BZPEERReading, trust and collaboration for researchDiscover
Workspaces
Network
Opportunities
Account
Researcher profile
Brendan Murphy contributes to research discovery and scholarly infrastructure.
Trust snapshot
Actions
Identity and collaboration
Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.
Log in to claimDirect collaboration
Claim this author entity first to unlock direct invitations.
Research graph
Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.
BZPEER is loading the nearby papers, people, topics and institutions for this page.
Published work
We prove in particular that for any sufficiently large prime $p$ there is $1\le a<p$ such that all partial quotients of $a/p$ are bounded by $O(\log p/\log \log p)$. For composite denominators a similar result is obtained. This improves the well--known Korobov bound concerning Zaremba's conjecture from the theory of continued fractions.
Modern software development frequently uses third-party packages, raising the concern of supply chain security attacks. Many attackers target popular package managers, like npm, and their users with supply chain attacks. In 2021 there was a 650% year-on-year growth in security attacks by exploiting Open Source Software's supply chain. Proactive approaches are needed to predict package vulnerability to high-risk supply chain attacks. The goal of this work is to help software developers and security specialists in measuring npm supply chain weak link signals to prevent future supply chain attacks by empirically studying npm package metadata. In this paper, we analyzed the metadata of 1.63 million JavaScript npm packages. We propose six signals of security weaknesses in a software supply chain, such as the presence of install scripts, maintainer accounts associated with an expired email domain, and inactive packages with inactive maintainers. One of our case studies identified 11 malicious packages from the install scripts signal. We also found 2,818 maintainer email addresses associated with expired domains, allowing an attacker to hijack 8,494 packages by taking over the npm accounts. We obtained feedback on our weak link signals through a survey responded to by 470 npm package developers. The majority of the developers supported three out of our six proposed weak link signals. The developers also indicated that they would want to be notified about weak links signals before using third-party packages. Additionally, we discussed eight new signals suggested by package developers.
We study the Erd\H os-Falconer distance problem for a set $A\subset \mathbb{F}^2$, where $\mathbb{F}$ is a field of positive characteristic $p$. If $\mathbb{F}=\mathbb{F}_p$ and the cardinality $|A|$ exceeds $p^{5/4}$, we prove that $A$ determines an asymptotically full proportion of the feasible $p$ distances. For small sets $A$, namely when $|A|\leq p^{4/3}$ over any $\mathbb{F}$, we prove that either $A$ determines $\gg|A|^{2/3}$. For both large and small sets, the results proved are in fact for pinned distances.
We study the growth of product sets in some finite three-dimensional matrix groups. In particular, we prove two results about the group of $2\times 2$ upper triangular matrices over arbitrary finite fields: a product set estimate using techniques from multiplicative combinatorics, and an energy estimate using incidence geometry. The energy method gives better quantitative results, but only applies to small sets. We also prove an energy result for the Heisenberg group.