Despite its obvious benefits, the increased adoption of package managers to automate the reuse of libraries has opened the door to a new class of hazards: supply chain attacks. By injecting malicious code in one library, an attacker may compromise all instances of all applications that depend on the library. To mitigate the impact of supply chain attacks, we propose the concept of Library Substitution Framework. This novel concept leverages one key observation: when an application depends on a library, it is very likely that there exists other libraries that provide similar features. The key objective of Library Substitution Framework is to enable the developers of an application to harness this diversity of libraries in their supply chain....
The software development process, or software supply chain, is quite complex and involves a number o...
Backward compatibility is a major concern for any library developer. In this paper, we evaluate how ...
Context: Refactoring is recognized as an effective practice to maintain evolving software systems. F...
Despite its obvious benefits, the increased adoption of package managers to automate the reuse of li...
Thanks to the emergence of package managers and online software repositories, modern software develo...
Abstract: A key threat of third-party library dependencies is their potential as a doorway for mali...
JSON is an essential file and data format in domains that span scientific computing, web APIs or con...
Developing software since year 2005 was as easy and seamless as using a free pricing version control...
In recent years, we have seen an increased interest in studying the software supply chain of user-fa...
Signature-based similarity metrics are the primary mech-anism to detect malware on current systems. ...
With the increase in the demand of software systems, there is an increase in the demand for efficien...
Code-reuse attacks are notoriously hard to defeat, and many current solutions to the problem focus o...
The widespread use of open-source software dependencies in software development can increase the ris...
The proliferation of distributed, multilayer software services is encouraging a separation of Applic...
International audienceOpen-source software supply chain attacks aim at infecting downstream users by...
The software development process, or software supply chain, is quite complex and involves a number o...
Backward compatibility is a major concern for any library developer. In this paper, we evaluate how ...
Context: Refactoring is recognized as an effective practice to maintain evolving software systems. F...
Despite its obvious benefits, the increased adoption of package managers to automate the reuse of li...
Thanks to the emergence of package managers and online software repositories, modern software develo...
Abstract: A key threat of third-party library dependencies is their potential as a doorway for mali...
JSON is an essential file and data format in domains that span scientific computing, web APIs or con...
Developing software since year 2005 was as easy and seamless as using a free pricing version control...
In recent years, we have seen an increased interest in studying the software supply chain of user-fa...
Signature-based similarity metrics are the primary mech-anism to detect malware on current systems. ...
With the increase in the demand of software systems, there is an increase in the demand for efficien...
Code-reuse attacks are notoriously hard to defeat, and many current solutions to the problem focus o...
The widespread use of open-source software dependencies in software development can increase the ris...
The proliferation of distributed, multilayer software services is encouraging a separation of Applic...
International audienceOpen-source software supply chain attacks aim at infecting downstream users by...
The software development process, or software supply chain, is quite complex and involves a number o...
Backward compatibility is a major concern for any library developer. In this paper, we evaluate how ...
Context: Refactoring is recognized as an effective practice to maintain evolving software systems. F...