kth.se
EnglishSvenskaNorsk
Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Dirty-Waters: Detecting Software Supply Chain Smells
KTH.ORCID-id: 0009-0009-7681-3490
KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Teoretisk datalogi, TCS.ORCID-id: 0000-0003-3116-3278
KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Teoretisk datalogi, TCS.ORCID-id: 0000-0002-4015-4640
KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Teoretisk datalogi, TCS.ORCID-id: 0000-0003-3505-3383
2025 (engelsk)Inngår i: FSE Companion 2025 - Companion Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering, Association for Computing Machinery (ACM) , 2025, s. 1045-1049Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Using open-source dependencies is essential in modern software development. However, this practice implies significant trust in third-party code, while there is little support for developers to assess this trust. As a consequence, attacks, called software supply chain attacks, have been increasingly occurring through third-party dependencies. In this paper, we target the problem of projects that use dependencies, where developers are unaware of the potential risks posed by their software supply chain. We define the novel concept of software supply chain smell and present Dirty-Waters, a novel tool for detecting software supply chain smells. We evaluate Dirty-Waters on three JavaScript projects and demonstrate the prevalence of all proposed software supply chain smells. Dirty-Waters reveals potential risks for previously invisible problems and provides clear indicators for developers to act on the security of their supply chain. A video demonstrating Dirty-Waters is available at: http://l.4open.science/dirty-waters-demo.
sted, utgiver, år, opplag, sider
Association for Computing Machinery (ACM) , 2025. s. 1045-1049
Emneord [en]
Open Source, Software Security, Software Supply Chain
HSV kategori
Identifikatorer
URN: urn:nbn:se:kth:diva-370310DOI: 10.1145/3696630.3728578Scopus ID: 2-s2.0-105013963801OAI: oai:DiVA.org:kth-370310DiVA, id: diva2:2000817
Konferanse
33rd ACM International Conference on the Foundations of Software Engineering, FSE Companion 2025, Trondheim, Norway, Jun 23 2025 - Jun 27 2025
Merknad

Part of ISBN 9798400712760

QC 20250925

Tilgjengelig fra: 2025-09-25 Laget: 2025-09-25 Sist oppdatert: 2025-09-25bibliografisk kontrollert

Open Access i DiVA

Fulltekst mangler i DiVA

Andre lenker

Forlagets fulltekstScopus

Person

Bobadilla, SofiaBaudry, BenoitMonperrus, Martin

Søk i DiVA

Av forfatter/redaktør
Liu, RaphinaBobadilla, SofiaBaudry, BenoitMonperrus, Martin
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric

doi
urn-nbn
Totalt: 57 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
KTH Bibliotek
|
DiVA support
|
Registrera i DiVA
|
SwePub