Litcius/Paper detail

Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages

Ruian Duan, Omar Alrawi, Ranjita Pai Kasturi, Ryan Elder, Brendan Saltaformaggio, Wenke Lee

202198 citationsDOIOpen Access PDF

Abstract

organizations that rely on open-source interpreted programming languages for different internal and external applications. Attackers can infiltrate well-defended organization by simply subverting the software supply chain of registries. For example, eslint-scope [4], a package with millions of weekly downloads in Npm, was compromised to steal credentials from developers. Similarly, rest-client These attacks demonstrate how miscreants can covertly gain access to a wide-range of organizations by carrying out a software supply chain attack.

Topics & Concepts

Supply chainComputer scienceChain (unit)Supply chain managementBusinessProcess managementMarketingPhysicsAstronomySecurity and Verification in ComputingAdvanced Malware Detection TechniquesWeb Application Security Vulnerabilities
Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages | Litcius