OSS供应链安全：需要什么？

Q3 Computer Science

Queue Pub Date : 2022-10-31 DOI:10.1145/3570923

Maya Kaczorowski, Falcon Momot, George Neville-Neil, Chris McCubbin

{"title":"OSS供应链安全：需要什么？","authors":"Maya Kaczorowski, Falcon Momot, George Neville-Neil, Chris McCubbin","doi":"10.1145/3570923","DOIUrl":null,"url":null,"abstract":"While enterprise security teams naturally tend to turn their focus primarily to direct attacks on their own infrastructure, cybercrime exploits now are increasingly aimed at easier targets upstream. This has led to a perfect storm, since virtually all significant codebase repositories at this point include at least some amount of open-source software. But opportunities also abound there for the authors of malware. The broader cybercrime world, meanwhile, has noted that open-source supply chains are generally easy to penetrate. What's being done at this point to address the apparent risks?","PeriodicalId":39042,"journal":{"name":"Queue","volume":"20 1","pages":"86 - 102"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"OSS Supply-chain Security: What Will It Take?\",\"authors\":\"Maya Kaczorowski, Falcon Momot, George Neville-Neil, Chris McCubbin\",\"doi\":\"10.1145/3570923\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"While enterprise security teams naturally tend to turn their focus primarily to direct attacks on their own infrastructure, cybercrime exploits now are increasingly aimed at easier targets upstream. This has led to a perfect storm, since virtually all significant codebase repositories at this point include at least some amount of open-source software. But opportunities also abound there for the authors of malware. The broader cybercrime world, meanwhile, has noted that open-source supply chains are generally easy to penetrate. What's being done at this point to address the apparent risks?\",\"PeriodicalId\":39042,\"journal\":{\"name\":\"Queue\",\"volume\":\"20 1\",\"pages\":\"86 - 102\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-10-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Queue\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3570923\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"Computer Science\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Queue","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3570923","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Computer Science","Score":null,"Total":0}

引用次数: 0

摘要

虽然企业安全团队自然倾向于将重点主要转向对自己基础设施的直接攻击，但网络犯罪漏洞现在越来越多地针对上游更容易攻击的目标。这导致了一场完美的风暴，因为目前几乎所有重要的代码库都至少包括一些开源软件。但恶意软件的作者也有很多机会。与此同时，更广泛的网络犯罪世界已经注意到，开源供应链通常很容易渗透。目前正在采取什么措施来解决明显的风险？

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

OSS Supply-chain Security: What Will It Take?

While enterprise security teams naturally tend to turn their focus primarily to direct attacks on their own infrastructure, cybercrime exploits now are increasingly aimed at easier targets upstream. This has led to a perfect storm, since virtually all significant codebase repositories at this point include at least some amount of open-source software. But opportunities also abound there for the authors of malware. The broader cybercrime world, meanwhile, has noted that open-source supply chains are generally easy to penetrate. What's being done at this point to address the apparent risks?

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Queue Computer Science-Computer Science (all)

CiteScore

1.80

自引率

0.00%

发文量