Dirty-Waters: Detecting Software Supply Chain Smells

Name: Dirty-Waters: Detecting Software Supply Chain Smells
Start: 2025-04-29T10:00:00Z
End: 2025-04-29T11:00:00Z

Raphina Liu

Abstract

Using open-source dependencies is essential in modern software development. However, this practice implies significant trust in third-party code, while there is little support for developers to assess this trust. As a consequence, attacks have been increasingly occurring through third-party dependencies. These are called software supply chain attacks. In this talk, we will introduce the novel concept of software supply chain smell and present DIRTY-WATERS, a tool for detecting software supply chain smells. We will also demonstrate the prevalence of all proposed software supply chain smells.

Date

Apr 29, 2025 10:00 AM — 11:00 AM

Event

Live talk in EDIT 8103

Raphina recently completed her MSc in Cybersecurity and Stockholms University, and is currently a research engineer with Martin Monperrus’s group at KTH; Raphina is currently exploring potential academic positions.

Raphina Liu’s webpage

csstalk supply chain attacks