{"id":"https://openalex.org/W4388622968","doi":"https://doi.org/10.1109/msec.2023.3316569","title":"A Viewpoint on Human Factors in Software Supply Chain Security: A Research Agenda","display_name":"A Viewpoint on Human Factors in Software Supply Chain Security: A Research Agenda","publication_year":2023,"publication_date":"2023-11-01","ids":{"openalex":"https://openalex.org/W4388622968","doi":"https://doi.org/10.1109/msec.2023.3316569"},"language":"en","primary_location":{"id":"doi:10.1109/msec.2023.3316569","is_oa":false,"landing_page_url":"https://doi.org/10.1109/msec.2023.3316569","pdf_url":null,"source":{"id":"https://openalex.org/S61906035","display_name":"IEEE Security & Privacy","issn_l":"1540-7993","issn":["1540-7993","1558-4046"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Security &amp; Privacy","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5018571922","display_name":"Marcel Fourn\u00e9","orcid":"https://orcid.org/0000-0003-4442-0085"},"institutions":[{"id":"https://openalex.org/I4210096592","display_name":"Max Planck Institute for Security and Privacy","ror":"https://ror.org/00bj0r217","country_code":"DE","type":"facility","lineage":["https://openalex.org/I149899117","https://openalex.org/I4210096592"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Marcel Fourn\u00e9","raw_affiliation_strings":["Research Engineer, Max Planck Institute for Security and Privacy, Bochum, Germany"],"raw_orcid":"https://orcid.org/0000-0003-4442-0085","affiliations":[{"raw_affiliation_string":"Research Engineer, Max Planck Institute for Security and Privacy, Bochum, Germany","institution_ids":["https://openalex.org/I4210096592"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004650891","display_name":"Dominik Wermke","orcid":"https://orcid.org/0009-0008-2921-1254"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Dominik Wermke","raw_affiliation_strings":["Department of Computer Science, North Carolina State University (NCSU), Raleigh, NC, USA"],"raw_orcid":"https://orcid.org/0009-0008-2921-1254","affiliations":[{"raw_affiliation_string":"Department of Computer Science, North Carolina State University (NCSU), Raleigh, NC, USA","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087356408","display_name":"Sascha Fahl","orcid":"https://orcid.org/0000-0002-5644-3316"},"institutions":[{"id":"https://openalex.org/I114112103","display_name":"Leibniz University Hannover","ror":"https://ror.org/0304hq317","country_code":"DE","type":"education","lineage":["https://openalex.org/I114112103"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sascha Fahl","raw_affiliation_strings":["Empirical Information Security, Leibniz University Hannover, Hannover, Germany"],"raw_orcid":"https://orcid.org/0000-0002-5644-3316","affiliations":[{"raw_affiliation_string":"Empirical Information Security, Leibniz University Hannover, Hannover, Germany","institution_ids":["https://openalex.org/I114112103"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5074668699","display_name":"Yasemin Acar","orcid":"https://orcid.org/0000-0001-7167-7383"},"institutions":[{"id":"https://openalex.org/I206945453","display_name":"Paderborn University","ror":"https://ror.org/058kzsd48","country_code":"DE","type":"education","lineage":["https://openalex.org/I206945453"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Yasemin Acar","raw_affiliation_strings":["Computer Science, Paderborn University, Paderborn, Germany"],"raw_orcid":"https://orcid.org/0000-0001-7167-7383","affiliations":[{"raw_affiliation_string":"Computer Science, Paderborn University, Paderborn, Germany","institution_ids":["https://openalex.org/I206945453"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.1568,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.90385799,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":"21","issue":"6","first_page":"59","last_page":"63"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9936000108718872,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9936000108718872,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9890999794006348,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9872000217437744,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.672334611415863},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5541413426399231},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5144088864326477},{"id":"https://openalex.org/keywords/factor","display_name":"Factor (programming language)","score":0.5084382891654968},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.44526806473731995},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.44172921776771545},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.40875375270843506},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.31453579664230347},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.31189826130867004},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.19057747721672058},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.08772808313369751},{"id":"https://openalex.org/keywords/marketing","display_name":"Marketing","score":0.06659239530563354}],"concepts":[{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.672334611415863},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5541413426399231},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5144088864326477},{"id":"https://openalex.org/C2781039887","wikidata":"https://www.wikidata.org/wiki/Q1391724","display_name":"Factor (programming language)","level":2,"score":0.5084382891654968},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.44526806473731995},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.44172921776771545},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.40875375270843506},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.31453579664230347},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.31189826130867004},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.19057747721672058},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.08772808313369751},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.06659239530563354},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/msec.2023.3316569","is_oa":false,"landing_page_url":"https://doi.org/10.1109/msec.2023.3316569","pdf_url":null,"source":{"id":"https://openalex.org/S61906035","display_name":"IEEE Security & Privacy","issn_l":"1540-7993","issn":["1540-7993","1558-4046"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Security &amp; Privacy","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G4268000322","display_name":null,"funder_award_id":"CNS-2206865","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W2111978054","https://openalex.org/W2112736324","https://openalex.org/W2170267084","https://openalex.org/W4220682629","https://openalex.org/W4288057810","https://openalex.org/W4321383501","https://openalex.org/W4384948741","https://openalex.org/W4385080312","https://openalex.org/W4385208592"],"related_works":["https://openalex.org/W2767550285","https://openalex.org/W2620085874","https://openalex.org/W2064496565","https://openalex.org/W1575661125","https://openalex.org/W4309070544","https://openalex.org/W2108330697","https://openalex.org/W169337936","https://openalex.org/W2049056888","https://openalex.org/W2365436291","https://openalex.org/W4241842276"],"abstract_inverted_index":{"While":[0],"securing":[1],"dependencies":[2],"and":[3],"build":[4],"systems":[5],"is":[6,32],"necessary,":[7],"recent":[8],"attacks":[9],"have":[10],"shown":[11],"that":[12,27],"developers":[13],"are":[14],"a":[15,24],"commonly":[16],"successfully":[17],"attacked":[18],"link":[19],"in":[20],"the":[21,29],"chain.":[22],"Therefore,":[23],"comprehensive":[25],"approach":[26],"considers":[28],"human":[30],"factor":[31],"crucial":[33],"for":[34],"effective":[35],"software":[36],"supply":[37],"chain":[38],"security.":[39]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}