kth.sePublikationer KTH
EnglishSvenskaNorsk
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Dirty-Waters: Detecting Software Supply Chain Smells
KTH.ORCID-id: 0009-0009-7681-3490
KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Teoretisk datalogi, TCS.ORCID-id: 0000-0003-3116-3278
KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Teoretisk datalogi, TCS.ORCID-id: 0000-0002-4015-4640
KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Teoretisk datalogi, TCS.ORCID-id: 0000-0003-3505-3383
2025 (Engelska)Ingår i: FSE Companion 2025 - Companion Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering, Association for Computing Machinery (ACM) , 2025, s. 1045-1049Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Using open-source dependencies is essential in modern software development. However, this practice implies significant trust in third-party code, while there is little support for developers to assess this trust. As a consequence, attacks, called software supply chain attacks, have been increasingly occurring through third-party dependencies. In this paper, we target the problem of projects that use dependencies, where developers are unaware of the potential risks posed by their software supply chain. We define the novel concept of software supply chain smell and present Dirty-Waters, a novel tool for detecting software supply chain smells. We evaluate Dirty-Waters on three JavaScript projects and demonstrate the prevalence of all proposed software supply chain smells. Dirty-Waters reveals potential risks for previously invisible problems and provides clear indicators for developers to act on the security of their supply chain. A video demonstrating Dirty-Waters is available at: http://l.4open.science/dirty-waters-demo.
Ort, förlag, år, upplaga, sidor
Association for Computing Machinery (ACM) , 2025. s. 1045-1049
Nyckelord [en]
Open Source, Software Security, Software Supply Chain
Nationell ämneskategori
Programvaruteknik
Identifikatorer
URN: urn:nbn:se:kth:diva-370310DOI: 10.1145/3696630.3728578Scopus ID: 2-s2.0-105013963801OAI: oai:DiVA.org:kth-370310DiVA, id: diva2:2000817
Konferens
33rd ACM International Conference on the Foundations of Software Engineering, FSE Companion 2025, Trondheim, Norway, Jun 23 2025 - Jun 27 2025
Anmärkning

Part of ISBN 9798400712760

QC 20250925

Tillgänglig från: 2025-09-25 Skapad: 2025-09-25 Senast uppdaterad: 2025-09-25Bibliografiskt granskad

Open Access i DiVA

Fulltext saknas i DiVA

Övriga länkar

Förlagets fulltextScopus

Person

Bobadilla, SofiaBaudry, BenoitMonperrus, Martin

Sök vidare i DiVA

Av författaren/redaktören
Liu, RaphinaBobadilla, SofiaBaudry, BenoitMonperrus, Martin
Av organisationen
KTHTeoretisk datalogi, TCS
Programvaruteknik

Sök vidare utanför DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetricpoäng

doi
urn-nbn
Totalt: 57 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
KTH Bibliotek
|
DiVA support
|
Registrera i DiVA
|
Spikning av avhandling
|
SwePub
|
Om öppen tillgång