Lastpymile: identifying the discrepancy between sources and packages
Open source packages have source code available on repositories for inspection (eg on
GitHub) but developers use pre-built packages directly from the package repositories (such …
GitHub) but developers use pre-built packages directly from the package repositories (such …
Towards detection of software supply chain attacks by forensic artifacts
M Ohm, A Sykosch, M Meier - … of the 15th international conference on …, 2020 - dl.acm.org
Third-party dependencies may introduce security risks to the software supply chain and
hence yield harm to their dependent software. There are many known cases of malicious …
hence yield harm to their dependent software. There are many known cases of malicious …
Typosquatting and combosquatting attacks on the python ecosystem
Limited automated controls integrated into the Python Package Index (PyPI) package
uploading process make PyPI an attractive target for attackers to trick developers into using …
uploading process make PyPI an attractive target for attackers to trick developers into using …
Anomalicious: Automated detection of anomalous and potentially malicious commits on github
D Gonzalez, T Zimmermann… - 2021 IEEE/ACM …, 2021 - ieeexplore.ieee.org
Security is critical to the adoption of open source software (OSS), yet few automated
solutions currently exist to help detect and prevent malicious contributions from infecting …
solutions currently exist to help detect and prevent malicious contributions from infecting …
A survey on common threats in npm and pypi registries
Software engineers regularly use JavaScript and Python for both front-end and back-end
automation tasks. On top of JavaScript and Python, there are several frameworks to facilitate …
automation tasks. On top of JavaScript and Python, there are several frameworks to facilitate …
Supporting the detection of software supply chain attacks through unsupervised signature generation
Trojanized software packages used in software supply chain attacks constitute an emerging
threat. Unfortunately, there is still a lack of scalable approaches that allow automated and …
threat. Unfortunately, there is still a lack of scalable approaches that allow automated and …
OSSIntegrity: Collaborative open-source code integrity verification
Open-source software (OSS) libraries have become popular among developers due to their
ability to reduce development time and costs. However, OSS can also be exploited and used …
ability to reduce development time and costs. However, OSS can also be exploited and used …
A method for identifying references between projects in github
In open source software platforms, software projects do not usually develop in isolation, and
they depend on each other and develop together. It is important to identify references …
they depend on each other and develop together. It is important to identify references …
A Machine Learning-Based Approach For Detecting Malicious PyPI Packages
H Samaana, DE Costa, E Shihab… - arXiv preprint arXiv …, 2024 - arxiv.org
Background. In modern software development, the use of external libraries and packages is
increasingly prevalent, streamlining the software development process and enabling …
increasingly prevalent, streamlining the software development process and enabling …
Leveraging Team Dynamics to Predict Open-source Software Projects' Susceptibility to Social Engineering Attacks
L Giovanini, D Oliveira, H Sanchez… - arXiv preprint arXiv …, 2021 - arxiv.org
Open-source software (OSS) is a critical part of the software supply chain. Recent social
engineering attacks against OSS development teams have enabled attackers to become …
engineering attacks against OSS development teams have enabled attackers to become …