Open AccessSoftware Supply Chain Analysis Based on Function Similarity
Author(s) -
Wenjie Sun,
Zheng Shan,
Fudong Liu,
Xingwei Li,
Meng Qiao,
Chunyan Zhang
Publication year - 2020
Publication title -
journal of physics. conference series
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.21
H-Index - 85
eISSN - 1742-6596
pISSN - 1742-6588
DOI - 10.1088/1742-6596/1601/5/052020
Subject(s) - computer science , source code , software , open source , supply chain , vulnerability (computing) , open source software , function (biology) , component (thermodynamics) , code (set theory) , operating system , software engineering , computer security , programming language , physics , thermodynamics , set (abstract data type) , evolutionary biology , political science , law , biology
The supply of open source and open source components is growing at an alarming rate, while vulnerabilities in open source components are everywhere. Software supply chain analysis aims to discover third-party components and open source code used in a software, and analyze the software’s dependence on components. In this paper, we propose a software component analysis method and a known vulnerabilities detecting method. By scanning the open source components of the binary file and conducting vulnerability analysis, the known vulnerabilities are detected. This paper mainly solves the problem of detecting known vulnerabilities in the supply chain of binary files. We conducted a case analysis and achieved good results.