You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|論文| "Automating SBOM Generation with Zero-Shot Semantic Similarity" | "Automating SBOM Generation with Zero-Shot Semantic Similarity" / We propose a different route, an automated method for generating SBOMs to prevent disastrous supply-chain attacks. Remaining on the topic of static code analysis, we interpret this problem as a semantic similarity task wherein a transformer model can be trained to relate a product name to corresponding version strings. Our test results are compelling, demonstrating the model's strong performance in the zero-shot classification task, further demonstrating the potential for use in a real-world cybersecurity context. |https://arxiv.org/abs/2403.08799|
|論文| "A Landscape Study of Open Source and Proprietary Tools for Software Bill of Materials (SBOM) " | "A Landscape Study of Open Source and Proprietary Tools for Software Bill of Materials (SBOM) " / This research paper conducts an extensive empirical analysis to assess the current landscape of open-source and proprietary tools related to SBOM. We investigate emerging use cases in software supply chain security and identify gaps in SBOM technologies. Our analysis encompasses 84 tools, providing a snapshot of the current market and highlighting areas for improvement. |https://arxiv.org/abs/2402.11151|
|書籍| Introduction to SBOM and VEX: Software Bill of Materials and Vulnerability Exploitability Exchange (English Edition) | Introduction to SBOM and VEX: Software Bill of Materials and Vulnerability Exploitability Exchange (English Edition) However, despite widespread recognition of the importance of SBOM and VEX, today they are not being used to any significant degree outside of the commmunity of software developers (where they are being used very heavily). This book explores the reasons why that is the case, as well as what can be done - and is being done today - to make SBOM and VEX an integral part of today's cybersecurity landscape. |https://amzn.asia/d/03sEmmx |
