Supply Chain Security Metrics
Research Contributions:
-
Identify weak links signals in the npm dependency graph.
-
An automated code review workflow powered by Large Language Models (LLMs) for detecting malicious packages.
-
Empirical evaluation of open-source software to identify actionable security practice metrics.
-
Model to identify which security practices are most important to understand the relationship between security practices and security outcome metrics.
