Feb. 13, 2024, 5:10 a.m. | S. Halder M. Bewong A. Mahboubi Y. Jiang R. Islam Z. Islam R. Ip E. Ahmed G. Ramachand

cs.CR updates on arXiv.org arxiv.org

Protecting software supply chains from malicious packages is paramount in the evolving landscape of software development. Attacks on the software supply chain involve attackers injecting harmful software into commonly used packages or libraries in a software repository. For instance, JavaScript uses Node Package Manager (NPM), and Python uses Python Package Index (PyPi) as their respective package repositories. In the past, NPM has had vulnerabilities such as the event-stream incident, where a malicious package was introduced into a popular NPM package, …

attackers attacks cs.cr detection development information instance javascript libraries malicious malicious packages manager metadata node node package manager npm package package manager packages paramount protecting pypi python python package python package index repository software software development software supply chain software supply chains supply supply chain supply chains

Director of the Air Force Cyber Technical Center of Excellence (CyTCoE)

@ Air Force Institute of Technology | Dayton, OH, USA

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

Business Information Security Officer

@ PwC | Auckland - PwC Tower

CI/CD DevSecOps Developer (Remote)

@ NTT DATA | Halifax, NS, CA

Security Operations Engineer

@ Collectors | Santa Ana, California, United States

Security Engineer

@ Wizeline | Colombia