Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, SCORED2022, Los Angeles, CA, USA, 7 November 2022 - researchr publication

researchr

You are not signed in
Sign in
Sign up

Santiago Torres-Arias, Marcela Melara, Laurent Simon, editors, Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, SCORED2022, Los Angeles, CA, USA, 7 November 2022. ACM, 2022. [doi]

Conference: scored2022

Abstract is missing.

Strength, Trust, and Harmony: The Challenges and Opportunities of Software Supply Chain SecurityTrevor Rosen. 1 [doi]

Policy Transparency: Authorization Logic Meets General Transparency to Prove Software Supply Chain IntegrityAndrew Ferraiuolo, Razieh Behjati, Tiziano Santoro, Ben Laurie. 3-13 [doi]

SoK: Analysis of Software Supply Chain Security by Establishing Secure Design PropertiesChinenye Okafor, Taylor R. Schorlemmer, Santiago Torres-Arias, James C. Davis. 15-24 [doi]

Preventing or Mitigating Adversarial Supply Chain Attacks: A Legal AnalysisKaspar Rosager Ludvigsen, Shishir Nagaraja, Angela Daly. 25-34 [doi]

Risk Explorer for Software Supply Chains: Understanding the Attack Surface of Open-Source based Software DevelopmentPiergiorgio Ladisa, Henrik Plate, Matias Martinez, Olivier Barais, Serena Elisa Ponta. 35-36 [doi]

Automatic Security Assessment of GitHub Actions WorkflowsGiacomo Benedetti, Luca Verderame, Alessio Merlo. 37-45 [doi]

On the Use of Tests for Software Supply Chain ThreatsJoseph Hejderup. 47-49 [doi]

Exorcist: Automated Differential Analysis to Detect Compromises in Closed-Source Software Supply ChainsFrederick Barr-Smith, Tim Blazytko, Richard Baker 0008, Ivan Martinovic. 51-61 [doi]

Towards the Detection of Malicious Java PackagesPiergiorgio Ladisa, Henrik Plate, Matias Martinez, Olivier Barais, Serena Elisa Ponta. 63-72 [doi]

Adapting Static Taint Analyzers to Software Marketplaces: A Leverage Point for Mass Vulnerability Detection?Daniel Krohmer, Kunal Sharma, Shi Chen. 73-82 [doi]

Talking Trojan: Analyzing an Industry-Wide DisclosureNicholas Boucher, Ross Anderson 0001. 83-92 [doi]

Inferring Software Update Practices on Smart Home IoT Devices Through User Agent AnalysisVijay Prakash, Sicheng Xie, Danny Yuxing Huang. 93-103 [doi]

An Empirical Study of Artifacts and Security Risks in the Pre-trained Model Supply ChainWenxin Jiang, Nicholas Synovic, Rohan Sethi, Aryan Indarapu, Matt Hyatt, Taylor R. Schorlemmer, George K. Thiruvathukal, James C. Davis. 105-114 [doi]

runs on WebDSL