Backstabber’s Knife Collection: A Review of Open Source Software Supply Chain Attacks

@article{Ohm2020BackstabbersKC,
  title={Backstabber’s Knife Collection: A Review of Open Source Software Supply Chain Attacks},
  author={Marc Ohm and H. Plate and Arnold Sykosch and Michael Meier},
  journal={Detection of Intrusions and Malware, and Vulnerability Assessment},
  year={2020},
  volume={12223},
  pages={23 - 43}
}
A software supply chain attack is characterized by the injection of malicious code into a software package in order to compromise dependent systems further down the chain. Recent years saw a number of supply chain attacks that leverage the increasing use of open source during software development, which is facilitated by dependency managers that automatically resolve, download and install hundreds of open source packages throughout the software life cycle. Even though many approaches for… Expand
6 Citations

References

SHOWING 1-10 OF 64 REFERENCES
Small World with High Risks: A Study of Security Threats in the npm Ecosystem
  • 35
  • PDF
Poisoning the Software Supply Chain
  • 14
On the Impact of Security Vulnerabilities in the npm Package Dependency Network
  • 59
An Empirical Analysis of Vulnerabilities in Python Packages for Web Applications
  • Jukka Ruohonen
  • Computer Science
  • 2018 9th International Workshop on Empirical Software Engineering in Practice (IWESEP)
  • 2018
  • 8
  • PDF
Detecting Suspicious Package Updates
  • 5
  • PDF
Security of public continuous integration services
  • 10
  • PDF
Identification of Dependency-based Attacks on Node.js
  • 12
  • PDF
Attack Trees
  • R. Ellison
  • Computer Science
  • Encyclopedia of Biometrics
  • 2009
  • 508
  • PDF
Compromised npm package: event-stream (2018)
  • https://medium. com/intrinsic/compromised-npm-package-event-stream-d47d08605502. Accessed
  • 2019
Compromised npm package: event-stream
  • https://medium.com/intrinsic/ compromised-npm-package-event-stream-d47d08605502
  • 2018
...
1
2
3
4
5
...