all InfoSec news
A Large-scale Fine-grained Analysis of Packages in Open-Source Software Ecosystems
April 18, 2024, 4:11 a.m. | Xiaoyan Zhou, Feiran Liang, Zhaojie Xie, Yang Lan, Wenjia Niu, Jiqiang Liu, Haining Wang, Qiang Li
cs.CR updates on arXiv.org arxiv.org
Abstract: Package managers such as NPM, Maven, and PyPI play a pivotal role in open-source software (OSS) ecosystems, streamlining the distribution and management of various freely available packages. The fine-grained details within software packages can unveil potential risks within existing OSS ecosystems, offering valuable insights for detecting malicious packages. In this study, we undertake a large-scale empirical analysis focusing on fine-grained information (FGI): the metadata, static, and dynamic functions. Specifically, we investigate the FGI usage across …
analysis arxiv can cs.cr cs.se distribution ecosystems insights large management managers maven npm open-source software oss package package managers packages play pypi risks role scale software
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Network Security Engineer – Zscaler SME
@ Peraton | United States
Splunk Data Analytic Subject Matter Expert
@ Peraton | Woodlawn, MD, United States
Principal Consultant, Offensive Security, Proactive Services (Unit 42)- Remote
@ Palo Alto Networks | Santa Clara, CA, United States
Senior Engineer Software Product Security
@ Ford Motor Company | Mexico City, MEX, Mexico
Information System Security Engineer (Red Team)
@ Evolution | Riga, Latvia