Journey to the center of software supply chain attacks
View/Open
Cita com:
hdl:2117/411709
Document typeArticle
Defense date2023-08-21
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Rights accessOpen Access
All rights reserved. This work is protected by the corresponding intellectual and industrial
property rights. Without prejudice to any existing legal exemptions, reproduction, distribution, public
communication or transformation of this work are prohibited without permission of the copyright holder
Abstract
This article discusses open source software supply chain attacks and proposes a general taxonomy describing how attackers conduct them. We then provide a list of safeguards to mitigate such attacks. We present our tool "Risk Explorer for Software Supply Chains" to explore such information, and we discuss its industrial use-cases.
CitationLadisa, P. [et al.]. Journey to the center of software supply chain attacks. "IEEE security & privacy", 21 Agost 2023, vol. 21, núm. 6, p. 34-49.
ISSN1558-4046
Publisher versionhttps://ieeexplore.ieee.org/document/10224821
Files | Description | Size | Format | View |
---|---|---|---|---|
2304.05200v1.pdf | 1,349Mb | View/Open |