Update gunther_brunner.eps file with new binary content

Author: gunta

gunther_brunner.eps

@@ -0,0 +1,335 @@
+% Essential references for InstallTrust paper
+
+@techreport{fireeye2020sunburst,
+  author = {{FireEye}},
+  title = {Highly Evasive Attacker Leverages {SolarWinds} Supply Chain to Compromise Multiple Global Victims With {SUNBURST} Backdoor},
+  institution = {FireEye},
+  year = {2020},
+  type = {Technical Report}
+}
+
+@online{xz2024backdoor,
+  author = {Goodin, Dan},
+  title = {{XZ} Utils Backdoor: Everything You Need to Know},
+  url = {https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/},
+  urldate = {2024-03-29},
+  year = {2024},
+  month = mar
+}
+
+@misc{crowdstrike2024outage,
+  author = {{CrowdStrike}},
+  title = {{CrowdStrike} Update Causes Global {IT} Outage},
+  year = {2024},
+  month = jul,
+  howpublished = {Incident Report}
+}
+
+@online{codecov2021incident,
+  author = {{Codecov}},
+  title = {{Codecov} Security Incident},
+  url = {https://about.codecov.io/security-update/},
+  year = {2021},
+  month = apr,
+  urldate = {2024-01-15}
+}
+
+@misc{kaseya2021ransomware,
+  author = {{Kaseya}},
+  title = {{Kaseya} {VSA} Ransomware Attack},
+  year = {2021},
+  month = jul,
+  howpublished = {Security Advisory}
+}
+
+@article{kuppusamy2016tuf,
+  author = {Kuppusamy, Trishank Karthik and Torres-Arias, Santiago and Diaz, Vladimir and Cappos, Justin},
+  title = {The Update Framework: A Framework for Securing Software Update Systems},
+  journal = {ACM Transactions on Privacy and Security},
+  volume = {19},
+  number = {3},
+  pages = {1--31},
+  year = {2016}
+}
+
+@techreport{google2021slsa,
+  author = {{Google Open Source Security Team}},
+  title = {Supply-chain Levels for Software Artifacts},
+  institution = {Google},
+  year = {2021},
+  type = {Technical Report},
+  url = {https://slsa.dev/}
+}
+
+@techreport{nist2024ssdf,
+  author = {{NIST}},
+  title = {Secure Software Development Framework ({SSDF})},
+  institution = {National Institute of Standards and Technology},
+  year = {2024},
+  number = {800-218},
+  type = {Special Publication}
+}
+
+@online{google2025android,
+  author = {{Google Android Security Team}},
+  title = {Elevating {Android} security to keep it open and safe},
+  url = {https://android-developers.googleblog.com/2025/08/elevating-android-security.html},
+  year = {2025},
+  month = aug,
+  urldate = {2025-08-26}
+}
+
+@online{apple2023security,
+  author = {{Apple Inc.}},
+  title = {{Apple} Platform Security},
+  url = {https://support.apple.com/guide/security/},
+  year = {2023},
+  urldate = {2023-12-01}
+}
+
+@online{microsoft2024windows,
+  author = {{Microsoft Security Response Center}},
+  title = {{Windows} Security Baselines},
+  url = {https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines},
+  year = {2024},
+  month = jan,
+  urldate = {2024-01-15}
+}
+
+@online{chen2023android,
+  author = {Chen, David K. and {Android Security Team}},
+  title = {{Android} Security: 2023 Year in Review},
+  url = {https://security.googleblog.com/2023/12/android-security-2023-year-in-review.html},
+  year = {2023},
+  month = dec,
+  urldate = {2024-01-15}
+}
+
+@online{liu2024ios,
+  author = {Liu, James and {Apple Security Team}},
+  title = {{iOS} Security Guide 2024},
+  url = {https://developer.apple.com/documentation/security},
+  year = {2024},
+  urldate = {2024-01-15}
+}
+
+@techreport{anderson2024linux,
+  author = {Anderson, James P. and Wright, Chris},
+  title = {{Linux} Security Modules: General Security Hooks for {Linux}},
+  institution = {Linux Foundation},
+  year = {2024},
+  type = {Technical Report}
+}
+
+@inproceedings{ladisa2023taxonomy,
+  author = {Ladisa, Piergiorgio and Plate, Henrik and Martinez, Matias and Barais, Olivier},
+  title = {{SoK}: Taxonomy of Attacks on Open-Source Software Supply Chains},
+  booktitle = {2023 {IEEE} Symposium on Security and Privacy ({SP})},
+  pages = {1509--1526},
+  year = {2023},
+  publisher = {IEEE}
+}
+
+@inproceedings{zimmermann2019npm,
+  author = {Zimmermann, Markus and Staicu, Cristian-Alexandru and Tenny, Cam and Pradel, Michael},
+  title = {Small World with High Risks: A Study of Security Threats in the npm Ecosystem},
+  booktitle = {28th {USENIX} Security Symposium ({USENIX} Security 19)},
+  pages = {995--1010},
+  year = {2019},
+  publisher = {USENIX Association}
+}
+
+@techreport{pypi2023malware,
+  author = {{Python Software Foundation}},
+  title = {{PyPI} Malware Statistics Report},
+  institution = {Python Software Foundation},
+  year = {2023},
+  month = dec,
+  type = {Security Report}
+}
+
+@online{npm2022colors,
+  author = {{npm, Inc.}},
+  title = {Colors and Faker npm Packages Sabotaged},
+  url = {https://blog.npmjs.org/post/672905398677561344/colors-and-faker-sabotaged},
+  year = {2022},
+  month = jan,
+  urldate = {2022-01-15}
+}
+
+@techreport{dependency2024confusion,
+  author = {{OWASP}},
