R.I.P.
๐ป
Ghosted
A Review of Attacks Against Language-Based Package Managers
February 17, 2023 ยท The Cartographer ยท ๐ arXiv.org
"No code URL or promise found in abstract"
"Title-pattern auto-detect: A Review of Attacks Against Language-Based Package Managers"
Evidence collected by the PWNC Scanner
Authors
Aarnav M. Bos
arXiv ID
2302.08959
Category
cs.SE: Software Engineering
Cross-listed
cs.CR
Citations
3
Venue
arXiv.org
Last Checked
4 days ago
Abstract
The liberalization of software licensing has led to unprecedented re-use of software. Alongside drastically increasing productivity and arguably quality of derivative works, it has also introduced multiple attack vectors. The management of software intended for re-use is typically conducted by a package manager, whose role involves installing and updating packages and enabling reproducible environments. Package managers implement various measures to enforce the integrity and accurate resolution of packages to prevent supply chain attacks. This review explores supply chain attacks on package managers. The attacks are categorized based on the nature of their impact and their position in the package installation process. To conclude, further areas of research are presented.
Community Contributions
Found the code? Know the venue? Think something is wrong? Let us know!
๐ Similar Papers
In the same crypt โ Software Engineering
R.I.P.
๐ป
Ghosted
Microservices: yesterday, today, and tomorrow
๐
๐
The Cartographer
A Survey of Machine Learning for Big Code and Naturalness
R.I.P.
๐ป
Ghosted
An Overview on Smart Contracts: Challenges, Advances and Platforms
R.I.P.
๐ป
Ghosted
Slither: A Static Analysis Framework For Smart Contracts
R.I.P.
๐ป
Ghosted