all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

A Review of Attacks Against Language-Based Package Managers. (arXiv:2302.08959v1 [cs.SE])

Add to bookmarks
Feb. 20, 2023, 2:17 a.m. | Aarnav M. Bos

cs.CR updates on arXiv.org arxiv.org

The liberalization of software licensing has led to unprecedented re-use of
software. Alongside drastically increasing productivity and arguably quality of
derivative works, it has also introduced multiple attack vectors. The
management of software intended for re-use is typically conducted by a package
manager, whose role involves installing and updating packages and enabling
reproducible environments. Package managers implement various measures to
enforce the integrity and accurate resolution of packages to prevent supply
chain attacks. This review explores supply chain attacks on …

attack attacks attack vectors environments integrity language led licensing management manager managers package package manager package managers packages productivity quality resolution review role software unprecedented

Visit resource

More from arxiv.org / cs.CR updates on arXiv.org

IDEA: Invariant Defense for Graph Adversarial Robustness 41 minutes ago | arxiv.org
adversarial arxiv cs.cr cs.lg +4
BELT: Old-School Backdoor Attacks can Evade the State-of-the-Art Defense with Backdoor Exclusivity Lifting 41 minutes ago | arxiv.org
art arxiv attackers attacks +19
ZTD$_{JAVA}$: Mitigating Software Supply Chain Vulnerabilities via Zero-Trust Dependencies 41 minutes ago | arxiv.org
accelerate application application development arxiv +26
A Generative Framework for Low-Cost Result Validation of Machine Learning-as-a-Service Inference 41 minutes ago | arxiv.org
applications arxiv as-a-service cost +23
PA-Boot: A Formally Verified Authentication Protocol for Multiprocessor Secure Boot 41 minutes ago | arxiv.org
arxiv attack attacks attack surface +18
FairCMS: Cloud Media Sharing with Fair Copyright Protection 41 minutes ago | arxiv.org
arxiv cloud cloud platform copyright +16
Efficient unitary designs and pseudorandom unitaries from permutations 41 minutes ago | arxiv.org
algorithm arxiv construction cs.cr +9
Efficient and Near-Optimal Noise Generation for Streaming Differential Privacy 41 minutes ago | arxiv.org
arxiv cs.cc cs.cr cs.ds +11
Privacy-Preserving Statistical Data Generation: Application to Sepsis Detection 41 minutes ago | arxiv.org
application artificial artificial intelligence arxiv +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Regional Leader, Cyber Crisis Communications

@ Google | United Kingdom
View on infosec-jobs.com

Regional Intelligence Manager, Compliance, Safety and Risk Management

@ Google | London, UK
View on infosec-jobs.com

Senior Analyst, Endpoint Security

@ Scotiabank | Toronto, ON, CA, M1K5L1
View on infosec-jobs.com

Software Engineer, Security/Privacy, Google Cloud

@ Google | Bengaluru, Karnataka, India
View on infosec-jobs.com

Senior Security Engineer

@ Coinbase | Remote - USA
View on infosec-jobs.com
View more jobs