Publication | Open Access
Risk Explorer for Software Supply Chains
15
Citations
2
References
2022
Year
Unknown Venue
Software MaintenanceSupply Chain AttacksEngineeringInformation SecuritySupply Chain RiskSoftware EngineeringAttack VectorsSoftware AnalysisSupply Chain ResilienceSupply Chain Risk ManagementAttack TreeData ScienceOpen-source Software DevelopmentRisk ManagementLogisticsSupply ChainSupply Chain ManagementComputer ScienceSoftware VisualizationRisk ExplorerSoftware DesignSecurity VisualizationSoftware SecurityProgram AnalysisSoftware TestingBusiness
Supply chain attacks on open-source projects aim at injecting and spreading malicious code such that it is executed by direct and indirect downstream users. Recent work systematized the knowledge about such attacks and proposed a taxonomy in the form of an attack tree. We propose a visualization tool calledRisk Explorer for Software Supply Chains, which allows inspecting the taxonomy of attack vectors, their descriptions, references to real-world incidents and other literature, as well as information about associated safeguards. Being open-source itself, the community can easily reference new attacks, accommodate for entirely new attack vectors or reflect the development of new safeguards.
| Year | Citations | |
|---|---|---|
Page 1
Page 1