On the critical path to implant backdoors and the effectiveness of potential mitigation techniques: Early learnings from XZ

representative citing papers

citing papers explorer

Showing 4 of 4 citing papers.

• Longitudinal Analyses of SAST Tools: A CodeQL Case Study cs.CR · 2026-05-08 · unverdicted · none · ref 43

  CodeQL detected 171 CVEs total, with 83 caught by a prior version before the fix; detections were often actionable within the vulnerable file but not stable across tool versions.

• A Reality Check on SBOM-based Vulnerability Management: An Empirical Study and A Path Forward cs.CR · 2025-11-25 · accept · none · ref 27

  Large-scale study shows SBOM vulnerability scanners have 92% false positives from unreachable code, cut 61.9% by adding function call analysis.

• An Evidence-driven Protocol for Trustworthy CI Pipelines cs.CR · 2026-05-20 · unverdicted · none · ref 24

  An evidence-driven protocol binds deterministic builds with TEE attestations to deliver verifiable integrity and provenance for CI artifacts without requiring consumer re-execution.

• Human-Certified Module Repositories for the AI Age cs.ET · 2026-03-03 · unverdicted · none · ref 13

  Human-Certified Module Repositories (HCMRs) are proposed as a new architectural model blending human oversight with automated analysis to certify reusable software modules for safe assembly by humans and AI agents.