AI Chat

PREPRINT: Can the OpenSSF Scorecard be used to measure the security posture of npm and PyPI?

08/06/2022

∙

by Nusrat Zahan, et al.

∙

∙

The OpenSSF Scorecard project is an automated tool to monitor the security health of open source software. We used the tool to understand the security practices and gaps in npm and PyPI ecosystems and to confirm the applicability of the Scorecard tool.

Nusrat Zahan
5 publications
Parth Kanakiya
1 publication
Brian Hambleton
1 publication
Shohanuzzaman Shohan
2 publications
Laurie Williams
34 publications

∙ 08/13/2021

VulnEx: Exploring Open-Source Software Vulnerabilities in Large Development Organizations to Understand Risk Exposure

The prevalent usage of open-source software (OSS) has led to an increase...

0 Frederik L. Dennig, et al. ∙

∙ 02/02/2023

SSO-Monitor: Fully-Automatic Large-Scale Landscape, Security, and Privacy Analyses of Single Sign-On in the Wild

Single Sign-On (SSO) shifts the crucial authentication process on a webs...

0 Maximilian Westers, et al. ∙

∙ 02/10/2021

Enterprise-Driven Open Source Software: A Case Study on Security Automation

Agile and DevOps are widely adopted by the industry. Hence, integrating ...

0 Florian Angermeir, et al. ∙

∙ 07/28/2020

SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly But Were Afraid to Ask

Disassembly of binary code is hard, but necessary for improving the secu...

0 Chengbin Pang, et al. ∙

∙ 10/13/2020

The Vacuity of the Open Source Security Testing Methodology Manual

The Open Source Security Testing Methodology Manual (OSSTMM) provides a ...

0 Martin R. Albrecht, et al. ∙

∙ 10/16/2020

SAIBERSOC: Synthetic Attack Injection to Benchmark and Evaluate the Performance of Security Operation Centers

In this paper we introduce SAIBERSOC, a tool and methodology enabling se...

0 Martin Rosso, et al. ∙

∙ 11/11/2020

Guiding user annotations for units-of-measure verification

This extended abstract reports on previous work of the CamFort project i...

0 Dominic Orchard, et al. ∙