Large language model supply chain: A research agenda
The rapid advancement of large language models (LLMs) has revolutionized artificial
intelligence, introducing unprecedented capabilities in natural language processing and …
intelligence, introducing unprecedented capabilities in natural language processing and …
Sok: Taxonomy of attacks on open-source software supply chains
The widespread dependency on open-source software makes it a fruitful target for malicious
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …
Blind backdoors in deep learning models
E Bagdasaryan, V Shmatikov - 30th USENIX Security Symposium …, 2021 - usenix.org
We investigate a new method for injecting backdoors into machine learning models, based
on compromising the loss-value computation in the model-training code. We use it to …
on compromising the loss-value computation in the model-training code. We use it to …
What are weak links in the npm supply chain?
N Zahan, T Zimmermann, P Godefroid… - Proceedings of the 44th …, 2022 - dl.acm.org
Modern software development frequently uses third-party packages, raising the concern of
supply chain security attacks. Many attackers target popular package managers, like npm …
supply chain security attacks. Many attackers target popular package managers, like npm …
A systematic literature review on trust in the software ecosystem
The worldwide software ecosystem is a trust-rich part of the world. Throughout the software
life cycle, software engineers, end-users, and other stakeholders collaboratively place their …
life cycle, software engineers, end-users, and other stakeholders collaboratively place their …
Practical automated detection of malicious npm packages
The npm registry is one of the pillars of the JavaScript and Type-Script ecosystems, hosting
over 1.7 million packages ranging from simple utility libraries to complex frameworks and …
over 1.7 million packages ranging from simple utility libraries to complex frameworks and …
Silent spring: Prototype pollution leads to remote code execution in Node. js
Prototype pollution is a dangerous vulnerability affecting prototype-based languages like
JavaScript and the Node. js platform. It refers to the ability of an attacker to inject properties …
JavaScript and the Node. js platform. It refers to the ability of an attacker to inject properties …
The evolution of ransomware attacks in light of recent cyber threats. How can geopolitical conflicts influence the cyber climate?
F Teichmann, SR Boticiu, BS Sergi - International Cybersecurity Law …, 2023 - Springer
This article aims to analyze the current unpredictable cyber climate. In particular, Russia's
invasion of Ukraine has heightened concerns about security incidents, and ransomware …
invasion of Ukraine has heightened concerns about security incidents, and ransomware …
Lastpymile: identifying the discrepancy between sources and packages
Open source packages have source code available on repositories for inspection (eg on
GitHub) but developers use pre-built packages directly from the package repositories (such …
GitHub) but developers use pre-built packages directly from the package repositories (such …
Taxonomy of attacks on open-source software supply chains
The widespread dependency on open-source software makes it a fruitful target for malicious
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …