[1] Ohm M, Plate H, Sykosch A, et al. Backstabber’s Knife Collection: A Review of Open Source Software Supply Chain Attacks[C]/Proc of /Int Conf on Detection of Intrusions and Malware, and Vulnerability Assessment. Cham:Springer, 2020: 23-43
[2] 李震宁, 刘莉, 孟杰. 开源软件商业化中面临的知识产权风险[J]. 网络空间安全, 2020, 9(8): 1
[3] OSV漏洞数据库 [EB/OL]. [2021-05-19]. https://osv.dev/
[4] OSS-Fuzz [EB/OL]. [2021-05-17]. https://github.com/google/oss-fuzz
[5] WhiteSource漏洞数据库[EB/OL]. [2021-05-20]. https://www.whitesourcesoftware.com/vulnerability-database/
[6] Snyk漏洞数据库[EB/OL]. [2021-05-20]. https://snyk.io/vuln
[7] Veracode漏洞数据库[EB/OL]. [2021-05-20]. https://www.sourceclear.com/vulnerability-database
[8] 郭雪, 孔松, 王皓月. 企业级开源风险及治理模式研究[J]. 信息通信技术与政策, 2020, 46(5): 45
[9] 孙鸿宇, 何远, 王基策, 等. 人工智能技术在安全漏洞领域的应用[J]. 通信学报, 2018, 39(8): 1-17
[10] 冯兆文, 刘振慧. 开源软件漏洞安全风险分析[J]. 保密科学技术, 2020
[11] 赵尚儒, 李学俊, 方越, 等. 安全漏洞自动利用综述[J]. 计算机研究与发展, 2019, 56(10): 2097
[12] Dong Y, Guo W, Chen Y, et al. Towards the detection of inconsistencies in public security vulnerability reports[C]//Proc of the 28th USENIX Security Symp. Berkeley, CA: USENIX Association, 2019: 869-885
[13] Decan A, Mens T, Grosjean P. An empirical comparison of dependency network evolution in seven software packaging ecosystems[J]. Empirical Software Engineering, 2019, 24(1): 381-416
[14] Ponta S E, Plate H, Sabetta A. Detection, assessment and mitigation of vulnerabilities in open source dependencies[J]. Empirical Software Engineering, 2020, 25(5): 3175-3215
[15] Vu D L, Pashchenko I, Massacci F, et al. Towards using source code databases to identify software supply chain attacks[C]//Proc of the 2020 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2020: 2093-2095.
[16] Rath M, Mäder P. Request for comments: conversation patterns in issue tracking systems of open-source projects[C]//Proc of the 35th Annual ACM Symp on Applied Computing. New York: ACM, 2020: 1414-1417.
[17] Campbell D, Cabrera-Diego L A, Korkontzelos Y. What is the message about? Automatic multi-label classification of open source repository messages into content types[C]//Proc of Joint European-US Workshop on Applications of Invariance in Computer Vision. Cham: Springer, 2020: 520-531
|