.d8888b. 888 888 d8888 8888888 888b 888 .d8888b.
d88P Y88b 888 888 d88888 888 8888b 888 d88P Y88b
888 888 888 888 d88P888 888 88888b 888 Y88b.
888 8888888888 d88P 888 888 888Y88b 888 "Y888b.
888 888 888 d88P 888 888 888 Y88b888 "Y88b.
888 888 888 888 d88P 888 888 888 Y88888 "888
Y88b d88P 888 888 d8888888888 888 888 Y8888 Y88b d88P
"Y8888P" 888 888 d88P 888 8888888 888 Y888 "Y8888P"
Software research for hardening the software supply chain, incl. reproducible, bootstrappable and verifiable builds and SBOMs. The project is funded by the Swedish Foundation for Strategic research (SSF). We are recruiting PhD students, software engineers, postdocs, and interns, get in touch!
<dependency>
<groupId>com.martiansoftware</groupId>
<artifactId>jsap</artifactId>
<version>2.1</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.36</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.11.0</version>
</dependency>
- Diverse Double-Compiling to Harden Cryptocurrency Software, Master's thesis Niklas Rosencrantz, 2023
- The Multibillion Dollar Software Supply Chain of Ethereum, IEEE Computer, 2022
- Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js, Usenix Security 2023
- Musard Balliu
- Benoit Baudry
- Sofia Bobadilla
- Mathias Ekstedt
- Martin Monperrus
- Javier Ron
- Aman Sharma
- Mikhail Shcherbakov
- César Soto-Valero
- Liu Yuxin
- Long Zhang
- Gabriel Skoglund
- Arvid Siberov
- Linus Östlund
- Martin Wittlinger
- Frank Reyes
- Analysis of the Software Supply Chain of Ethereum (Besu and Teku)
- Bitcoin software supply chain
- SerialDetector
- Mar 08 2023: SBOM for Alpine Linux. Speaker: Hans Thorsen Lamm.
- Jan 19 2023: Talk: The software supply chain of crypto Decentralization meetup Stockholm, Speaker: Martin Monperrus
- Dec 08 2022: Software bloat in PyPI. Speaker: Georgios Drosos (Athens University of Economics and Business)
- Nov 15 2022: Building Robust Software Supply Chains at STEW'22. Speaker: Benoit Baudry
- Sep 30 2022: 1st Workshop on the Software Supply Chain @ KTH
- Sep 20 2022: Open-source security analysis @SAP. Speakers: Henrik Plate (SAP), Serena Elisa Ponta (SAP)
- Jun 14 2022: Building Robust Software Supply Chains at XP'22. Speaker: Benoit Baudry
- June 17 2022: Framtidens Forskning (In Swedish)