Software Supply Chain Security
Overview
Software supply chain attacks have become increasingly prevalent. My research explores underexplored areas in malicious package detection:
Research Directions
This is an emerging area with strong publication potential, as these ecosystems receive less security research attention compared to npm or PyPI.
Techniques
- Static analysis for detecting suspicious code patterns
- Behavioral analysis of package functionality
- Dependency graph analysis for propagation risks