research
∙
10/08/2022
Towards the Detection of Malicious Java Packages
Open-source software supply chain attacks aim at infecting downstream us...
share
research
∙
04/08/2022
Taxonomy of Attacks on Open-Source Software Supply Chains
The widespread dependency on open-source software makes it a fruitful ta...
research
∙
08/13/2021
VulnEx: Exploring Open-Source Software Vulnerabilities in Large Development Organizations to Understand Risk Exposure
The prevalent usage of open-source software (OSS) has led to an increase...
research
∙
08/11/2021
The Used, the Bloated, and the Vulnerable: Reducing the Attack Surface of an Industrial Application
Software reuse may result in software bloat when significant portions of...
research
∙
08/11/2020
Code-based Vulnerability Detection in Node.js Applications: How far are we?
With one of the largest available collection of reusable packages, the J...
research
∙
05/19/2020
Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks
A software supply chain attack is characterized by the injection of mali...
research
∙
02/07/2019
A Manually-Curated Dataset of Fixes to Vulnerabilities of Open-Source Software
Advancing our understanding of software vulnerabilities, automating thei...
research
∙
08/29/2018
Vulnerable Open Source Dependencies: Counting Those That Matter
BACKGROUND: Vulnerable dependencies are a known problem in today's open-...
research
∙
06/15/2018