Piergiorgio Ladisa

icon company @ing-bank icon location Security Researcher in Open-Source Security and Software Supply Chain Attacks

Results 2 comments of Piergiorgio Ladisa

Taxonomy of Attacks on Open-Source Software Supply Chains

> > fyi - Starting from the attack tree in [Fig.2 of the Backstabber's Knife Collection](https://arxiv.org/pdf/2005.09535.pdf), we propose a more comprehensive overview about the attack surface of software supply chains...

Taxonomy of Attacks on Open-Source Software Supply Chains

> Cool graph! I've opened an issue to add binary transparency ([SAP/risk-explorer-for-software-supply-chains#53](https://github.com/SAP/risk-explorer-for-software-supply-chains/issues/53)). I don't get the "safeguard" feature though, selecting SBOM makes every line green and I'm not sure if...