2 matches found
SourceBroken: A Large-Scale Analysis on the (Un)Reliability of SourceRank in the PyPI Ecosystem
SourceRank is a scoring system made of 18 metrics that assess the popularity and quality of open-source packages. Despite being used in several recent studies, none has thoroughly analyzed its reliability against evasion attacks aimed at inflating the score of malicious packages, thereby...
Towards Classifying Benign and Malicious Packages Using Machine Learning
Recently, the number of malicious open-source packages in package repositories has been increasing dramatically. While major security scanners focus on identifying known Common Vulnerabilities and Exposures CVEs in open-source packages, there are very few studies on detecting malicious packages...