ArXivCSExplorer
☆☆Bookmarks🏆RSSHow to UseFAQ
Built with and by Teycir Ben Soltane•
How to Use•FAQ•GitHub•arXiv.org•
Share:

~ similar to 2605.29226v1· 20 results

cs.CRRecentMay 27, 2026

S3C2 Summit 2025-07: Government Secure Supply Chain Summit

Sivana Hamer, Pat Morrison, William Enck, Yasemin Acar +5 more

The paper summarizes a Secure Software Supply Chain Summit held by the S3C2 center, detailing discussions among government agencies on critical security topics to inform future research and collaborat…

View →
cs.SEcs.CRRecentJun 1, 2026

Poking Around in the Dark: Why a Shared Understanding of Components Matters

Felix Reichmann, Wolfgang Krane, Alena Naiakshina, Martin Johns +1 more

The paper argues that current Software Bills of Materials (SBOMs) are fundamentally flawed due to a lack of shared understanding regarding what constitutes a 'component,' demonstrating that existing t…

View →
cs.CRRecentMar 17, 2026

SynthChain: A Synthetic Benchmark and Forensic Analysis of Advanced and Stealthy Software Supply Chain Attacks

Zhuoran Tan, Wenbo Guo, Taylor Brierley, Jiewen Luo +2 more

The paper introduces SynthChain, a comprehensive, multi-source synthetic testbed and dataset that demonstrates that detecting advanced software supply chain attacks requires fusing evidence from multi…

View →
cs.SEcs.CRRecentMar 25, 2026

Software Supply Chain Smells: Lightweight Analysis for Secure Dependency Management

Larissa Schmid, Diogo Gaspar, Raphina Liu, Sofia Bobadilla +2 more

The paper introduces 'software supply chain smells,' structural indicators of security risks in third-party dependencies, and presents Dirty-Waters, a tool that detects these smells, finding that diff…

View →
cs.SEcs.CRcs.LGRecentApr 4, 2026

Towards Predicting Multi-Vulnerability Attack Chains in Software Supply Chains from Software Bill of Materials Graphs

Laura Baird, Armin Moin

The paper proposes a graph-learning approach to predict multi-vulnerability attack chains within software supply chains, achieving high accuracy on both component classification and cascade prediction…

View →
cs.CRcs.NIRecentMay 5, 2026

Towards a Zero-Trust Supply-Chain Assurance Rubric for ORAN RIC Applications

Chun Yin Chiu

The paper proposes a zero-trust supply-chain assurance rubric for O-RAN RIC applications to secure the entire lifecycle, from development to runtime.

View →
cs.CRcs.SERecentApr 5, 2026

LLM-Enabled Open-Source Systems in the Wild: An Empirical Study of Vulnerabilities in GitHub Security Advisories

Fariha Tanjim Shifat, Hariswar Baburaj, Ce Zhou, Jaydeb Sarker +1 more

The paper analyzes GitHub security advisories for LLM-integrated open-source systems, finding that while most vulnerabilities map to existing code-level weaknesses, the architectural risks like Supply…

View →
cs.SEcs.CRRecentApr 15, 2026

Analysis of Commit Signing on Github

Abubakar Sadiq Shittu, John Sadik, Farzin Gholamrezae, Scott Ruoti

This study provides an ecosystem-scale measurement of commit signing on GitHub, finding that current signing adoption rates are misleading and that developers struggle to maintain consistent, long-ter…

View →
cs.CRRecentMay 18, 2026

Bridging the Cybersecurity Gap Between Web2 and Web3 -- An Incident-Based Analysis of Organizational and Application-Level Security Failures

Tarkan Yavas, Arslan Brömme

This paper analyzes high-impact Web3 security incidents to show that most losses stem from off-chain organizational and operational failures, not just smart contract bugs.

