{"id":"https://openalex.org/W7124242847","doi":"https://doi.org/10.48550/arxiv.2601.08995","title":"Build Code is Still Code: Finding the Antidote for Pipeline Poisoning","display_name":"Build Code is Still Code: Finding the Antidote for Pipeline Poisoning","publication_year":2026,"publication_date":"2026-01-13","ids":{"openalex":"https://openalex.org/W7124242847","doi":"https://doi.org/10.48550/arxiv.2601.08995"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2601.08995","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2601.08995","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2601.08995","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5011628873","display_name":"Brent Pappas","orcid":"https://orcid.org/0009-0003-0780-743X"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Pappas, Brent","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5016175378","display_name":"Paul Gazzillo","orcid":"https://orcid.org/0000-0003-1425-8873"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Gazzillo, Paul","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5011628873"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.7699999809265137,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.7699999809265137,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.053599998354911804,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.029400000348687172,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5295000076293945},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5234000086784363},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.5167999863624573},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.4422000050544739},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.4406000077724457},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.40450000762939453},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.3971000015735626},{"id":"https://openalex.org/keywords/software-system","display_name":"Software system","score":0.36329999566078186}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6500999927520752},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.5871999859809875},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5295000076293945},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5234000086784363},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.5167999863624573},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.450300008058548},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.4422000050544739},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.4406000077724457},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.40450000762939453},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.3971000015735626},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.36329999566078186},{"id":"https://openalex.org/C150292731","wikidata":"https://www.wikidata.org/wiki/Q1342704","display_name":"Code review","level":5,"score":0.3269999921321869},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.3255000114440918},{"id":"https://openalex.org/C2988963302","wikidata":"https://www.wikidata.org/wiki/Q629206","display_name":"Program code","level":2,"score":0.3203999996185303},{"id":"https://openalex.org/C180152950","wikidata":"https://www.wikidata.org/wiki/Q2904257","display_name":"Software development process","level":4,"score":0.2896000146865845},{"id":"https://openalex.org/C186846655","wikidata":"https://www.wikidata.org/wiki/Q3398377","display_name":"Software construction","level":4,"score":0.28299999237060547},{"id":"https://openalex.org/C113843644","wikidata":"https://www.wikidata.org/wiki/Q901882","display_name":"Interface (matter)","level":4,"score":0.2736999988555908},{"id":"https://openalex.org/C207850805","wikidata":"https://www.wikidata.org/wiki/Q269608","display_name":"Reverse engineering","level":2,"score":0.2727000117301941},{"id":"https://openalex.org/C105446022","wikidata":"https://www.wikidata.org/wiki/Q445962","display_name":"Legacy system","level":3,"score":0.26649999618530273},{"id":"https://openalex.org/C133237599","wikidata":"https://www.wikidata.org/wiki/Q2295111","display_name":"Code smell","level":5,"score":0.26579999923706055},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.2639000117778778},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.2630999982357025},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.26080000400543213}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2601.08995","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2601.08995","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2601.08995","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2601.08995","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.6322540044784546}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Open":[0],"source":[1],"C":[2,14,19,26,28],"code":[3,15,34,115,207],"underpins":[4],"society's":[5],"computing":[6],"infrastructure.":[7],"Decades":[8],"of":[9,24,142],"work":[10],"has":[11],"helped":[12],"harden":[13,73],"against":[16,133,184],"attackers,":[17],"but":[18,81],"projects":[20,29],"do":[21],"not":[22,100],"consist":[23],"only":[25,94],"code.":[27,103,150],"also":[30],"contain":[31],"build":[32,45,86,101,106,131,143,198],"system":[33,87,102,199],"for":[35,112,129],"automating":[36],"development":[37,123,190],"tasks":[38],"like":[39],"compilation,":[40],"testing,":[41],"and":[42,54,63,96,139,164],"packaging.":[43],"These":[44],"systems":[46,107,132],"are":[47,202],"critcal":[48],"to":[49,56,72,182],"software":[50,74,79,91],"supply":[51,75],"chain":[52],"security":[53,92,200],"vulnerable":[55],"being":[57,66],"poisoned,":[58],"with":[59],"the":[60,85,137,167,173],"XZ":[61,174],"Utils":[62,175],"SolarWinds":[64],"attacks":[65],"recent":[67],"examples.":[68],"Existing":[69],"techniques":[70],"try":[71],"chains":[76],"by":[77,117,135,187],"verifying":[78],"dependencies,":[80],"such":[82,119],"methods":[83],"ignore":[84],"itself.":[88],"Similarly,":[89],"classic":[90],"checkers":[93,201],"analyze":[95],"monitor":[97],"program":[98,114,149,206],"code,":[99],"Moreover,":[104],"poisoned":[105,168],"can":[108],"easily":[109],"circumvent":[110],"tools":[111],"detecting":[113],"vulnerabilities":[116],"disabling":[118],"checks.":[120],"We":[121,151,177,193],"present":[122],"phase":[124,191],"isolation,":[125],"a":[126,157,195],"novel":[127],"strategy":[128],"hardening":[130],"poisoning":[134,186],"modeling":[136],"information":[138],"behavior":[140],"permissions":[141],"automation":[144],"as":[145,156,203,205],"if":[146],"it":[147],"were":[148],"have":[152],"prototyped":[153],"this":[154],"approach":[155],"tool":[158],"called":[159],"Foreman,":[160],"which":[161],"successfully":[162],"detects":[163],"warns":[165],"about":[166],"test":[169],"files":[170],"involved":[171],"in":[172],"attack.":[176],"outline":[178],"our":[179],"future":[180,196],"plans":[181],"protect":[183],"pipeline":[185],"automatically":[188],"checking":[189],"isolation.":[192],"envision":[194],"where":[197],"prevalent":[204],"checkers.":[208]},"counts_by_year":[],"updated_date":"2026-01-16T23:21:37.720618","created_date":"2026-01-16T00:00:00"}