Santiago Torres-Arias

Ethan H. Burmane

Kelechi G. Kalu

CoRR, 2024

DiVerify: Diversifying Identity Verification in Next-Generation Software Signing.

[BibT_eX]

[DOI]

Chinenye L. Okafor

CoRR, 2024

An Industry Interview Study of Software Signing for Supply Chain Security.

[BibT_eX]

[DOI]

Kelechi G. Kalu

Tanya Singla

Chinenye Okafor

CoRR, 2024

SoK: A Defense-Oriented Evaluation of Software Supply Chain Security.

[BibT_eX]

[DOI]

Eman Abu Ishgair

CoRR, 2024

Signing in Four Public Software Package Registries: Quantity, Quality, and Influencing Factors.

[BibT_eX]

[DOI]

Eman Abdul-Muhd Abu Isghair

Kelechi G. Kalu

Luke Chigges

Kyung Myung Ko

Saurabh Baghi

CoRR, 2024

Signing in Four Public Software Package Registries: Quantity, Quality, and Influencing Factors.

[BibT_eX]

[DOI]

Proceedings of the IEEE Symposium on Security and Privacy, 2024

Should Smart Homes Be Afraid of Evil Maids? : Identifying Vulnerabilities in IoT Device Firmware.

[BibT_eX]

[DOI]

Austen Knapp

Emmanuel Wamuo

Minhajul Alam Rahat

Gedare Bloom

Yanyan Zhuang

Proceedings of the 14th IEEE Annual Computing and Communication Workshop and Conference, 2024

2023

Towards verifiable web-based code review systems.

[BibT_eX]

[DOI]

J. Comput. Secur., 2023

A Viewpoint on Knowing Software: Bill of Materials Quality When You See It.

[BibT_eX]

[DOI]

Daniel E. Geer

John Speed Meyers

IEEE Secur. Priv., 2023

A Viewpoint on Software Supply Chain Security: Are We Getting Lost in Translation?

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2023

Rust for Embedded Systems: Current State, Challenges and Open Problems.

[BibT_eX]

[DOI]

Ayushi Sharma

Shashank Sharma

Aravind Machiry

CoRR, 2023

Preventing Supply Chain Vulnerabilities in Java with a Fine-Grained Permission Manager.

[BibT_eX]

[DOI]

Paschal C. Amusuo

Kyle A. Robinson

Laurent Simon

CoRR, 2023

Behind the Scenes: Uncovering TLS and Server Certificate Practice of IoT Device Vendors in the Wild.

[BibT_eX]

[DOI]

Muhammad Talha Paracha

David R. Choffnes

Danny Yuxing Huang

Yixin Sun

Proceedings of the 2023 ACM on Internet Measurement Conference, 2023

Speranza: Usable, Privacy-friendly Software Signing.

[BibT_eX]

[DOI]

Kelsey Merrill

Zachary Newman

Karen R. Sollins

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

SCORED '23: Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses.

[BibT_eX]

[DOI]

Laurent Simon

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

2022

Bootstrapping Trust in Community Repository Projects.

[BibT_eX]

[DOI]

Sangat Vaidya

Proceedings of the Security and Privacy in Communication Networks, 2022

SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties.

[BibT_eX]

[DOI]

Chinenye Okafor

Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, 2022

SCORED '22: ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses.

[BibT_eX]

[DOI]

Laurent Simon

Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022

Sigstore: Software Signing for Everybody.

[BibT_eX]

[DOI]

Zachary Newman

John Speed Meyers

Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022

2021

COLBAC: Shifting Cybersecurity from Hierarchical to Horizontal Designs.

[BibT_eX]

[DOI]

Kevin Gallagher

Nasir D. Memon

Jessica Feldman

Proceedings of the NSPW '21: New Security Paradigms Workshop, Virtual Event, USA, October 25, 2021

2020

Towards adding verifiability to web-based Git repositories.

[BibT_eX]

[DOI]

J. Comput. Secur., 2020

2019

in-toto: Providing farm-to-table guarantees for bits and bytes.

[BibT_eX]

[DOI]

Trishank Karthik Kuppusamy

Proceedings of the 28th USENIX Security Symposium, 2019

Commit Signatures for Centralized Version Control Systems.

[BibT_eX]

[DOI]

Sangat Vaidya

Proceedings of the ICT Systems Security and Privacy Protection, 2019

2018

le-git-imate: Towards Verifiable Web-based Git Repositories.

[BibT_eX]

[DOI]

Proceedings of the 2018 on Asia Conference on Computer and Communications Security, 2018

2016

On Omitting Commits and Committing Omissions: Preventing Git Metadata Tampering That (Re)introduces Software Vulnerabilities.

[BibT_eX]

[DOI]

Anil Kumar Ammula

Trishank Karthik Kuppusamy

Proceedings of the 25th USENIX Security Symposium, 2016

Diplomat: Using Delegations to Protect Community Repositories.

[BibT_eX]

[DOI]

Vladimir Diaz

Proceedings of the 13th USENIX Symposium on Networked Systems Design and Implementation, 2016

2014

PolyPasswordHasher: Improving Password Storage Security.

[BibT_eX]

[DOI]