English
Related papers

Related papers: GoSurf: Identifying Software Supply Chain Attack V…

200 papers

Vulnerability Discovery with attack Injection security threats are increasing for the server software, when software is developed, the software tested for the functionality. Due to unawareness of software vulnerabilities most of the…

Networking and Internet Architecture · Computer Science 2014-02-12 G. Vijay Kumar , Ravikumar S. Raykundaliya , Dr. P. Naga Prasad

Cyberattacks are becoming increasingly frequent and sophisticated, often exploiting the software supply chain (SSC) as an attack vector. Attack graphs provide a detailed representation of the sequence of events and vulnerabilities that…

Cryptography and Security · Computer Science 2025-11-17 Luıs Soeiro , Thomas Robert , Stefano Zacchiroli

Empirical studies of research software are hard to compare because the literature operationalizes ``research software'' inconsistently. Motivated by the research software supply chain (RSSC) and its security risks, we introduce an…

Software Engineering · Computer Science 2026-04-15 Kelechi G. Kalu , Soham Rattan , Taylor R. Schorlemmer , George K. Thiruvathukal , Jeffrey C. Carver , James C. Davis

The rapid growth of Artificial Intelligence (AI) models and applications has led to an increasingly complex security landscape. Developers of AI projects must contend not only with traditional software supply chain issues but also with…

Software Engineering · Computer Science 2026-01-12 The Anh Nguyen , Triet Huynh Minh Le , M. Ali Babar

Reusing software libraries is a pillar of modern software engineering. In 2022, the average Java application depends on 40 third-party libraries. Relying on such libraries exposes a project to potential vulnerabilities and may put an…

Software Engineering · Computer Science 2023-01-20 Amir M. Mir , Mehdi Keshani , Sebastian Proksch

AI systems rest on software with low integrity mechanisms, leaving AI systems exposed across every stage from data acquisition to final inference. This paper makes the AI supply chain a first-class object of analysis, decomposing it across…

Software Engineering · Computer Science 2026-05-01 Carmine Cesarano , Martin Monperrus

Modern software systems rely on dependency networks of reusable libraries, where breaking changes propagate and cause downstream consumers to fail. Despite growing research across ecosystems, no comprehensive synthesis exists. We conduct a…

Software Engineering · Computer Science 2026-05-26 Juntao Chen , Tingting Bi , Yanlin Wang , Patanamon Thongtanunam

The Go programming language has gained significant traction for developing software, especially in various infrastructure systems. Nonetheless, concurrency bugs have become a prevalent issue within Go, presenting a unique challenge due to…

Software Engineering · Computer Science 2024-12-12 Foivos Tsimpourlas , Chao Peng , Carlos Rosuero , Ping Yang , Ajitha Rajan

This paper describes a successful attempt to combine two relatively new technologies: Stream Control Transmission Protocol (SCTP) and the programming language Go, achieved by extending the existing Go network library with SCTP. SCTP is a…

Networking and Internet Architecture · Computer Science 2017-11-21 Olivier Van Acker

The popularity of JavaScript has lead to a large ecosystem of third-party packages available via the npm software package registry. The open nature of npm has boosted its growth, providing over 800,000 free and reusable software packages.…

Cryptography and Security · Computer Science 2019-06-10 Markus Zimmermann , Cristian-Alexandru Staicu , Cam Tenny , Michael Pradel

Open Source Software (OSS) security and resilience are worldwide phenomena hampering economic and technological innovation. OSS vulnerabilities can cause unauthorized access, data breaches, network disruptions, and privacy violations,…

Software Engineering · Computer Science 2024-01-17 Nafis Tanveer Islam , Gonzalo De La Torre Parra , Dylan Manual , Murtuza Jadliwala , Peyman Najafirad

Software supply-chain attacks are an important and ongoing concern in the open source software ecosystem. These attacks maintain the standard functionality that a component implements, but additionally hide malicious functionality activated…

Cryptography and Security · Computer Science 2025-12-17 Evangelos Lamprou , Julian Dai , Grigoris Ntousakis , Martin C. Rinard , Nikos Vasilakis

The utilization of third-party open-source libraries is widespread in modern software development. Due to the dependency relationships, vulnerabilities within open-source libraries pose significant security threats to downstream software.…

Software Engineering · Computer Science 2026-05-07 Liyou Chen , Hailong Sun , Xiang Gao , Lin Shi , Yixin Yang , Yi Xu

As blockchain technology continues to evolve, the security of smart contracts has increasingly drawn attention from both academia and industry. The Move language, with its unique resource model and linear type system, provides a solid…

Cryptography and Security · Computer Science 2026-02-03 Yuhe Luo , Zhongwen Li , Xiaoqi Li

Despite its obvious benefits, the increased adoption of package managers to automate the reuse of libraries has opened the door to a new class of hazards: supply chain attacks. By injecting malicious code in one library, an attacker may…

Software Engineering · Computer Science 2021-11-08 Nicolas Harrand , Thomas Durieux , David Broman , Benoit Baudry

Traceability systems have become prevalent in supply chains because of the rapid development of RFID and IoT technologies. These systems facilitate product recall and mitigate problems such as counterfeiting, tampering, and theft by…

Cryptography and Security · Computer Science 2026-01-15 Fokke Heikamp , Lei Pan , Robin Doss , Rolando Trujillo-Rasua , Sushmita Ruj

Nearly every popular programming language comes with one or more package managers. The software packages distributed by such package managers form large software ecosystems. These packaging ecosystems contain a large number of package…

Software Engineering · Computer Science 2017-10-16 Alexandre Decan , Tom Mens , Philippe Grosjean

Developers often build software on top of third-party libraries (Libs) to improve productivity, but these libraries may contain vulnerabilities that enable supply chain attacks. Existing tools detect vulnerable dependencies, yet developers…

Cryptography and Security · Computer Science 2026-03-31 Ying Zhang , Wenjia Song , Zhengjie Ji , Danfeng , Yao , Na Meng

Agentic systems based on large language models (LLMs) operate not merely as text generators but as autonomous entities that dynamically retrieve information and invoke tools. This execution model shifts the attack surface from traditional…

Cryptography and Security · Computer Science 2026-04-21 Xiaochong Jiang , Shiqi Yang , Wenting Yang , Yichen Liu , Cheng Ji

Large Language Models (LLMs) transform artificial intelligence, driving advancements in natural language understanding, text generation, and autonomous systems. The increasing complexity of their development and deployment introduces…

Cryptography and Security · Computer Science 2025-02-19 Shenao Wang , Yanjie Zhao , Zhao Liu , Quanchen Zou , Haoyu Wang
‹ Prev 1 3 4 5 6 7 10 Next ›