Related papers: Enterprise-Driven Open Source Software: A Case Stu…
Many software products are composed of components integrated from other teams or external parties. Each additional link in a software product's supply chain increases the risk of the injection of malicious behavior. To improve supply chain…
Purpose: Continuous Software Engineering (CSE) promises improved efficiency, quality, and responsiveness in software-intensive organizations. However, fully adopting CSE is often constrained by complex products, legacy systems,…
It's long been accepted that continuous integration (CI) in software engineering increases the code quality of enterprise projects when adhered to by it's practitioners. But is any of that effort to increase code quality and velocity…
Open-source software (OSS) dependencies introduce systemic risks that are difficult to manage at scale. Existing Software Composition Analysis (SCA) and reachability tools generate severe alert fatigue by treating risk as an intrinsic…
The continuous integration and continuous deployment (CI/CD) pipelines are widely adopted on Internet hosting platforms, such as GitHub. With the popularity, the CI/CD pipeline faces various security threats. However, current CI/CD…
Security remains a critical challenge in modern web applications, where threats such as unauthorized access, data breaches, and injection attacks continue to undermine trust and reliability. Traditional Object-Oriented Programming (OOP)…
The Open Source Software movement has been growing exponentially for a number of years with no signs of slowing. Driving this growth is the widespread availability of libraries and frameworks that provide many functionalities. Developers…
Current Continuous Integration processes face significant intrinsic cybersecurity challenges. The idea is not only to solve and test formal or regulatory security requirements of source code but also to adhere to the same principles to the…
Nowadays, the use of agile software development methods like Scrum is common in industry and academia. Considering the current attacking landscape, it is clear that developing secure software should be a main concern in all software…
Software supply chain attacks have increased exponentially since 2020. The primary attack vectors for supply chain attacks are through: (1) software components; (2) the build infrastructure; and (3) humans (a.k.a software practitioners).…
Open-source software (OSS) supply chain security has become a topic of concern for organizations. Patching an OSS vulnerability can require updating other dependent software products in addition to the original package. However, the…
Context: DevOps has become one of the fastest-growing software development paradigms in the industry. However, this trend has presented the challenge of ensuring secure software delivery while maintaining the agility of DevOps. The efforts…
Safety assurance is a paramount factor in the large-scale deployment of various autonomous systems (e.g., self-driving vehicles). However, the execution of safety engineering practices and processes have been challenged by an increasing…
Traditionally, promoted by the internet companies, continuous delivery is more and more appealing to industries which develop systems with safety-critical functions. Since safety-critical systems must meet regulatory requirements and…
Integrating third-party software components is a common practice in modern software development, offering significant advantages in terms of efficiency and innovation. However, this practice is fraught with risks related to software…
The adoption of DevOps practices in embedded systems and firmware development is emerging as a response to the growing complexity of modern hardware--software co-designed products. Unlike cloud-native applications, embedded systems…
In recent years, there has been a growing concern with software integrity, that is, the assurance that software has not been tampered with on the path between developers and users. This path is represented by a software development pipeline…
Open-source software (OSS) is a critical component of modern software systems, yet supply chain security remains challenging in practice due to unavailable or obfuscated source code. Consequently, security teams often rely on runtime…
Background: Open Source Software (OSS) is often seen as an option to mitigate risks of lock-ins. Yet, single-vendor OSS can still result in soft lock-ins due to knowledge asymmetries and technical barriers. Aim: This study explores actors…
Software development industries are increasingly adopting containers to enhance the scalability and flexibility of software applications. Security in containerized projects is a critical challenge that can lead to data breaches and…