English
Related papers

Related papers: SBOM.EXE: Countering Dynamic Code Injection based …

200 papers

The software supply chain is an increasingly common attack vector for malicious actors. The Node.js ecosystem has been subject to a wide array of attacks, likely due to its size and prevalence. To counter such attacks, the research…

Cryptography and Security · Computer Science 2025-09-03 Eric Cornelissen , Musard Balliu

The SolarWinds attack, which exploited weaknesses in a software update mechanism, highlights the critical need for organizations to have better visibility into their software dependencies and potential vulnerabilities associated with them.…

Cryptography and Security · Computer Science 2025-04-23 Can Ozkan , Xinhai Zou , Dave Singelee

The Software Bill of Materials (SBOM) is a critical tool for securing the software supply chain (SSC), but its practical utility is undermined by inaccuracies in both its generation and its application in vulnerability scanning. This paper…

Cryptography and Security · Computer Science 2026-04-20 Li Zhou , Marc Dacier , Charalambos Konstantinou

Software bills of materials (SBOM) promise to become the backbone of software supply chain hardening. We deep-dive into 6 tools and the accuracy of the SBOMs they produce for complex open-source Java projects. Our novel insights reveal some…

Open-source software supply chain attacks aim at infecting downstream users by poisoning open-source packages. The common way of consuming such artifacts is through package repositories and the development of vetting strategies to detect…

Cryptography and Security · Computer Science 2022-10-11 Piergiorgio Ladisa , Henrik Plate , Matias Martinez , Olivier Barais , Serena Elisa Ponta

Modern software applications heavily rely on diverse third-party components, libraries, and frameworks sourced from various vendors and open source repositories, presenting a complex challenge for securing the software supply chain. To…

Supply chain security is extremely important for modern applications running at scale in the cloud. In fact, they involve a large number of heterogeneous microservices that also include third-party software. As a result, security…

Cryptography and Security · Computer Science 2025-10-08 Jacopo Bufalino , Mario Di Francesco , Agathe Blaise , Stefano Secci

The Software Bill of Materials (SBOM) has emerged as a promising solution, providing a machine-readable inventory of software components used, thus bolstering supply chain security. This paper presents an extensive study concerning the…

Software Engineering · Computer Science 2023-08-31 Tingting Bi , Boming Xia , Zhenchang Xing , Qinghua Lu , Liming Zhu

The rapid growth of software supply chain attacks has attracted considerable attention to software bill of materials (SBOM). SBOMs are a crucial building block to ensure the transparency of software supply chains that helps improve software…

Software Engineering · Computer Science 2023-02-08 Boming Xia , Tingting Bi , Zhenchang Xing , Qinghua Lu , Liming Zhu

Software Bill of Materials (SBOMs) are increasingly regarded as essential tools for securing software supply chains (SSCs), yet their real-world use and adoption barriers remain poorly understood. This systematic literature review…

Software Engineering · Computer Science 2025-06-06 Eric O'Donoghue , Yvette Hastings , Ernesto Ortiz , A. Redempta Manzi Muneza

Software supply chain security compromises often stem from cascaded interactions of vulnerabilities, for example, between multiple vulnerable components. Yet, Software Bill of Materials (SBOM)-based pipelines for security analysis typically…

Software Engineering · Computer Science 2026-04-08 Laura Baird , Armin Moin

A Software Bill of Materials (SBoM) is a detailed inventory of all components, libraries, and modules in a software artifact, providing traceability throughout the software supply chain. With the increasing popularity of JavaScript in…

Software Engineering · Computer Science 2024-08-30 Leo Song , Steven H. H. Ding , Yuan Tian , Li Tao Li , Philippe Charland , Andrew Walenstein

Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing fatal damage to businesses and organizations. Past well-known examples of software supply chain attacks are the…

Cryptography and Security · Computer Science 2023-08-01 Trevor Dunlap , Yasemin Acar , Michel Cucker , William Enck , Alexandros Kapravelos , Christian Kastner , Laurie Williams

Maliciously prepared software packages are an extensively leveraged weapon for software supply chain attacks. The detection of malicious packages is undoubtedly of high priority and many academic and commercial approaches have been…

Cryptography and Security · Computer Science 2025-05-13 Marc Ohm , Timo Pohl , Felix Boes

Most of the current software security analysis tools assess vulnerabilities in isolation. However, sophisticated software supply chain security threats often stem from cascaded vulnerability and security weakness chains that span dependent…

Software Engineering · Computer Science 2026-01-29 Laura Baird , Armin Moin

Software Bills of Material (SBOMs), which improve transparency by listing the components constituting software, are a key countermeasure to the mounting problem of Software Supply Chain attacks. SBOM generation tools take project source…

Cryptography and Security · Computer Science 2024-09-04 Serena Cofano , Giacomo Benedetti , Matteo Dell'Amico

The robustness of critical infrastructure systems is contingent upon the integrity and transparency of their software supply chains. A Software Bill of Materials (SBOM) is pivotal in this regard, offering an exhaustive inventory of…

Software Engineering · Computer Science 2024-01-19 Boming Xia , Dawen Zhang , Yue Liu , Qinghua Lu , Zhenchang Xing , Liming Zhu

A Software Bill of Materials (SBOM) is becoming an essential tool for effective software dependency management. An SBOM is a list of components used in software, including details such as component names, versions, and licenses. Using…

Software Engineering · Computer Science 2025-04-10 Rio Kishimoto , Tetsuya Kanda , Yuki Manabe , Katsuro Inoue , Shi Qiu , Yoshiki Higo

Cyber attacks leveraging or targeting the software supply chain, such as the SolarWinds and the Log4j incidents, affected thousands of businesses and their customers, drawing attention from both industry and government stakeholders. To…

Cryptography and Security · Computer Science 2024-08-30 Nusrat Zahan , Yasemin Acar , Michel Cukier , William Enck , Christian Kästner , Alexandros Kapravelos , Dominik Wermke , Laurie Williams

Modern software supply chains face an increasing threat from malicious code hidden in trusted components such as browser extensions, IDE extensions, and open-source packages. This paper introduces JavaSith, a novel client-side framework for…

Cryptography and Security · Computer Science 2025-05-28 Avihay Cohen
‹ Prev 1 2 3 10 Next ›