all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

An Integrity-Focused Threat Model for Software Development Pipelines. (arXiv:2211.06249v1 [cs.CR])

Add to bookmarks
Nov. 14, 2022, 2:20 a.m. | B. M. Reichert (1), R. R. Obelheiro (1) ((1) Graduate Program in Applied Computing, State University of Santa Catarina)

cs.CR updates on arXiv.org arxiv.org

In recent years, there has been a growing concern with software integrity,
that is, the assurance that software has not been tampered with on the path
between developers and users. This path is represented by a software
development pipeline and plays a pivotal role in software supply chain
security. While there have been efforts to improve the security of development
pipelines, there is a lack of a comprehensive view of the threats affecting
them. We develop a systematic threat model …

development integrity software software development threat threat model

Visit resource

More from arxiv.org / cs.CR updates on arXiv.org

Assessing the Solvency of Virtual Asset Service Providers: Are Current Standards Sufficient? 11 hours ago | arxiv.org
arxiv asset business can +22
Label Inference Attacks against Node-level Vertical Federated GNNs 11 hours ago | arxiv.org
arxiv attacks cs.cr cs.lg +16
One-shot Empirical Privacy Estimation for Federated Learning 11 hours ago | arxiv.org
adversary algorithms arxiv auditing +12
Transferability Ranking of Adversarial Examples 11 hours ago | arxiv.org
adversarial arxiv assurance attackers +12
When Authentication Is Not Enough: On the Security of Behavioral-Based Driver Authentication Systems 11 hours ago | arxiv.org
artificial artificial intelligence arxiv authentication +12
A survey on hardware-based malware detection approaches 11 hours ago | arxiv.org
arxiv computer computer security cs.cr +15
Explainable Ponzi Schemes Detection on Ethereum 11 hours ago | arxiv.org
applications arxiv blockchain cs.cr +11
KDk: A Defense Mechanism Against Label Inference Attacks in Vertical Federated Learning 11 hours ago | arxiv.org
arxiv attacks cs.cr cs.lg +8
Privacy-Preserving UCB Decision Process Verification via zk-SNARKs 11 hours ago | arxiv.org
algorithm application arxiv balance +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Security Engineer, Incident Response

@ Databricks | Remote - Netherlands
View on infosec-jobs.com

Associate Vulnerability Engineer - Mid-Atlantic region (Part-Time)

@ GuidePoint Security LLC | Remote in VA, MD, PA, NC, DE, NJ, or DC
View on infosec-jobs.com

Data Security Architect

@ Accenture Federal Services | Washington, DC
View on infosec-jobs.com

Identity Security Administrator

@ SailPoint | Pune, India
View on infosec-jobs.com
View more jobs