Go to DBLP homepageOSSIntegrity: Collaborative open-source code integrity verification
Abstract: Highlights•Focus on targeted open-source software (OSS) supply chain attacks directed at a single organization or an individual user.•Present a secure crowdsource-based code verification, a novel distributed and scalable framework for verifying OSS libraries.•Integrated into the build phase of software production, as an additional step before packaging and deploying the application.•Identify inconsistencies between verifiers’ consensus and the user’s package code preventing any unauthorized alterations.•A total of 127,000 files were evaluated and it took an average of just 26 s to issue an alert against the attacks.
External IDs:dblp:journals/compsec/NahumGMMBEES24
Loading