Reusing deep learning models: Challenges and directions in software engineering
Deep neural networks (DNNs) achieve state-of-the-art performance in many areas, including
computer vision, system configuration, and question-answering. However, DNNs are …
computer vision, system configuration, and question-answering. However, DNNs are …
Sok: Taxonomy of attacks on open-source software supply chains
The widespread dependency on open-source software makes it a fruitful target for malicious
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …
Sigstore: Software signing for everybody
Software supply chain compromises are on the rise. From the effects of XCodeGhost to
SolarWinds, hackers have identified that targeting weak points in the supply chain allows …
SolarWinds, hackers have identified that targeting weak points in the supply chain allows …
Signing in four public software package registries: Quantity, quality, and influencing factors
TR Schorlemmer, KG Kalu, L Chigges… - … IEEE Symposium on …, 2024 - ieeexplore.ieee.org
Many software applications incorporate open-source third-party packages distributed by
public package registries. Guaranteeing authorship along this supply chain is a challenge …
public package registries. Guaranteeing authorship along this supply chain is a challenge …
Lastpymile: identifying the discrepancy between sources and packages
Open source packages have source code available on repositories for inspection (eg on
GitHub) but developers use pre-built packages directly from the package repositories (such …
GitHub) but developers use pre-built packages directly from the package repositories (such …
Software supply chain: review of attacks, risk assessment strategies and security controls
The software product is a source of cyber-attacks that target organizations by using their
software supply chain as a distribution vector. As the reliance of software projects on open …
software supply chain as a distribution vector. As the reliance of software projects on open …
Taxonomy of attacks on open-source software supply chains
The widespread dependency on open-source software makes it a fruitful target for malicious
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …
Sok: Analysis of software supply chain security by establishing secure design properties
This paper systematizes knowledge about secure software supply chain patterns. It identifies
four stages of a software supply chain attack and proposes three security properties crucial …
four stages of a software supply chain attack and proposes three security properties crucial …
Does using Bazel help speed up continuous integration builds?
A long continuous integration (CI) build forces developers to wait for CI feedback before
starting subsequent development activities, leading to time wasted. In addition to a variety of …
starting subsequent development activities, leading to time wasted. In addition to a variety of …
It's like flossing your teeth: On the importance and challenges of reproducible builds for software supply chain security
The 2020 Solarwinds attack was a tipping point that caused a heightened awareness about
the security of the software supply chain and in particular the large amount of trust placed in …
the security of the software supply chain and in particular the large amount of trust placed in …