Using open-source dependencies is essential in modern software development. However, this practice implies significant trust in third-party code, while there is little support for developers to assess this trust. As a consequence, attacks, called software supply chain attacks, have been increasingly occurring through third-party dependencies. In this paper, we target the problem of projects that use dependencies, where developers are unaware of the potential risks posed by their software supply chain. We define the novel concept of software supply chain smell and present Dirty-Waters, a novel tool for detecting software supply chain smells. We evaluate Dirty-Waters on three JavaScript projects and demonstrate the prevalence of all proposed software supply chain smells. Dirty-Waters reveals potential risks for previously invisible problems and provides clear indicators for developers to act on the security of their supply chain. A video demonstrating Dirty-Waters is available at: http://l.4open.science/dirty-waters-demo
Mon 23 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
10:30 - 12:30 | Library and Product LineIndustry Papers / Journal First / Ideas, Visions and Reflections / Demonstrations at Pirsenteret 150 Chair(s): Andrea Arcuri Kristiania University of Applied Sciences | ||
10:30 10mTalk | Drop the Golden Apples: Identifying Third-Party Reuse by DB-Less Software Composition Analysis Ideas, Visions and Reflections Lyuye Zhang Nanyang Technological University, Chengwei Liu Nanyang Technological University, Wu Jiahui , Shiyang Zhang Tianjin University, CHENGYUE LIU , Zhengzi Xu Imperial Global Singapore, Sen Chen Nankai University, Yang Liu Nanyang Technological University | ||
10:40 20mTalk | Quantifying the benefits of code hints for refactoring deprecated Java APIs Industry Papers Cristina David University of Bristol, Pascal Kesseli Meta, Daniel Kroening Amazon, Hanliang Zhang University of Bristol | ||
11:00 20mTalk | Mapping APIs in Dynamic-typed Programs by Leveraging Transfer Learning Journal First Zhenfei Huang Tianjin University, Junjie Chen Tianjin University, Jiajun Jiang Tianjin University, Yihua Liang Tianjin University, Hanmo You Tianjin University, Fengjie Li Tianjin University | ||
11:20 10mTalk | Dirty-Waters: Detecting Software Supply Chain Smells Demonstrations Raphina Liu KTH Royal Institute of Technology, Sofia Bobadilla KTH Royal Institute of Technology, Sweden, Benoit Baudry KTH Royal Institute of Technology, Martin Monperrus KTH Royal Institute of Technology | ||
11:30 10mTalk | Pursuit of Automotive Software Variant Reduction for Engineering Simplicity Industry Papers Vard Antinyan Volvo Car Group | ||
11:40 20mTalk | Software Product Line Engineering via Software Transplantation Journal First Leandro Oliveira de Souza Federal Institute of Bahia, Irecê, Bahia, Brazil, Eduardo Almeida , Paulo Anselmo da Mota Silveira Neto Federal Rural University of Pernambuco, Recife, Pernambuco, Brazil, Earl T. Barr University College London, Justyna Petke University College London | ||
12:00 10mTalk | Beyond Software Families: Community-Driven Variability Ideas, Visions and Reflections Roman Bögli University of Bern, Alexander Boll University of Bern, Alexander Schultheiß Paderborn University, Timo Kehrer University of Bern Pre-print | ||
12:10 20mTalk | The Promise and Pitfalls of WebAssembly: Perspectives from the Industry Industry Papers Ningyu He Hong Kong Polytechnic University, Shangtong Cao Beijing University of Posts and Telecommunications, Haoyu Wang Huazhong University of Science and Technology, Yao Guo Peking University, Xiapu Luo Hong Kong Polytechnic University | ||
This room is located outside Clarion Hotel
This room is located in the Pirsenteret (The Pier Center) convention center. It is just outside the hotel, on the back, towards the fjord.
You should be able to go through the emergency exit at Clarion, just on the side of the Cosmos 3 wing, which will be bring you close to Pirsenteret.
The entrance to the center is from here:
https://maps.app.goo.gl/dU3qH6kAimXGBNHe7
Once inside, go all straight and you will find signage to reach the room. The room is known as room 150 inside the center.