all InfoSec news
A Review of Attacks Against Language-Based Package Managers. (arXiv:2302.08959v1 [cs.SE])
cs.CR updates on arXiv.org arxiv.org
The liberalization of software licensing has led to unprecedented re-use of
software. Alongside drastically increasing productivity and arguably quality of
derivative works, it has also introduced multiple attack vectors. The
management of software intended for re-use is typically conducted by a package
manager, whose role involves installing and updating packages and enabling
reproducible environments. Package managers implement various measures to
enforce the integrity and accurate resolution of packages to prevent supply
chain attacks. This review explores supply chain attacks on …
attack attacks attack vectors environments integrity language led licensing management manager managers package package manager package managers packages productivity quality resolution review role software unprecedented