Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks

19 May 2020

Papers citing "Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks"

50 / 77 papers shown

CVE Breadcrumbs: Tracking Vulnerabilities Through Versioned Apache Libraries

01 Dec 2025

Software Supply Chain Security of Web3

Martin Monperrus

138

15 Nov 2025

A Multi-Cloud Framework for Zero-Trust Workload Authentication

Saurabh Deochake

Ryan Murphy

Jeremiah Gearheart

17 Oct 2025

Lexo: Eliminating Stealthy Supply-Chain Attacks via LLM-Assisted Program Regeneration

163

16 Oct 2025

Leveraging Code Cohesion Analysis to Identify Source Code Supply Chain Attacks

203

16 Oct 2025

Reproducible Builds for Quantum Computing

Iyán Méndez Veiga

Esther Hänggi

106

02 Oct 2025

FuncPoison: Poisoning Function Library to Hijack Multi-agent Autonomous Driving Systems

Yuzhen Long

Songze Li

AAML

191

29 Sep 2025

Trustworthy and Confidential SBOM Exchange

Eman Abu Ishgair

C. Okafor

Marcela S. Melara

Santiago Torres-Arias

169

16 Sep 2025

Unlocking Reproducibility: Automating re-Build Process for Open-Source Software

Behnaz Hassanshahi

Trong Nhan Mai

Benjamin Selwyn Smith

Nicholas Allen

134

10 Sep 2025

ImportSnare: Directed "Code Manual" Hijacking in Retrieval-Augmented Code Generation

197

09 Sep 2025

On the (In)Security of Loading Machine Learning Models

212

08 Sep 2025

Passwords and FIDO2 Are Meant To Be Secret: A Practical Secure Authentication Channel for Web Browsers

153

02 Sep 2025

PickleBall: Secure Deserialization of Pickle-based Machine Learning Models (Extended Report)

174

21 Aug 2025

NodeShield: Runtime Enforcement of Security-Enhanced SBOMs for Node.js

Eric Cornelissen

Musard Balliu

138

19 Aug 2025

DALEQ -- Explainable Equivalence for Java Bytecode

Jens Dietrich

Behnaz Hassanshahi

106

03 Aug 2025

Open Source, Open Threats? Investigating Security Challenges in Open-Source Software

Seyed Ali Akhavani

Behzad Ousat

Amin Kharraz

211

15 Jun 2025

"I wasn't sure if this is indeed a security risk": Data-driven Understanding of Security Issue Reporting in GitHub Repositories of Open Source npm Packages

Rajdeep Ghosh

Shiladitya De

Mainack Mondal

175

09 Jun 2025

Securing the Software Package Supply Chain for Critical Systems

Ritwik Murali

Akash Ravi

169

28 May 2025

Eradicating the Unseen: Detecting, Exploiting, and Remediating a Path Traversal Vulnerability across GitHubACM Asia Conference on Computer and Communications Security (AsiaCCS), 2025

356

26 May 2025

ARMS: A Vision for Actor Reputation Metric Systems in the Open-Source Software Supply Chain

Santiago Torres-Arias

James C. Davis

207

24 May 2025

ROSA: Finding Backdoors with FuzzingInternational Conference on Software Engineering (ICSE), 2025

278

13 May 2025

LibVulnWatch: A Deep Assessment Agent System and Leaderboard for Uncovering Hidden Vulnerabilities in Open-Source AI Libraries

Adriano Soares Koshiyama

ELM

345

13 May 2025

Sleeping Giants - Activating Dormant Java Deserialization Gadget Chains through Stealthy Code Changes

234

29 Apr 2025

Automatically Generating Rules of Malicious Software Packages via Large Language ModelDependable Systems and Networks (DSN), 2025

277

24 Apr 2025

User Profiles: The Achilles' Heel of Web Browsers

Dolière Francis Somé

Moaz Airan

Zakir Durumeric

Cristian-Alexandru Staicu

250

24 Apr 2025

Bomfather: An eBPF-based Kernel-level Monitoring Framework for Accurate Identification of Unknown, Unused, and Dynamically Loaded Dependencies in Modern Software Supply Chains

