial role in the software development cycle, enabling the detection of bugs, vulnerabilities, and other undesirable behaviors. To perform software testing, testers need to write code snippets that execute the program…

Software Engineering · Computer Science 2025-02-04 Wenhan Wang , Chenyuan Yang , Zhijie Wang , Yuheng Huang , Zhaoyang Chu , Da Song , Lingming Zhang , An Ran Chen , Lei Ma