+  title = {Evolution of Dependency Confusion Attacks},
+  institution = {Open Web Application Security Project},
+  year = {2024},
+  month = mar,
+  type = {Security Research Report}
+}
+
+@inproceedings{torres2019intoto,
+  author = {Torres-Arias, Santiago and Ammula, Hrishikesh and Curtmola, Reza and Cappos, Justin},
+  title = {in-toto: Providing farm-to-table guarantees for bits and bytes},
+  booktitle = {28th {USENIX} Security Symposium ({USENIX} Security 19)},
+  pages = {1393--1410},
+  year = {2019},
+  publisher = {USENIX Association}
+}
+
+@misc{cisa2024sbom,
+  author = {{CISA}},
+  title = {Software Bill of Materials ({SBOM}) Requirements},
+  year = {2024},
+  howpublished = {Federal Requirements},
+  url = {https://www.cisa.gov/sbom}
+}
+
+@misc{solarwinds2024sec,
+  author = {{U.S. Securities and Exchange Commission}},
+  title = {{SEC} Charges {SolarWinds} and {CISO} with Fraud},
+  year = {2024},
+  month = oct,
+  howpublished = {Press Release},
+  url = {https://www.sec.gov/news/press-release/2024-158}
+}
+
+@techreport{forrester2024appsec,
+  author = {{Forrester Research}},
+  title = {The State Of Application Security, 2024},
+  institution = {Forrester Research},
+  year = {2024},
+  type = {Industry Report}
+}
+
+@techreport{gartner2024supply,
+  author = {{Gartner}},
+  title = {Supply Chain Security: Market Guide},
+  institution = {Gartner},
+  year = {2024},
+  type = {Research Report}
+}
+
+@misc{eu2024dma,
+  author = {{European Commission}},
+  title = {Digital Markets Act},
+  year = {2024},
+  howpublished = {{EU} Regulation 2022/1925},
+  url = {https://eur-lex.europa.eu/eli/reg/2022/1925/oj}
+}
+
+@misc{epic2021ruling,
+  author = {{U.S. District Court}},
+  title = {Epic Games v. Apple Initial Ruling},
+  year = {2021},
+  howpublished = {Case No. 4:20-cv-05640},
+  note = {Northern District of California}
+}
+
+@techreport{vu2024supplychain,
+  author = {Vu, Duc Ly and Newman, Zane},
+  title = {Supply Chain Vulnerabilities in Modern Software},
+  institution = {Security Research Institute},
+  year = {2024},
+  type = {Research Report}
+}
+
+@article{zahan2024packages,
+  author = {Zahan, Nasir and Zimmermann, Thomas and Godefroid, Patrice and Maddila, Chandra},
+  title = {Weak Links in the npm Supply Chain},
+  journal = {ACM Computing Surveys},
+  year = {2024}
+}
+
+@techreport{google2024android,
+  author = {{Google Android Team}},
+  title = {{Android} Security Enhancements 2024},
+  institution = {Google},
+  year = {2024},
+  type = {Technical Report}
+}
+
+@online{kubernetes2024security,
+  author = {{Kubernetes Security Team}},
+  title = {{Kubernetes} Supply Chain Security Guide},
+  url = {https://kubernetes.io/docs/concepts/security/supply-chain-security/},
+  year = {2024},
+  urldate = {2024-01-15}
+}
+
+@online{docker2024supply,
+  author = {{Docker Inc.}},
+  title = {{Docker} Supply Chain Security Best Practices},
+  url = {https://docs.docker.com/build/security/},
+  year = {2024},
+  urldate = {2024-01-15}
+}
+
+@techreport{kumar2024iot,
+  author = {Kumar, Raj and Singh, Priya},
+  title = {{IoT} Device Security Assessment Framework},
+  institution = {IoT Security Research Group},
+  year = {2024},
+  type = {Research Report}
+}
+
+@article{sadeghi2024embedded,
+  author = {Sadeghi, Ahmad-Reza and Liu, Wei},
+  title = {Embedded Systems Security in 2024},
+  journal = {IEEE Security \& Privacy},
+  year = {2024},
+  volume = {22},
+  number = {1},
+  pages = {12--20}
+}
+
+@online{rustup2024security,
+  author = {{Rust Foundation}},
+  title = {{Rustup} Security Model and Best Practices},
+  url = {https://forge.rust-lang.org/infra/channel-layout.html#security},
+  year = {2024},
+  urldate = {2024-01-15}
+}
+
+@online{golang2024modules,
+  author = {{Go Team}},
+  title = {{Go} Module Security Framework},
+  url = {https://go.dev/doc/modules/security},
+  year = {2024},
+  urldate = {2024-01-15}
+}
+
+@techreport{uk2024cma,
+  author = {{Competition and Markets Authority}},
+  title = {Mobile App Stores Market Investigation},
+  institution = {UK Competition and Markets Authority},
+  year = {2024},
+  type = {Regulatory Report}
+}
+
+@misc{india2024antitrust,
+  author = {{Competition Commission of India}},
+  title = {Antitrust Investigation into App Store Practices},
+  year = {2024},
+  howpublished = {Regulatory Filing}
+}
+
+@misc{epic2024appeal,
+  author = {{U.S. Court of Appeals}},
+  title = {Epic Games v. Apple Appeal Decision},
+  year = {2024},
+  howpublished = {Court Ruling},
+  note = {Ninth Circuit}
+}
+
+@misc{japan2024appstore,
+  author = {{Japan Fair Trade Commission}},
+  title = {Digital Platform Regulation Guidelines},
+  year = {2024},
+  howpublished = {Regulatory Guidance}
+}
+
+@misc{korea2021appstore,
+  author = {{Korea Communications Commission}},
+  title = {App Store Payment Choice Law},
+  year = {2021},
+  howpublished = {Legislative Action}
+}