Zobrazeno 1 - 10 of 24 pro vyhledávání: '"Henrik Plate"'
2
Vuln4Real: A Methodology for Counting Actually Vulnerable Dependencies
Autor: Henrik Plate, Ivan Pashchenko, Fabio Massacci, Antonino Sabetta, Serena Elisa Ponta
Publikováno v: IEEE Transactions on Software Engineering
Vulnerable dependencies are a known problem in today's free open-source software ecosystems because FOSS libraries are highly interconnected, and developers do not always update their dependencies. Our paper proposes Vuln4Real, the methodology for co
Externí odkaz: https://explore.openaire.eu/search/publication?articleId=doi_dedup___::7ab6d81044c218b42e83ce038ae8d881
https://doi.org/10.1109/tse.2020.3025443
Zobrazit plný text záznamu
3
Detection, assessment and mitigation of vulnerabilities in open source dependencies
Autor: Serena Elisa Ponta, Henrik Plate, Antonino Sabetta
Publikováno v: Empirical Software Engineering. 25:3175-3215
Open source software (OSS) libraries are widely used in the industry to speed up the development of software products. However, these libraries are subject to an ever-increasing number of vulnerabilities that are publicly disclosed. It is thus crucia
Externí odkaz: https://explore.openaire.eu/search/publication?articleId=doi_________::4da5e603d092808e7ba1ade8c8e24b76
https://doi.org/10.1007/s10664-020-09830-x
Zobrazit plný text záznamu
4
LastPyMile Replication Package
Autor: Duc Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta
Replication package for the ESEC/FSE 2021 paper "LastPyMile: Identifying the discrepancy between sources and packages"
Externí odkaz: https://explore.openaire.eu/search/publication?articleId=doi_________::330730d5fa90f620719a742ae9e65323
Zobrazit plný text záznamu
5
The Used, the Bloated, and the Vulnerable: Reducing the Attack Surface of an Industrial Application
Autor: Wolfram Fischer, Antonino Sabetta, Serena Elisa Ponta, Henrik Plate
Publikováno v: ICSME
Software reuse may result in software bloat when significant portions of application dependencies are effectively unused. Several tools exist to remove unused (byte)code from an application or its dependencies, thus producing smaller artifacts and, p
Externí odkaz: https://explore.openaire.eu/search/publication?articleId=doi_dedup___::c11a15c5c8abe5fbdd14524c08ccd804
Zobrazit plný text záznamu
6
Towards Using Source Code Repositories to Identify Software Supply Chain Attacks
Autor: Duc-Ly Vu, Henrik Plate, Ivan Pashchenko, Antonino Sabetta, Fabio Massacci
Publikováno v: CCS
Increasing popularity of third-party package repositories, like NPM, PyPI, or RubyGems, makes them an attractive target for software supply chain attacks. By injecting malicious code into legitimate packages, attackers were known to gain more than 10
Externí odkaz: https://explore.openaire.eu/search/publication?articleId=doi_dedup___::d4788dcc80c58d3e9e27cfd804c0bc65
http://hdl.handle.net/11572/282636
Zobrazit plný text záznamu
7
Typosquatting and Combosquatting Attacks on the Python Ecosystem
Autor: Ivan Pashchenko, Fabio Massacci, Antonino Sabetta, Duc-Ly Vu, Henrik Plate
Publikováno v: EuroS&P Workshops
Limited automated controls integrated into the Python Package Index (PyPI) package uploading process make PyPI an attractive target for attackers to trick developers into using malicious packages. Several times this goal has been achieved via the com
Externí odkaz: https://explore.openaire.eu/search/publication?articleId=doi_dedup___::03ea4c3cd1a8286276a58e40d99ba2d1
https://ieeexplore.ieee.org/document/9229803/authors
Zobrazit plný text záznamu
8
Code-based Vulnerability Detection in Node.js Applications: How far are we?
Autor: Serena Elisa Ponta, Antonino Sabetta, Takashi Ishio, Henrik Plate, Bodin Chinthanet, Kenichi Matsumoto, Raula Gaikovina Kula
Publikováno v: ASE
With one of the largest available collection of reusable packages, the JavaScript runtime environment Node.js is one of the most popular programming application. With recent work showing evidence that known vulnerabilities are prevalent in both open
Externí odkaz: https://explore.openaire.eu/search/publication?articleId=doi_dedup___::b8e873ebbd10f99c450637301a22b10e
Zobrazit plný text záznamu
9
Backstabber’s Knife Collection: A Review of Open Source Software Supply Chain Attacks
Autor: Marc Ohm, Michael Meier, Arnold Sykosch, Henrik Plate
Publikováno v: Detection of Intrusions and Malware, and Vulnerability Assessment ISBN: 9783030526825
DIMVA
A software supply chain attack is characterized by the injection of malicious code into a software package in order to compromise dependent systems further down the chain. Recent years saw a number of supply chain attacks that leverage the increasing
Externí odkaz: https://explore.openaire.eu/search/publication?articleId=doi_________::3691ee75355ede721c55e4d1c89e3a8c
https://doi.org/10.1007/978-3-030-52683-2_2
Zobrazit plný text záznamu
10
A Manually-Curated Dataset of Fixes to Vulnerabilities of Open-Source Software
Autor: Antonino Sabetta, Cedric Dangremont, Michele Bezzi, Serena Elisa Ponta, Henrik Plate
Publikováno v: MSR
Advancing our understanding of software vulnerabilities, automating their identification, the analysis of their impact, and ultimately their mitigation is necessary to enable the development of software that is more secure. While operating a vulnerab
Externí odkaz: https://explore.openaire.eu/search/publication?articleId=doi_dedup___::48bbba7e72d1bf1c2b236b11e0f029b3
Zobrazit plný text záznamu

Vyhledávací nástroje:

Upřesnit hledání

Omezení vyhledávání
Plný text Recenzováno Digitální knihovna AV ČR
Zdroje