Open this publication in new window or tab >>Show others...
2023 (English)In: SCORED 2023 - Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, Association for Computing Machinery (ACM) , 2023, p. 75-76Conference paper, Published paper (Refereed)
Abstract [en]
Modern software applications are virtually never built entirely in-house. As a matter of fact, they reuse many third-party dependencies, which form the core of their software supply chain [1]. The large number of dependencies in an application has turned into a major challenge for both security and reliability. For example, to compromise a high-value application, malicious actors can choose to attack a less well-guarded dependency of the project [2]. Even when there is no malicious intent, bugs can propagate through the software supply chain and cause breakages in applications. Gathering accurate, upto- date information about all dependencies included in an application is, therefore, of vital importance.
Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2023
Keywords
sbom, software supply chain
National Category
Computer Sciences Computer Systems
Identifiers
urn:nbn:se:kth:diva-341683 (URN)10.1145/3605770.3625207 (DOI)001123143300012 ()2-s2.0-85180010428 (Scopus ID)
Conference
2nd Edition of the ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, SCORED 2023, Copenhagen, Denmark, Nov 30 2023
Note
Part of proceedings ISBN 9798400702631
QC 20231229
2023-12-292023-12-292024-01-22Bibliographically approved