English
Related papers

Related papers: OmniBOR: A System for Automatic, Verifiable Artifa…

200 papers

Software Bill of Materials (SBOMs) are increasingly regarded as essential tools for securing software supply chains (SSCs), yet their real-world use and adoption barriers remain poorly understood. This systematic literature review…

Software Engineering · Computer Science 2025-06-06 Eric O'Donoghue , Yvette Hastings , Ernesto Ortiz , A. Redempta Manzi Muneza

Software ecosystems like Maven Central play a crucial role in modern software supply chains by providing repositories for libraries and build plugins. However, the separation between binaries and their corresponding source code in Maven…

Cryptography and Security · Computer Science 2025-09-11 Behnaz Hassanshahi , Trong Nhan Mai , Benjamin Selwyn Smith , Nicholas Allen

Software Bills of Material (SBOMs) are becoming a consolidated, often enforced by governmental regulations, way to describe software composition. However, based on recent studies, SBOMs suffer from limited support for their consumption and…

Software Engineering · Computer Science 2025-05-29 Davide Fucci , Massimiliano Di Penta , Simone Romano , Giuseppe Scanniello

A Software Bill of Materials (SBoM) is a detailed inventory of all components, libraries, and modules in a software artifact, providing traceability throughout the software supply chain. With the increasing popularity of JavaScript in…

Software Engineering · Computer Science 2024-08-30 Leo Song , Steven H. H. Ding , Yuan Tian , Li Tao Li , Philippe Charland , Andrew Walenstein

In this paper we present attestable builds, a new paradigm to provide strong source-to-binary correspondence in software artifacts. We tackle the challenge of opaque build pipelines that disconnect the trust between source code, which can…

Cryptography and Security · Computer Science 2025-10-27 Daniel Hugenroth , Mario Lins , René Mayrhofer , Alastair Beresford

Inaccuracies in conventional dependency-tracking methods frequently undermine the security and integrity of modern software supply chains. This paper introduces a kernel-level framework leveraging extended Berkeley Packet Filter (eBPF) to…

Cryptography and Security · Computer Science 2025-03-05 Naveen Srinivasan , Nathan Naveen , Neil Naveen

In the era of advanced artificial intelligence, highlighted by large-scale generative models like GPT-4, ensuring the traceability, verifiability, and reproducibility of datasets throughout their lifecycle is paramount for research…

Software Engineering · Computer Science 2024-08-19 Yue Liu , Dawen Zhang , Boming Xia , Julia Anticev , Tunde Adebayo , Zhenchang Xing , Moses Machao

Software architecture often consists of interconnected components dispersed across source code and other development artifacts, making visualization difficult without costly additional documentation. Although some tools can automatically…

Software Engineering · Computer Science 2024-07-26 Filipe F. Correia , Ricardo Ferreira , Paulo G. G Queiroz , Henrique Nunes , Matilde Barra , Duarte Figueiredo

Software bills of materials (SBOM) promise to become the backbone of software supply chain hardening. We deep-dive into 6 tools and the accuracy of the SBOMs they produce for complex open-source Java projects. Our novel insights reveal some…

Software supply chain attacks have become a significant threat as software development increasingly relies on contributions from multiple, often unverified sources. The code from unverified sources does not pose a threat until it is…

Cryptography and Security · Computer Science 2024-07-02 Aman Sharma , Martin Wittlinger , Benoit Baudry , Martin Monperrus

A Software Bill of Materials (SBOM) is becoming an increasingly important tool in regulatory and technical spaces to introduce more transparency and security into a project's software supply chain. Artificial intelligence (AI) projects face…

Software Engineering · Computer Science 2026-01-30 Karen Bennet , Gopi Krishnan Rajbahadur , Arthit Suriyawongkul , Kate Stewart

A software supply chain attack is characterized by the injection of malicious code into a software package in order to compromise dependent systems further down the chain. Recent years saw a number of supply chain attacks that leverage the…

Cryptography and Security · Computer Science 2020-05-20 Marc Ohm , Henrik Plate , Arnold Sykosch , Michael Meier

Software Bills of Material (SBOMs), which improve transparency by listing the components constituting software, are a key countermeasure to the mounting problem of Software Supply Chain attacks. SBOM generation tools take project source…

Cryptography and Security · Computer Science 2024-09-04 Serena Cofano , Giacomo Benedetti , Matteo Dell'Amico

Throughout computer history, it has been repeatedly demonstrated that critical software vulnerabilities can significantly affect the components involved. In the Free/Libre and Open Source Software (FLOSS) ecosystem, most software is…

Software Engineering · Computer Science 2025-02-13 Stefan Tatschner , Michael P. Heinl , Nicole Pappler , Tobias Specht , Sven Plaga , Thomas Newe

Software Bill of Materials (SBOM) provides new opportunities for automated vulnerability identification in software products. While the industry is adopting SBOM-based Vulnerability Scanning (SVS) to identify vulnerabilities, we…

Software Engineering · Computer Science 2025-12-22 Martin Rosso , Muhammad Asad Jahangir Jaffar , Alessandro Brighente , Mauro Conti

Build verifiability refers to the property that the build of a software system can be verified by independent third parties and it is crucial for the trustworthiness of a software system. Various efforts towards build verifiability have…

Software Engineering · Computer Science 2022-02-15 Jiawen Xiong , Yong Shi , Boyuan Chen , Filipe R. Cogo , Zhen Ming , Jiang

Modern digital ecosystems, spanning software, hardware, learning models, datasets, and cryptographic products, continue to grow in complexity, making it difficult for organizations to understand and manage component dependencies. Bills of…

Cryptography and Security · Computer Science 2026-01-21 Shuai Zhang , Minzhao Lyu , Hassan Habibi Gharakheili

The proliferation of Internet of Things (IoT) devices has introduced significant security challenges, primarily due to the opacity of firmware components and the complexity of supply chain dependencies. IoT firmware frequently relies on…

Cryptography and Security · Computer Science 2026-01-06 Abdurrahman Tolay

Modern software engineering increasingly relies on open, community-driven standards, yet how such standards are created in fast-evolving domains like AI-powered systems remains underexplored. This paper presents a detailed experience report…

A Bill of Materials (BoM) is a list of all components on a printed circuit board (PCB). Since BoMs are useful for hardware assurance, automatic BoM extraction (AutoBoM) is of great interest to the government and electronics industry. To…

Image and Video Processing · Electrical Eng. & Systems 2023-07-26 Olivia P. Dizon-Paradis , Daniel E. Capecci , Nathan T. Jessurun , Damon L. Woodard , Mark M. Tehranipoor , Navid Asadizanjani