- 软件供应链安全综述
- 程序逆向分析在软件供应链污染检测中的应用研究综述
- Large-scale Third-party Library Detection in Android Markets
- Backstabber’s Knife Collection: A Review of Open Source Software Supply Chain Attacks
- Measuring and preventing supply chain attacks on package managers
- BREAKING TRUST: Shades of Crisis Across an Insecure Software Supply Chain
- SpellBound: Defending Against Package Typosquatting
- Measuring and preventing supply chain attacks on package managers
- A Look In the Mirror: Attacks on Package Managers
- Attacks on Package Managers
- 2021年开源软件供应链安全风险研究报告---国家互联网应急中心
- 软件供应链来源攻击分析报告---奇安信威胁情报中心
- Kingslayer - A supply chain attack -- Part 1
- Kingslayer - A supply chain attack -- Part 2
- Breaking trust: Shades of crisis across an insecure software supply chain
- Knowledge Flows in Open Source Software Supply Chains---University of Tennessee
- 开源软件供应链视角下的漏洞攻防