{"id":"https://openalex.org/W4391094738","doi":"https://doi.org/10.1109/bigdata59044.2023.10386091","title":"Assessing the Threat Level of Software Supply Chains with the Log Model","display_name":"Assessing the Threat Level of Software Supply Chains with the Log Model","publication_year":2023,"publication_date":"2023-12-15","ids":{"openalex":"https://openalex.org/W4391094738","doi":"https://doi.org/10.1109/bigdata59044.2023.10386091"},"language":"en","primary_location":{"id":"doi:10.1109/bigdata59044.2023.10386091","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/bigdata59044.2023.10386091","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE International Conference on Big Data (BigData)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://hal.science/hal-04292650/document","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5093321072","display_name":"Lu\u0131\u0301s Soeiro","orcid":null},"institutions":[{"id":"https://openalex.org/I4210165912","display_name":"Laboratoire Traitement et Communication de l\u2019Information","ror":"https://ror.org/057er4c39","country_code":"FR","type":"facility","lineage":["https://openalex.org/I12356871","https://openalex.org/I205703379","https://openalex.org/I4210145102","https://openalex.org/I4210165912"]}],"countries":["FR"],"is_corresponding":true,"raw_author_name":"Lu\u00eds Soeiro","raw_affiliation_strings":["Institut Polytechnique de Paris,Télécom Paris,LTCI,France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institut Polytechnique de Paris,Télécom Paris,LTCI,France","institution_ids":["https://openalex.org/I4210165912"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5104232359","display_name":"Thomas Robert","orcid":null},"institutions":[{"id":"https://openalex.org/I4210165912","display_name":"Laboratoire Traitement et Communication de l\u2019Information","ror":"https://ror.org/057er4c39","country_code":"FR","type":"facility","lineage":["https://openalex.org/I12356871","https://openalex.org/I205703379","https://openalex.org/I4210145102","https://openalex.org/I4210165912"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Thomas Robert","raw_affiliation_strings":["Institut Polytechnique de Paris,Télécom Paris,LTCI,France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institut Polytechnique de Paris,Télécom Paris,LTCI,France","institution_ids":["https://openalex.org/I4210165912"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5006129685","display_name":"Stefano Zacchiroli","orcid":"https://orcid.org/0000-0002-4576-136X"},"institutions":[{"id":"https://openalex.org/I4210165912","display_name":"Laboratoire Traitement et Communication de l\u2019Information","ror":"https://ror.org/057er4c39","country_code":"FR","type":"facility","lineage":["https://openalex.org/I12356871","https://openalex.org/I205703379","https://openalex.org/I4210145102","https://openalex.org/I4210165912"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Stefano Zacchiroli","raw_affiliation_strings":["Institut Polytechnique de Paris,Télécom Paris,LTCI,France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institut Polytechnique de Paris,Télécom Paris,LTCI,France","institution_ids":["https://openalex.org/I4210165912"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5093321072"],"corresponding_institution_ids":["https://openalex.org/I4210165912"],"apc_list":null,"apc_paid":null,"fwci":0.4435,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.73336417,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"3079","last_page":"3088"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.6286754608154297},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6165366172790527},{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.5817883610725403},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5710462927818298},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5462477207183838},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.4893912374973297},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.47705546021461487},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.4133723974227905},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.3509347438812256},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.2687322199344635},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.22060516476631165},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.12088698148727417},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.09490829706192017}],"concepts":[{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.6286754608154297},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6165366172790527},{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.5817883610725403},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5710462927818298},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5462477207183838},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.4893912374973297},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.47705546021461487},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.4133723974227905},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3509347438812256},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2687322199344635},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.22060516476631165},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.12088698148727417},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.09490829706192017},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/bigdata59044.2023.10386091","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/bigdata59044.2023.10386091","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE