Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks

19 May 2020

Papers citing "Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks"

50 / 60 papers shown

Title
Open Source, Open Threats? Investigating Security Challenges in Open-Source Software Seyed Ali Akhavani Behzad Ousat Amin Kharraz 25 0 0 15 Jun 2025
"I wasn't sure if this is indeed a security risk": Data-driven Understanding of Security Issue Reporting in GitHub Repositories of Open Source npm Packages Rajdeep Ghosh Shiladitya De Mainack Mondal 29 0 0 09 Jun 2025
Securing the Software Package Supply Chain for Critical Systems Ritwik Murali Akash Ravi 29 0 0 28 May 2025
Eradicating the Unseen: Detecting, Exploiting, and Remediating a Path Traversal Vulnerability across GitHub Jafar Akhoundali Hamidreza Hamidi Kristian Rietveld Olga Gadyatskaya 37 0 0 26 May 2025
ARMS: A Vision for Actor Reputation Metric Systems in the Open-Source Software Supply Chain Kelechi G. Kalu Sofia Okorafor Betül Durak Kim Laine R. C. Moreno Santiago Torres-Arias James C. Davis 30 0 0 24 May 2025
LibVulnWatch: A Deep Assessment Agent System and Leaderboard for Uncovering Hidden Vulnerabilities in Open-Source AI Libraries Zekun Wu Seonglae Cho U. Mohammed Cristian Muñoz Kleyton Costa Xin Guan Theo King Ze Wang Emre Kazim Adriano Soares Koshiyama ELM 93 0 0 13 May 2025
ROSA: Finding Backdoors with Fuzzing Dimitri Kokkonis Michaël Marcozzi Emilien Decoux Stefano Zacchiroli 72 0 0 13 May 2025
Sleeping Giants - Activating Dormant Java Deserialization Gadget Chains through Stealthy Code Changes Bruno Kreyssig Sabine Houy Timothée Riom Alexandre Bartel 48 0 0 29 Apr 2025
Automatically Generating Rules of Malicious Software Packages via Large Language Model XiangRui Zhang HaoYu Chen YongZhong He Wenjia Niu Qiang Li 74 0 0 24 Apr 2025
User Profiles: The Achilles' Heel of Web Browsers Dolière Francis Somé Moaz Airan Zakir Durumeric Cristian-Alexandru Staicu 125 0 0 24 Apr 2025
Bomfather: An eBPF-based Kernel-level Monitoring Framework for Accurate Identification of Unknown, Unused, and Dynamically Loaded Dependencies in Modern Software Supply Chains Naveen Srinivasan Nathan Naveen Neil Naveen 67 0 0 03 Mar 2025
ConfuGuard: Using Metadata to Detect Active and Stealthy Package Confusion Attacks Accurately and at Scale Wenxin Jiang Berk Çakar Mikola Lysenko James C. Davis 105 0 0 27 Feb 2025
4.5 Million (Suspected) Fake Stars in GitHub: A Growing Spiral of Popularity Contests, Scams, and Malware Hao He Haoqin Yang Philipp Burckhardt A. Kapravelos Bogdan Vasilescu Christian Kastner 192 4 0 18 Dec 2024
A Study of Malware Prevention in Linux Distributions Duc-Ly Vu Trevor Dunlap Karla Obermeier-Velazquez Paul Gibert J. Meyers Santiago Torres-Arias 110 0 0 17 Nov 2024
Levels of Binary Equivalence for the Comparison of Binaries from Alternative Builds Jens Dietrich Tim White Behnaz Hassanshahi P. Krishnan 31 4 0 11 Oct 2024
Models Are Codes: Towards Measuring Malicious Code Poisoning Attacks on Pre-trained Model Hubs Jian Zhao Shenao Wang Yanjie Zhao Xinyi Hou Kailong Wang Peiming Gao Yuanchao Zhang Chen Wei Haoyu Wang 85 11 0 14 Sep 2024
Towards Robust Detection of Open Source Software Supply Chain Poisoning Attacks in Industry Environments Xinyi Zheng Chen Wei Shenao Wang Yanjie Zhao Peiming Gao Yuanchao Zhang Kailong Wang Haoyu Wang 63 4 0 14 Sep 2024
Java-Class-Hijack: Software Supply Chain Attack for Java based on Maven Dependency Resolution and Java Classloading Federico Bono Frank Reyes Aman Sharma Benoit Baudry Martin Monperrus 49 1 0 26 Jul 2024
Tactics, Techniques, and Procedures (TTPs) in Interpreted Malware: A Zero-Shot Generation with Large Language Models Ying Zhang Xiaoyan Zhou Hui Wen Wenjia Niu Jiqiang Liu Haining Wang Qiang Li 75 5 0 11 Jul 2024
Enhancing Software Supply Chain Resilience: Strategy For Mitigating Software Supply Chain Security Risks And Ensuring Security Continuity In Development Lifecycle Ahmed Akinsola Abdullah Akinde 30 3 0 08 Jul 2024
GoSurf: Identifying Software Supply Chain Attack Vectors in Go Carmine Cesarano Vivi Andersson Roberto Natella Martin Monperrus 48 0 0 05 Jul 2024
SBOM.EXE: Countering Dynamic Code Injection based on Software Bill of Materials in Java Aman Sharma Martin Wittlinger Benoit Baudry Martin Monperrus 71 7 0 28 Jun 2024
