.d8888b. 888 888 d8888 8888888 888b 888 .d8888b.
d88P Y88b 888 888 d88888 888 8888b 888 d88P Y88b
888 888 888 888 d88P888 888 88888b 888 Y88b.
888 8888888888 d88P 888 888 888Y88b 888 "Y888b.
888 888 888 d88P 888 888 888 Y88b888 "Y88b.
888 888 888 888 d88P 888 888 888 Y88888 "888
Y88b d88P 888 888 d8888888888 888 888 Y8888 Y88b d88P
"Y8888P" 888 888 d88P 888 8888888 888 Y888 "Y8888P"
Software research for hardening the software supply chain. Funded by the Swedish Foundation for Strategic research (SSF) We are recruiting PhD students and software engineers! You'd like to work on hard software technology problems, as part of a vibrant scientific team? Get in touch!
<dependency>
<groupId>com.martiansoftware</groupId>
<artifactId>jsap</artifactId>
<version>2.1</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.36</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.11.0</version>
</dependency>- "The Multibillion Dollar Software Supply Chain of Ethereum", IEEE Computer, 2022
- "Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js", Usenix Security 2023
- Musard Balliu
- Benoit Baudry @baudry
- Sofia Bobadilla @Sofi1410
- Mathias Ekstedt
- Martin Monperrus @monperrus
- Javier Ron @javierron
- Aman Sharma @algomaster99
- Mikhail Shcherbakov
- César Soto-Valero
- Liu Yuxin
- Long Zhang @gluckzhang
- Gabriel Skoglund @gabrielskoglund
- Arvid Siberov @siberov
- Linus Östlund
- Analysis of the Software Supply Chain of Ethereum (Besu and Teku)
- Bitcoin software supply chain
- SerialDetector
- Dec 08 2022: Software bloat in PyPI. Speaker: Georgios Drosos (Athens University of Economics and Business)
- Sep 30 2022: 1st Workshop on the Software Supply Chain @ KTH
- Sep 20 2022: Open-source security analysis @SAP. Speakers: Henrik Plate (SAP), Serena Elisa Ponta (SAP)