ПРИМЕНА IN-TOTO ПЛАТФОРМЕ ЗА УНАПРЕЂЕЊЕ БЕЗБЕДНОСТИ СОФТВЕРСКИХ ЛАНАЦА ИСПОРУКЕ

[1] Beatriz M. Reichert, Rafael R. Obelheiro, “Software supply chain security: a systematic literature review”. International Journal of Computers and Applications 1-15, 2024

[2] Antigoni Kruti, Usman Butt, Rejwan Bin Sulaiman, “A review of the SolarWinds Attack on Orion Platform using Persistent Threat Agent and Techniques for gaining Unauthorized Access”, arXiv preprint arXiv:2308.10294, 2023

[3] Riku Kestila, “Acknowledging the risks of open source dependencies to software supply chain security”, (Master's thesis), 2022

[4] https://in-toto.io/ (приступ 5.11.2024.)

[5] Santiago Torres-Arias, Thrishank Karthik Kuppusamy, Reza Curtmola, Justin Cappos, “in-toto: Providing farm-to-table guarantees for bits and bytes”, In 28th USENIX Security Symposium (USENIX Security 19) (pp. 1393-1410), 2019

[6] Michael Lieberman, Brandon Lum, “Securing the Software Supply Chain”, Maning, 2023

[7] Leah Roberts, “Countermeasures for preventing malicious infiltration on the information technology supply chain”, (Doctoral dissertation, Purdue University) 2023

[8] Phong Q. Nguyen, “Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3”, In Advances in Cryptology-EUROCRYPT 2004: International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2-6, 2004. Proceedings 23 (pp. 555- 570). Springer Berlin Heidelberg, 2004

[9] Santiago Torres-Arias, “in-toto: Practical Software Supply Chain Security”, New York University Tandon School of Engineering, 2020

[10] https://github.com/secure-systemslab/securesystemslib (приступ 5.11.2024.)

[11] https://in-toto.readthedocs.io/en/latest/layoutcreation-example.html (приступ 5.11.2024.)