International Conference on Big Data (BigData)","raw_type":"proceedings-article"},{"id":"pmh:oai:HAL:hal-04292650v1","is_oa":true,"landing_page_url":"https://hal.science/hal-04292650","pdf_url":"https://hal.science/hal-04292650/document","source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"2023 IEEE International Conference on Big Data - 6th Annual Workshop on Cyber Threat Intelligence and Hunting, Dec 2023, Sorrento, Italy, France","raw_type":"Conference papers"}],"best_oa_location":{"id":"pmh:oai:HAL:hal-04292650v1","is_oa":true,"landing_page_url":"https://hal.science/hal-04292650","pdf_url":"https://hal.science/hal-04292650/document","source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"2023 IEEE International Conference on Big Data - 6th Annual Workshop on Cyber Threat Intelligence and Hunting, Dec 2023, Sorrento, Italy, France","raw_type":"Conference papers"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4391094738.pdf"},"referenced_works_count":32,"referenced_works":["https://openalex.org/W433644524","https://openalex.org/W1992114977","https://openalex.org/W2047321828","https://openalex.org/W2069268700","https://openalex.org/W2149142614","https://openalex.org/W2170267084","https://openalex.org/W2537140541","https://openalex.org/W2559532455","https://openalex.org/W2559873118","https://openalex.org/W2745230949","https://openalex.org/W2758108284","https://openalex.org/W2963748706","https://openalex.org/W2964769731","https://openalex.org/W2990842415","https://openalex.org/W3014410422","https://openalex.org/W3033685156","https://openalex.org/W3046453918","https://openalex.org/W3088832243","https://openalex.org/W3100852074","https://openalex.org/W3137262157","https://openalex.org/W3198845576","https://openalex.org/W3211332213","https://openalex.org/W4200256722","https://openalex.org/W4234659140","https://openalex.org/W4301500808","https://openalex.org/W4353069573","https://openalex.org/W4365505517","https://openalex.org/W4376606615","https://openalex.org/W4384345766","https://openalex.org/W4385208592","https://openalex.org/W6804193544","https://openalex.org/W6812742317"],"related_works":["https://openalex.org/W2402565116","https://openalex.org/W2387089893","https://openalex.org/W4360994451","https://openalex.org/W3174927864","https://openalex.org/W3157838713","https://openalex.org/W4200095465","https://openalex.org/W2104846611","https://openalex.org/W945978269","https://openalex.org/W2998983696","https://openalex.org/W2589805430"],"abstract_inverted_index":{"The":[0,71],"use":[1],"of":[2,26,29,38,40,60,73,106,137,174],"free":[3,68],"and":[4,24,34,57,94,103,154,171],"open":[5],"source":[6],"software":[7,12,42,65,92,126],"(FOSS)":[8],"components":[9],"in":[10,141,194],"all":[11],"systems":[13],"is":[14,80,84],"estimated":[15],"to":[16,87,90,119,186],"be":[17,88,167],"above":[18],"90%.":[19],"With":[20],"such":[21],"high":[22,77],"usage":[23,173],"because":[25],"the":[27,36,51,58,64,95,104,117,125,146,172,183,188,195],"heterogeneity":[28],"FOSS":[30,96,142],"tools,":[31],"repositories,":[32],"developers":[33],"ecosystem,":[35],"level":[37,190],"complexity":[39],"managing":[41],"development":[43],"has":[44,48],"also":[45,178],"increased.":[46],"This":[47,149],"amplified":[49],"both":[50],"attack":[52,107],"surface":[53],"for":[54,162,191],"malicious":[55],"actors":[56],"difficulty":[59],"making":[61],"sure":[62],"that":[63,82,158,165],"products":[66,93],"are":[67],"from":[69],"threats.":[70],"rise":[72],"security":[74,163],"incidents":[75],"involving":[76],"profile":[78],"attacks":[79,170],"evidence":[81],"there":[83],"still":[85,115],"much":[86],"done":[89],"safeguard":[91],"supply":[97,127,143],"chain.Software":[98],"Composition":[99],"Analysis":[100],"(SCA)":[101],"tools":[102],"study":[105],"trees":[108],"help":[109],"with":[110,145,182],"improving":[111],"security.":[112],"However,":[113],"they":[114,180],"lack":[116],"ability":[118],"comprehensively":[120],"address":[121],"how":[122,179],"interactions":[123],"within":[124],"chain":[128],"may":[129,166],"impact":[130],"security.This":[131],"work":[132],"presents":[133],"a":[134],"novel":[135],"approach":[136],"assessing":[138],"threat":[139,155,189],"levels":[140],"chains":[144],"log":[147],"model.":[148,196],"model":[150],"provides":[151],"information":[152],"capture":[153],"propagation":[156],"analysis":[157],"not":[159],"only":[160],"account":[161],"risks":[164],"caused":[168],"by":[169],"vulnerable":[175],"software,":[176],"but":[177],"interact":[181],"other":[184],"elements":[185],"affect":[187],"any":[192],"element":[193]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-05-07T13:39:58.223016","created_date":"2025-10-10T00:00:00"}