Papers

An increasing awareness of threats to the so-called “supply chain” of software has spurred rapid developments in the area of software bills of materials (SBOMs), including regulatory efforts to mandate them. This paper not only explains what SBOMs are, both abstractly and in the context of their role in increasing the security of the software supply chain, but also provides a brief survey of concrete SBOM formats, discusses the processes involving SBOMs, and explores some of the tools that facilitate SBOM use today.

As the user base of GitHub grows, the social coding platorm faces increasing challenges from spam and malicious automation targeting those users. This paper investigates the different types of automated agents on GitHub, both helpful bots and harmful actors. Through the analysis of two recent examples of malicious social automation, the paper explores some of the methods used by malicious actors on GitHub and evaluates the responsive measures by the platform regarding these example cases. The examples analyzed are two distinct spam campaigns observed on GitHub in early 2024 and the analysis shows that users are clearly targeted algorithmically and that the targeting method correlates with some topical interests such as cryptocurrencies as well as certain social niches related to those same preferences. In connecting these practical instances of automated agents on GitHub to the terminology of their academic study in the social sciences, a necessary basis for discussing automation on GitHub is established. As the work ultimately intends to highlight the relevance of GitHub for the field of study of automated agents, this basis should provide future researches a point of entry for more in-depth research on social automation on GitHub.