Leveraging Team Dynamics to Predict Open-source Software Projects' Susceptibility to Social Engineering Attacks

06/30/2021
by   Luiz Giovanini, et al.
0

Open-source software (OSS) is a critical part of the software supply chain. Recent social engineering attacks against OSS development teams have enabled attackers to become code contributors and later inject malicious code or vulnerabilities into the project with the goal of compromising dependent software. The attackers have exploited interactions among development team members and the social dynamics of team behavior to enable their attacks. We introduce a security approach that leverages signatures and patterns of team dynamics to predict the susceptibility of a software development team to social engineering attacks that enable access to the OSS project code. The proposed approach is programming language-, platform-, and vulnerability-agnostic because it assesses the artifacts of OSS team interactions, rather than OSS code.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
05/19/2020

Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks

A software supply chain attack is characterized by the injection of mali...
research
07/30/2022

'PeriHack': Designing a Serious Game for Cybersecurity Awareness

This paper describes the design process for the cybersecurity serious ga...
research
07/26/2022

Balanced Knowledge Distribution among Software Development Teams – Observations from Open-Source and Closed-Source Software Development

In software development teams, developer turnover is among the primary r...
research
09/14/2023

Locating Community Smells in Software Development Processes Using Higher-Order Network Centralities

Community smells are negative patterns in software development teams' in...
research
07/10/2019

Dynamics of Team Library Adoptions: An Exploration of GitHub Commit Logs

When a group of people strives to understand new information, struggle e...
research
08/30/2019

Social Engineering in a Post-Phishing Era: Ambient Tactical Deception Attacks

It is an ordinary day working from home, and you are part of a team that...
research
03/27/2021

Team-oriented Consistency Checking of Heterogeneous Engineering Artifacts

Consistency checking of interdependent heterogeneous engineering artifac...

Please sign up or login with your details

Forgot password? Click here to reset