all InfoSec news
ZTD$_{JAVA}$: Mitigating Software Supply Chain Vulnerabilities via Zero-Trust Dependencies
April 26, 2024, 4:11 a.m. | Paschal C. Amusuo, Kyle A. Robinson, Tanmay Singla, Huiyun Peng, Aravind Machiry, Santiago Torres-Arias, Laurent Simon, James C. Davis
cs.CR updates on arXiv.org arxiv.org
Abstract: Third-party software components like Log4J accelerate software application development but introduce substantial risk. These components have led to many software supply chain attacks. These attacks succeed because third-party software components are implicitly trusted in an application. Although several security defenses exist to reduce the risks from third-party software components, none of them fulfills the full set of requirements needed to defend against common attacks. No individual solution prevents malicious access to operating system resources, is …
accelerate application application development arxiv attacks components cs.cr cs.se defenses dependencies development java led log4j party risk risks security software software components software supply chain software supply chain attacks supply supply chain supply chain attacks third third-party trust trust dependencies vulnerabilities
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
Principal - Cyber Risk and Assurance - Infra/Network
@ GSK | Bengaluru Luxor North Tower
Staff Security Engineer
@ Airwallex | AU - Melbourne
Chief Information Security Officer
@ Australian Payments Plus | Sydney, New South Wales, Australia
TW Test Automation Engineer (Access Control & Intrusion Systems)
@ Bosch Group | Taipei, Taiwan
Consultant infrastructure sécurité H/F
@ Hifield | Sèvres, France
SOC Analyst
@ Wix | Tel Aviv, Israel