QuADTool: Attack-Defense-Tree Synthesis, Analysis and Bridge to Verification Florian Dorfhuber Julia Eisentraut Katharina Klioba Jan Křetínský 25 0 0 21 Jun 2024
SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties C. Okafor Taylor R. Schorlemmer Santiago Torres-Arias James C. Davis 106 46 0 14 Jun 2024
We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs Joseph Spracklen Raveen Wijewickrama A. H. M. N. Sakib Anindya Maiti Murtuza Jadliwala Murtuza Jadliwala 170 13 0 12 Jun 2024
SoK: A Defense-Oriented Evaluation of Software Supply Chain Security Eman Abu Ishgair Marcela S. Melara Santiago Torres-Arias 46 2 0 23 May 2024
FV8: A Forced Execution JavaScript Engine for Detecting Evasive Techniques Nikolaos Pantelaios A. Kapravelos 52 2 0 21 May 2024
A Large-scale Fine-grained Analysis of Packages in Open-Source Software Ecosystems Xiaoyan Zhou Feiran Liang Zhaojie Xie Yang Lan Wenjia Niu Jiqiang Liu Haining Wang Qiang Li 166 1 0 17 Apr 2024
Just another copy and paste? Comparing the security vulnerabilities of ChatGPT generated code and StackOverflow answers Sivana Hamer Marcelo dÁmorim Laurie A. Williams SILM ELM 87 19 0 22 Mar 2024
DevPhish: Exploring Social Engineering in Software Supply Chain Attacks on Developers Hossein Siadati Sima Jafarikhah Elif Sahin Terrence Brent Hernandez Elijah Lorenzo Tripp Denis Khryashchev 50 3 0 28 Feb 2024
Malicious Package Detection using Metadata Information Sajal Halder Michael Bewong Arash Mahboubi Yinhao Jiang Md. Rafiqul Islam Md. Zahidul Islam Ryan H. L. Ip Muhammad Ejaz Ahmed Gowri Ramachandran Muhammad Ali Babar 30 8 0 12 Feb 2024
Passwords Are Meant to Be Secret: A Practical Secure Password Entry Channel for Web Browsers Anuj Gautam T. Yadav Kenneth R. Seamons Scott Ruoti 38 2 0 09 Feb 2024
Why Not Mitigate Vulnerabilities in Helm Charts? Yihao Chen Jiahuei Lin Bram Adams Ahmed E. Hassan 43 0 0 23 Dec 2023
Assessing the Threat Level of Software Supply Chains with the Log Model Luis Soeiro Thomas Robert Stefano Zacchiroli 130 0 0 20 Nov 2023
Finding Software Vulnerabilities in Open-Source C Projects via Bounded Model Checking J. Sousa B. Farias T. Silva Eddie Batista de Lima Filho Lucas C. Cordeiro 13 3 0 09 Nov 2023
Automatic Bill of Materials Nicholas Boucher Ross J. Anderson 85 1 0 15 Oct 2023
On the Feasibility of Cross-Language Detection of Malicious Packages in npm and PyPI Piergiorgio Ladisa Serena Elisa Ponta Nicola Ronzoni Matias Martinez Olivier Barais 58 12 0 14 Oct 2023
Naming Practices of Pre-Trained Models in Hugging Face Wenxin Jiang Chingwo Cheung Mingyu Kim Heesoo Kim George K. Thiruvathukal James C. Davis CVBM 62 6 0 02 Oct 2023
An Empirical Study on Using Large Language Models to Analyze Software Supply Chain Security Failures Tanmay Singla Dharun Anandayuvaraj Kelechi G. Kalu Taylor R. Schorlemmer James C. Davis 133 14 0 09 Aug 2023
The Hitchhiker's Guide to Malicious Third-Party Dependencies Piergiorgio Ladisa Merve Sahin Serena Elisa Ponta M. Rosa Matias Martinez Olivier Barais 45 7 0 18 Jul 2023
Trusting code in the wild: A social network-based centrality rating for developers in the Rust ecosystem Nasif Imtiaz Preya Shabrina Laurie A. Williams 26 0 0 31 May 2023
You Can Run But You Can't Hide: Runtime Protection Against Malicious Package Updates For Node.js Marc Ohm Timo Pohl Felix Boes 134 6 0 31 May 2023
Software supply chain: review of attacks, risk assessment strategies and security controls Betul Gokkaya Leonardo Aniello Basel Halak 50 6 0 23 May 2023
Speranza: Usable, privacy-friendly software signing K. Merrill Zachary Newman Santiago Torres-Arias K. Sollins 84 14 0 10 May 2023
Journey to the Center of Software Supply Chain Attacks Piergiorgio Ladisa Serena Elisa Ponta A. Sabetta Matias Martinez Olivier Barais 59 4 0 11 Apr 2023
An Integrity-Focused Threat Model for Software Development Pipelines B. M. Reichert R. Obelheiro 138 1 0 11 Nov 2022
Towards the Detection of Malicious Java Packages Piergiorgio Ladisa H. Plate Matias Martinez Olivier Barais Serena Elisa Ponta 65 15 0 08 Oct 2022
A Benchmark Comparison of Python Malware Detection Approaches Duc-Ly Vu Zachary Newman J. Meyers 160 21 0 27 Sep 2022
Malicious Source Code Detection Using Transformer Chen Tsfaty Michael Fire 69 4 0 16 Sep 2022
Taxonomy of Attacks on Open-Source Software Supply Chains Piergiorgio Ladisa H. Plate Matias Martinez Olivier Barais 100 148 0 08 Apr 2022