Smart contract development: Challenges and opportunities

W Zou, D Lo, PS Kochhar, XBD Le, X Xia… - IEEE transactions on …, 2019 - ieeexplore.ieee.org
Smart contract, a term which was originally coined to refer to the automation of legal
contracts in general, has recently seen much interest due to the advent of blockchain …

Backstabber's knife collection: A review of open source software supply chain attacks

M Ohm, H Plate, A Sykosch, M Meier - … 2020, Lisbon, Portugal, June 24–26 …, 2020 - Springer
A software supply chain attack is characterized by the injection of malicious code into a
software package in order to compromise dependent systems further down the chain …

Sok: Taxonomy of attacks on open-source software supply chains

P Ladisa, H Plate, M Martinez… - 2023 IEEE Symposium …, 2023 - ieeexplore.ieee.org
The widespread dependency on open-source software makes it a fruitful target for malicious
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …

Small world with high risks: A study of security threats in the npm ecosystem

M Zimmermann, CA Staicu, C Tenny… - 28th USENIX Security …, 2019 - usenix.org
The popularity of JavaScript has lead to a large ecosystem of third-party packages available
via the npm software package registry. The open nature of npm has boosted its growth …

Demystifying the vulnerability propagation and its evolution via dependency trees in the npm ecosystem

C Liu, S Chen, L Fan, B Chen, Y Liu… - Proceedings of the 44th …, 2022 - dl.acm.org
Third-party libraries with rich functionalities facilitate the fast development of JavaScript
software, leading to the explosive growth of the NPM ecosystem. However, it also brings …

Empirical analysis of security vulnerabilities in python packages

M Alfadel, DE Costa, E Shihab - Empirical Software Engineering, 2023 - Springer
Software ecosystems play an important role in modern software development, providing an
open platform of reusable packages that speed up and facilitate development tasks …

On the use of github actions in software development repositories

A Decan, T Mens, PR Mazrae… - 2022 IEEE International …, 2022 - ieeexplore.ieee.org
GitHub Actions was introduced in 2019 and constitutes an integrated alternative to CI/CD
services for GitHub repositories. The deep integration with GitHub allows repositories to …

Towards measuring supply chain attacks on package managers for interpreted languages

R Duan, O Alrawi, RP Kasturi, R Elder… - arXiv preprint arXiv …, 2020 - arxiv.org
Package managers have become a vital part of the modern software development process.
They allow developers to reuse third-party code, share their own code, minimize their …

An empirical study of usages, updates and risks of third-party libraries in java projects

Y Wang, B Chen, K Huang, B Shi, C Xu… - 2020 IEEE …, 2020 - ieeexplore.ieee.org
Third-party libraries play a key role in software development as they can relieve developers
of the heavy burden of re-implementing common functionalities. However, third-party …

Out of sight, out of mind? How vulnerable dependencies affect open-source projects

GAA Prana, A Sharma, LK Shar, D Foo… - Empirical Software …, 2021 - Springer
Context Software developers often use open-source libraries in their project to improve
development speed. However, such libraries may contain security vulnerabilities, and this …