Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
Ruian Duan, Omar Alrawi, Ranjita Pai Kasturi, Ryan Elder, Brendan Saltaformaggio, Wenke Lee
Abstract
organizations that rely on open-source interpreted programming languages for different internal and external applications. Attackers can infiltrate well-defended organization by simply subverting the software supply chain of registries. For example, eslint-scope [4], a package with millions of weekly downloads in Npm, was compromised to steal credentials from developers. Similarly, rest-client These attacks demonstrate how miscreants can covertly gain access to a wide-range of organizations by carrying out a software supply chain attack.
Topics & Concepts
Supply chainComputer scienceChain (unit)Supply chain managementBusinessProcess managementMarketingPhysicsAstronomySecurity and Verification in ComputingAdvanced Malware Detection TechniquesWeb Application Security Vulnerabilities