View →
cs.CRcs.SERecentMay 14, 2026

Exploiting LLM Agent Supply Chains via Payload-less Skills

Xinyu Liu, Yukai Zhao, Xing Hu, Xin Xia

The paper introduces Semantic Compliance Hijacking (SCH), a novel payload-less attack that exploits LLM agent supply chains by manipulating compliance rules to force unauthorized code generation, achi…

View →
cs.CRRecentApr 20, 2026

TitanCA: Lessons from Orchestrating LLM Agents to Discover 100+ CVEs

Ting Zhang, Yikun Li, Chengran Yang, Ratnadira Widyasari +14 more

TitanCA presents a novel, multi-agent LLM orchestration framework that significantly improves vulnerability discovery by reducing false positives and identifying numerous zero-day vulnerabilities.

View →
cs.CRRecentMay 20, 2026

An Evidence-driven Protocol for Trustworthy CI Pipelines

Fernando Castillo, Eduardo Brito, Pille Pullonen-Raudvere, Sebastian Werner +1 more

The paper proposes an evidence-driven protocol combining Deterministic Build Systems and Trusted Execution Environments to provide cryptographically verifiable guarantees of software artifact integrit…

View →
cs.CRcs.AIRecentApr 3, 2026

Towards Secure Agent Skills: Architecture, Threat Taxonomy, and Security Analysis

Zhiyuan Li, Jingzheng Wu, Xiang Ling, Xing Cui +1 more

This paper provides the first comprehensive security analysis of the Agent Skills framework, identifying severe structural vulnerabilities that require fundamental architectural changes rather than si…

View →
cs.CRRecentMay 30, 2026

GCVE: A Decentralized Model for Vulnerability Identification, Publication, and Operational Enrichment

Alexandre Dulaunoy

The paper proposes GCVE, a decentralized, open, and extensible socio-technical model to standardize and enrich the entire lifecycle of vulnerability information, moving beyond simple identifier alloca…

View →
cs.CRRecentMar 23, 2026

Semi-Automated Threat Modeling of Cloud-Based Systems Through Extracting Software Architecture from Configuration and Network Flow

Nicholas Pecka, Lotfi Ben Othmane, Bharat Bhargava, Renee Bryce

The paper proposes a novel semi-automated method to perform continuous threat modeling by inferring the actual system architecture from combined static configuration and dynamic network flow data, sig…

View →
cs.CRRecentMar 30, 2026

Attesting LLM Pipelines: Enforcing Verifiable Training and Release Claims

Zhuoran Tan, Jeremy Singer, Christos Anagnostopoulos

The paper proposes an attestation-aware promotion gate to mitigate supply-chain risks in LLM pipelines by cryptographically verifying and enforcing claims about training and release artifacts before d…

View →
cs.CRcs.SERecentMay 13, 2026

Security Incentivization: An Empirical Study of how Micropayments Impact Code Security

Stefan Rass, Martin Pinzger, Rainer W. Alexandrowicz, Georg Sengstbratl +4 more

The paper demonstrates that linking team bonus points to measurable security improvements significantly reduces code security issues in a controlled educational experiment.

View →
cs.CRcs.CYcs.DCRecentMay 15, 2026

From Backup Restoration to Minimum Viable Factory Recovery: A Systematization of Ransomware Recovery in Manufacturing Systems

Chun Yin Chiu

The paper reframes manufacturing ransomware recovery from a simple backup restoration task to a complex critical-infrastructure continuity problem, proposing Minimum Viable Factory Recovery (MVF Recov…

View →
cs.CRcs.AIcs.CLRecentApr 3, 2026

Supply-Chain Poisoning Attacks Against LLM Coding Agent Skill Ecosystems

Yubin Qu, Yi Liu, Tongcheng Geng, Gelei Deng +4 more

The paper introduces Document-Driven Implicit Payload Execution (DDIPE) to demonstrate that malicious code can be embedded in LLM agent skill documentation, allowing supply-chain attacks to hijack age…

View →
cs.CRcs.SERecentMay 29, 2026

R+R: Reassessing Java Security API Misuse in Current LLMs: A Replication on JCA and JSSE APIs with External Security Knowledge

Tianhe Lu, Eric Spero, Sakuna Harinda Jayasundara, Robert Biddle +1 more

This paper replicates and extends a study on Java security API misuse in LLMs, finding that while newer models improve performance, the misuse risk persists and is significantly mitigated by external…

View →