Brittany Reid
@brittanyareid.bsky.social
Assistant Professor, Nara Institute of Science and Technology, Japan. Software Design and Analysis Lab. From Adelaide, Australia. 🦘
https://brittany-reid.github.io/
https://brittany-reid.github.io/
"Using a ... dataset of 100 real and 100 fake CVE-IDs, we manually analyzed the credibility ... of [ChatGPT's] outputs. ChatGPT generated plausible security advisories for 96% of given real CVE-IDs and 97% of fake CVE-IDs, demonstrating a limitation in differentiating between real and fake IDs."
July 24, 2025 at 6:55 AM
"Using a ... dataset of 100 real and 100 fake CVE-IDs, we manually analyzed the credibility ... of [ChatGPT's] outputs. ChatGPT generated plausible security advisories for 96% of given real CVE-IDs and 97% of fake CVE-IDs, demonstrating a limitation in differentiating between real and fake IDs."
"For our initial analysis, we look at a sample of heavily-depended upon NPM packages, and identify that such end-of-chain packages make up a significant portion of these critical dependency chain (over 50%)."
June 13, 2025 at 8:39 AM
"For our initial analysis, we look at a sample of heavily-depended upon NPM packages, and identify that such end-of-chain packages make up a significant portion of these critical dependency chain (over 50%)."
"For a long time, the dominant philosophy [within package networks like NPM] has been to ‘reuse as much as possible [...]'. In this vision paper, we investigate packages that challenge the typical concepts of reuse–that is, packages with no dependencies [...]...."
June 13, 2025 at 8:39 AM
"For a long time, the dominant philosophy [within package networks like NPM] has been to ‘reuse as much as possible [...]'. In this vision paper, we investigate packages that challenge the typical concepts of reuse–that is, packages with no dependencies [...]...."
'Analyzing a dataset of 2,763 NPM libraries, we found that 39.49% are self-contained. Of these ... 40.42% previously had dependencies that were later removed. This analysis revealed a significant trend of dependency reduction within the NPM ecosystem.'
May 9, 2025 at 5:56 AM
'Analyzing a dataset of 2,763 NPM libraries, we found that 39.49% are self-contained. Of these ... 40.42% previously had dependencies that were later removed. This analysis revealed a significant trend of dependency reduction within the NPM ecosystem.'
We found some instances of vulnerabilities being discussed in GitHub issues instead of being disclosed through secure channels. Primarily, these issues were made by users external to the project.
March 28, 2025 at 7:05 AM
We found some instances of vulnerabilities being discussed in GitHub issues instead of being disclosed through secure channels. Primarily, these issues were made by users external to the project.