all InfoSec news
The Code the World Depends On: A First Look at Technology Makers' Open Source Software Dependencies
April 19, 2024, 4:11 a.m. | Cadence Patrick, Kimberly Ruth, Zakir Durumeric
cs.CR updates on arXiv.org arxiv.org
Abstract: Open-source software (OSS) supply chain security has become a topic of concern for organizations. Patching an OSS vulnerability can require updating other dependent software products in addition to the original package. However, the landscape of OSS dependencies is not well explored: we do not know what packages are most critical to patch, hindering efforts to improve OSS security where it is most needed. There is thus a need to understand OSS usage in major software …
addition arxiv can code cs.cr cs.se dependencies makers open source open-source software organizations oss package patching products security software software products supply supply chain supply chain security technology topic vulnerability world
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
Financial Crimes Compliance - Senior - Consulting - Location Open
@ EY | New York City, US, 10001-8604
Software Engineer - Cloud Security
@ Neo4j | Malmö
Security Consultant
@ LRQA | Singapore, Singapore, SG, 119963
Identity Governance Consultant
@ Allianz | Sydney, NSW, AU, 2000
Educator, Cybersecurity
@ Brain Station | Toronto
Principal Security Engineer
@ Hippocratic AI | Palo Alto