Naveen Srinivasan

Nathan Naveen

Neil Naveen

293

03 Mar 2025

DySec: A Machine Learning-based Dynamic Analysis for Detecting Malicious Packages in PyPI Ecosystem

261

01 Mar 2025

ConfuGuard: Using Metadata to Detect Active and Stealthy Package Confusion Attacks Accurately and at Scale

548

27 Feb 2025

Pinning Is Futile: You Need More Than Local Dependency Versioning to Defend against Supply Chain Attacks

Hao He

Bogdan Vasilescu

Jane Hsieh

158

10 Feb 2025

Six Million (Suspected) Fake Stars in GitHub: A Growing Spiral of Popularity Contests, Spams, and Malware

406

18 Dec 2024

A Study of Malware Prevention in Linux Distributions

Duc-Ly Vu

Trevor Dunlap

Karla Obermeier-Velazquez

Thanh-Cong Nguyen

Paul Gibert

J. Meyers

Santiago Torres-Arias

502

17 Nov 2024

Levels of Binary Equivalence for the Comparison of Binaries from Alternative Builds

278

11 Oct 2024

Models Are Codes: Towards Measuring Malicious Code Poisoning Attacks on Pre-trained Model HubsInternational Conference on Automated Software Engineering (ASE), 2024

Shenao Wang

Kailong Wang

Yuanchao Zhang

Haoyu Wang

317

14 Sep 2024

Towards Robust Detection of Open Source Software Supply Chain Poisoning Attacks in Industry EnvironmentsInternational Conference on Automated Software Engineering (ASE), 2024

Shenao Wang

Yuanchao Zhang

Kailong Wang

Haoyu Wang

217

14 Sep 2024

Maven-Hijack: Software Supply Chain Attack Exploiting Packaging Order

274

26 Jul 2024

Tactics, Techniques, and Procedures (TTPs) in Interpreted Malware: A Zero-Shot Generation with Large Language Models

Haining Wang

243

11 Jul 2024

Enhancing Software Supply Chain Resilience: Strategy For Mitigating Software Supply Chain Security Risks And Ensuring Security Continuity In Development Lifecycle

Ahmed Akinsola

Abdullah Akinde

136

08 Jul 2024

GoSurf: Identifying Software Supply Chain Attack Vectors in Go

130

05 Jul 2024

SBOM.EXE: Countering Dynamic Code Injection based on Software Bill of Materials in Java

304

28 Jun 2024

QuADTool: Attack-Defense-Tree Synthesis, Analysis and Bridge to Verification

195

21 Jun 2024

SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties

C. Okafor

Taylor R. Schorlemmer

Santiago Torres-Arias

James C. Davis

468

14 Jun 2024

We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs

590

12 Jun 2024

SoK: A Defense-Oriented Evaluation of Software Supply Chain Security

Eman Abu Ishgair

Marcela S. Melara

Santiago Torres-Arias

329

23 May 2024

FV8: A Forced Execution JavaScript Engine for Detecting Evasive Techniques

Nikolaos Pantelaios

A. Kapravelos

230

21 May 2024

A Large-scale Fine-grained Analysis of Packages in Open-Source Software Ecosystems

358

17 Apr 2024

Just another copy and paste? Comparing the security vulnerabilities of ChatGPT generated code and StackOverflow answers

319

22 Mar 2024

DevPhish: Exploring Social Engineering in Software Supply Chain Attacks on Developers

Hossein Siadati

Sima Jafarikhah

Elif Sahin

Terrence Brent Hernandez

Elijah Lorenzo Tripp

Denis Khryashchev

151

28 Feb 2024

Malicious Package Detection using Metadata InformationThe Web Conference (WWW), 2024

226

12 Feb 2024

Passwords Are Meant to Be Secret: A Practical Secure Password Entry Channel for Web Browsers

138

09 Feb 2024

Why Not Mitigate Vulnerabilities in Helm Charts?

145

23 Dec 2023