An empirical study on software bill of materials: Where we stand and the road ahead
The rapid growth of software supply chain attacks has attracted considerable attention to
software bill of materials (SBOM). SBOMs are a crucial building block to ensure the …
software bill of materials (SBOM). SBOMs are a crucial building block to ensure the …
SBOM. EXE: Countering Dynamic Code Injection based on Software Bill of Materials in Java
Software supply chain attacks have become a significant threat as software development
increasingly relies on contributions from multiple, often unverified sources. The code from …
increasingly relies on contributions from multiple, often unverified sources. The code from …
On the security blind spots of software composition analysis
Modern software heavily relies on the use of components. Those components are usually
published in central repositories, and managed by build systems via dependencies. Due to …
published in central repositories, and managed by build systems via dependencies. Due to …
Java Bytecode Normalization for Code Similarity Analysis
Analyzing the similarity of two code fragments has many applications, including code clone,
vulnerability and plagiarism detection. Most existing approaches for similarity analysis work …
vulnerability and plagiarism detection. Most existing approaches for similarity analysis work …
BinEq-A Benchmark of Compiled Java Programs to Assess Alternative Builds
Incidents like xz and SolarWinds have led to an increased focus on software supply chain
security. A particular concern is the detection and prevention of compromised builds. A …
security. A particular concern is the detection and prevention of compromised builds. A …
Levels of Binary Equivalence for the Comparison of Binaries from Alternative Builds
J Dietrich, T White, B Hassanshahi… - arXiv preprint arXiv …, 2024 - arxiv.org
In response to challenges in software supply chain security, several organisations have
created infrastructures to independently build commodity open source projects and release …
created infrastructures to independently build commodity open source projects and release …
[PDF][PDF] Flatpak attestation using Reproducible Builds
ZT Tevaearai, F Toffalini - 2022 - hexhive.epfl.ch
Software can be built from source code or distributed as pre-compiled packages. These
packages are the result of a software supply chain which can be subject to attacks or bugs …
packages are the result of a software supply chain which can be subject to attacks or bugs …