ZTD$_{JAVA}$: Mitigating Software Supply Chain Vulnerabilities via Zero-Trust Dependencies

arXiv:2310.14117v2 Announce Type: replace
Abstract: Third-party software components like Log4J accelerate software application development but introduce substantial risk. These components have led to many software supply chain attacks. These attacks succeed because third-party software components are implicitly trusted in an application. Although several security defenses exist to reduce the risks from third-party software components, none of them fulfills the full set of requirements needed to defend against common attacks. No individual solution prevents malicious access to operating system resources, is …

accelerate application application development arxiv attacks components cs.cr cs.se defenses dependencies development java led log4j party risk risks security software software components software supply chain software supply chain attacks supply supply chain supply chain attacks third third-party trust trust dependencies vulnerabilities