SENTINEL - Automatic Dissemination and Discovery of Security Advisories with Web3

Studenteropgave: Kandidatspeciale og HD afgangsprojekt

  • Magnus Mølgaard Lund
  • Jannik Lucas Sommer
4. semester, Software, Kandidat (Kandidatuddannelse)
The prevalence of software supply chain attacks has reached unprecedented levels, primarily due to the increasing reliance on software dependencies and the inherent vulnerabilities they harbor. Currently, vendors share security advisories to centralized databases or proprietary websites, which security engineers have to search manually to find vulnerabilities relevant for their system. Furthermore, the security advisories often do not follow a standard machine-readable format, which results in the engineers having to manually analyze the documents. In this report, SENTINEL, a novel solution for automating dissemination and discovery of security advisories using Web3 technologies, is proposed. A system test conducted on the Sepolia Ethereum Testnet confirm that SENTINEL is a functioning solution for securely disseminating and discovering security advisories utilizing a fully decentralized infrastructure.
Antal sider130
ID: 533404586