Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- research-articleJune 2024
A blockchain‐based and microservices‐architected software composition analysis system
Journal of Software: Evolution and Process (WSMR), Volume 36, Issue 10https://doi.org/10.1002/smr.2675Abstract“Shift To Left” is the cornerstone of the successful implementation of DevSecOps. By testing projects for vulnerabilities in the early stages of development, teams can save overall costs before security issues reach the build phase. As one of ...
This is a Software Composition Analysis (SCA) system based on blockchain technology and microservices architecture. In this system, blockchain serves as the core data repository to ensure data security and privacy. Microservices, decoupling smart ...
- research-articleApril 2024
BinaryAI: Binary Software Composition Analysis via Intelligent Binary Source Code Matching
ICSE '24: Proceedings of the IEEE/ACM 46th International Conference on Software EngineeringArticle No.: 224, Pages 1–13https://doi.org/10.1145/3597503.3639100While third-party libraries (TPLs) are extensively reused to enhance productivity during software development, they can also introduce potential security risks such as vulnerability propagation. Software composition analysis (SCA), proposed to identify ...
- research-articleFebruary 2024
Risk Assessment of Using Open Source Projects: Analysis of the Existing Approaches
Automatic Control and Computer Sciences (ACCS), Volume 57, Issue 8Pages 938–946https://doi.org/10.3103/S0146411623080059AbstractThis article analyzes the existing approaches to assess and account for the components used in software, including open source software. The existing frameworks for assessing software development processes, including information security, are ...
- research-articleNovember 2024
On the Security Blind Spots of Software Composition Analysis
SCORED '24: Proceedings of the 2024 Workshop on Software Supply Chain Offensive Research and Ecosystem DefensesPages 77–87https://doi.org/10.1145/3689944.3696165Modern software heavily relies on the use of components. Those components are usually published in central repositories, and managed by build systems via dependencies. Due to issues around vulnerabilities, licenses, and the propagation of bugs, the study ...
- research-articleOctober 2021
A comparative study of vulnerability reporting by software composition analysis tools
ESEM '21: Proceedings of the 15th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)Article No.: 5, Pages 1–11https://doi.org/10.1145/3475716.3475769Background: Modern software uses many third-party libraries and frameworks as dependencies. Known vulnerabilities in these dependencies are a potential security risk. Software composition analysis (SCA) tools, therefore, are being increasingly adopted ...