all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

A Large-scale Fine-grained Analysis of Packages in Open-Source Software Ecosystems

Add to bookmarks
April 18, 2024, 4:11 a.m. | Xiaoyan Zhou, Feiran Liang, Zhaojie Xie, Yang Lan, Wenjia Niu, Jiqiang Liu, Haining Wang, Qiang Li

cs.CR updates on arXiv.org arxiv.org

arXiv:2404.11467v1 Announce Type: cross
Abstract: Package managers such as NPM, Maven, and PyPI play a pivotal role in open-source software (OSS) ecosystems, streamlining the distribution and management of various freely available packages. The fine-grained details within software packages can unveil potential risks within existing OSS ecosystems, offering valuable insights for detecting malicious packages. In this study, we undertake a large-scale empirical analysis focusing on fine-grained information (FGI): the metadata, static, and dynamic functions. Specifically, we investigate the FGI usage across …

analysis arxiv can cs.cr cs.se distribution ecosystems insights large management managers maven npm open-source software oss package package managers packages play pypi risks role scale software

Visit resource

More from arxiv.org / cs.CR updates on arXiv.org

PrivLM-Bench: A Multi-level Privacy Evaluation Benchmark for Language Models 2 days, 2 hours ago | arxiv.org
accessibility art arxiv attention +15
Provably Robust Cost-Sensitive Learning via Randomized Smoothing 2 days, 2 hours ago | arxiv.org
arxiv cost cs.cr cs.lg +1
WW-FL: Secure and Private Large-Scale Federated Learning 2 days, 2 hours ago | arxiv.org
arxiv attacks client cs.cr +28
Formalizing and Benchmarking Prompt Injection Attacks and Defenses 2 days, 2 hours ago | arxiv.org
arxiv attacks benchmarking cs.ai +9
SecureFalcon: Are We There Yet in Automated Software Vulnerability Detection with LLMs? 2 days, 2 hours ago | arxiv.org
adoption analysis applications arxiv +30
An Efficient and Multi-private Key Secure Aggregation for Federated Learning 2 days, 2 hours ago | arxiv.org
aggregation arxiv client cs.ai +21
How (not) to Build Quantum PKE in Minicrypt 2 days, 2 hours ago | arxiv.org
arxiv box build can +12
Computing Low-Entropy Couplings for Large-Support Distributions 2 days, 2 hours ago | arxiv.org
arxiv computing cs.cr cs.it +6
Unveiling and Mitigating Backdoor Vulnerabilities based on Unlearning Weight Changes and Backdoor Activeness 2 days, 2 hours ago | arxiv.org
arxiv attacks backdoor backdoor attacks +14

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com