kth.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Software Bill of Materials in Java
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Theoretical Computer Science, TCS.ORCID iD: 0000-0001-6005-5992
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Software and Computer systems, SCS.ORCID iD: 0000-0002-4015-4640
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Theoretical Computer Science, TCS.ORCID iD: 0000-0003-3116-3278
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0003-3922-9606
Show others and affiliations
2023 (English)In: SCORED 2023 - Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, Association for Computing Machinery (ACM) , 2023, p. 75-76Conference paper, Published paper (Refereed)
Abstract [en]

Modern software applications are virtually never built entirely in-house. As a matter of fact, they reuse many third-party dependencies, which form the core of their software supply chain [1]. The large number of dependencies in an application has turned into a major challenge for both security and reliability. For example, to compromise a high-value application, malicious actors can choose to attack a less well-guarded dependency of the project [2]. Even when there is no malicious intent, bugs can propagate through the software supply chain and cause breakages in applications. Gathering accurate, upto- date information about all dependencies included in an application is, therefore, of vital importance.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM) , 2023. p. 75-76
Keywords [en]
sbom, software supply chain
National Category
Computer Sciences Computer Systems
Identifiers
URN: urn:nbn:se:kth:diva-341683DOI: 10.1145/3605770.3625207ISI: 001123143300012Scopus ID: 2-s2.0-85180010428OAI: oai:DiVA.org:kth-341683DiVA, id: diva2:1823042
Conference
2nd Edition of the ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, SCORED 2023, Copenhagen, Denmark, Nov 30 2023
Note

Part of proceedings ISBN 9798400702631

QC 20231229

Available from: 2023-12-29 Created: 2023-12-29 Last updated: 2024-01-22Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Balliu, MusardBaudry, BenoitBobadilla, SofiaEkstedt, MathiasMonperrus, MartinRon Arteaga, JavierSkoglund, GabrielSoto Valero, CésarWittlinger, Martin

Search in DiVA

By author/editor
Balliu, MusardBaudry, BenoitBobadilla, SofiaEkstedt, MathiasMonperrus, MartinRon Arteaga, JavierSharma, AmanSkoglund, GabrielSoto Valero, CésarWittlinger, Martin
By organisation
Theoretical Computer Science, TCSSoftware and Computer systems, SCSNetwork and Systems Engineering
Computer SciencesComputer Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 90 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf