English
Related papers

Related papers: VeriSBOM: Secure and Verifiable SBOM Sharing Via Z…

200 papers

Artificial Intelligence (AI) systems are increasingly dependent on complex, multi-layered software supply chains that introduce challenges for reproducibility, transparency, and security assurance. This study presents an Artificial…

Software Engineering · Computer Science 2026-05-20 Petar Radanliev , Omar Santos , Carsten Maple , Kay Atefi

Ensuring the security of software supply chains requires reliable identification of upstream dependencies. We present the Automatic Bill of Materials, or ABOM, a technique for embedding dependency metadata in binaries at compile time.…

Cryptography and Security · Computer Science 2023-10-17 Nicholas Boucher , Ross Anderson

A Software Bill of Materials (SBOM) is becoming an increasingly important tool in regulatory and technical spaces to introduce more transparency and security into a project's software supply chain. Artificial intelligence (AI) projects face…

Software Engineering · Computer Science 2026-01-30 Karen Bennet , Gopi Krishnan Rajbahadur , Arthit Suriyawongkul , Kate Stewart

Software Bills of Materials (SBOMs) are essential to ensure the transparency and integrity of the software supply chain. There is a growing body of work that investigates the accuracy of SBOM generation tools and the challenges for…

Software Engineering · Computer Science 2025-11-18 Yogya Gamage , Nadia Gonzalez Fernandez , Martin Monperrus , Benoit Baudry

Software Bills of Material (SBOMs), which improve transparency by listing the components constituting software, are a key countermeasure to the mounting problem of Software Supply Chain attacks. SBOM generation tools take project source…

Cryptography and Security · Computer Science 2024-09-04 Serena Cofano , Giacomo Benedetti , Matteo Dell'Amico

Developers gain productivity by reusing readily available Free and Open Source Software (FOSS) components. Such practices also bring some difficulties, such as managing licensing, components and related security. One approach to handle…

Software Engineering · Computer Science 2025-03-20 Luıs Soeiro , Thomas Robert , Stefano Zacchiroli

The software bill of materials (SBOM) concept aims to include more information about a software build such as copyrights, dependencies and security references. But SBOM lacks visibility into the process for building a package. Efforts such…

Software Engineering · Computer Science 2023-09-01 Dennis Volpano , Drew Malzahn , Andrew Pareles , Mark Thober

Software bills of materials (SBOM) promise to become the backbone of software supply chain hardening. We deep-dive into 6 tools and the accuracy of the SBOMs they produce for complex open-source Java projects. Our novel insights reveal some…

Software Bills of Materials (SBOMs) have emerged as tools to facilitate the management of software dependencies, vulnerabilities, licenses, and the supply chain. While significant effort has been devoted to increasing SBOM awareness and…

Software Engineering · Computer Science 2024-11-27 Trevor Stalnaker , Nathan Wintersgill , Oscar Chaparro , Massimiliano Di Penta , Daniel M German , Denys Poshyvanyk

Verifying that a compiled binary originates from its claimed source code is a fundamental security requirement, called source code provenance. Achieving verifiable source code provenance in practice remains challenging. The most popular…

Software Engineering · Computer Science 2026-02-13 Javier Ron , Martin Monperrus

The rapid adoption of complex AI systems has outpaced the development of tools to ensure their transparency, security, and regulatory compliance. In this paper, the AI Bill of Materials (AIBOM), an extension of the Software Bill of…

Software Engineering · Computer Science 2026-01-12 Wiebe Vandendriessche , Jordi Thijsman , Laurens D'hooge , Bruno Volckaert , Merlijn Sebrechts

Most of the current software security analysis tools assess vulnerabilities in isolation. However, sophisticated software supply chain security threats often stem from cascaded vulnerability and security weakness chains that span dependent…

Software Engineering · Computer Science 2026-01-29 Laura Baird , Armin Moin

In the era of advanced artificial intelligence, highlighted by large-scale generative models like GPT-4, ensuring the traceability, verifiability, and reproducibility of datasets throughout their lifecycle is paramount for research…

Software Engineering · Computer Science 2024-08-19 Yue Liu , Dawen Zhang , Boming Xia , Julia Anticev , Tunde Adebayo , Zhenchang Xing , Moses Machao

Current software development takes advantage of many external libraries, but it entails security and copyright risks. While the use of the Software Bill of Materials (SBOM) has been encouraged to cope with this problem, its adoption is…

Software Engineering · Computer Science 2025-02-07 Wataru Otoda , Tetsuya Kanda , Yuki Manabe , Katsuro Inoue , Yoshiki Higo

Software supply chain security compromises often stem from cascaded interactions of vulnerabilities, for example, between multiple vulnerable components. Yet, Software Bill of Materials (SBOM)-based pipelines for security analysis typically…

Software Engineering · Computer Science 2026-04-08 Laura Baird , Armin Moin

Modern software engineering increasingly relies on open, community-driven standards, yet how such standards are created in fast-evolving domains like AI-powered systems remains underexplored. This paper presents a detailed experience report…

Software supply chain attacks, which exploit the build process or artifacts used in the process of building a software product, are increasingly of concern. To combat these attacks, one must be able to check that every artifact that a…

Software Engineering · Computer Science 2024-02-15 Bharathi Seshadri , Yongkui Han , Chris Olson , David Pollak , Vojislav Tomasevic

Large language models are often adapted through parameter efficient fine tuning, but current release practices provide weak assurances about what data were used and how updates were computed. We present Verifiable Fine Tuning, a protocol…

Cryptography and Security · Computer Science 2025-12-30 Hasan Akgul , Daniel Borg , Arta Berisha , Amina Rahimova , Andrej Novak , Mila Petrov

Throughout computer history, it has been repeatedly demonstrated that critical software vulnerabilities can significantly affect the components involved. In the Free/Libre and Open Source Software (FLOSS) ecosystem, most software is…

Software Engineering · Computer Science 2025-02-13 Stefan Tatschner , Michael P. Heinl , Nicole Pappler , Tobias Specht , Sven Plaga , Thomas Newe

The proliferation of Internet of Things (IoT) devices has introduced significant security challenges, primarily due to the opacity of firmware components and the complexity of supply chain dependencies. IoT firmware frequently relies on…

Cryptography and Security · Computer Science 2026-01-06 Abdurrahman Tolay