{"id":"https://openalex.org/W4410887565","doi":"https://doi.org/10.1109/syscon64521.2025.11014830","title":"Supply Chain Risk Analysis Via SBOM Data Enrichment","display_name":"Supply Chain Risk Analysis Via SBOM Data Enrichment","publication_year":2025,"publication_date":"2025-04-07","ids":{"openalex":"https://openalex.org/W4410887565","doi":"https://doi.org/10.1109/syscon64521.2025.11014830"},"language":"en","primary_location":{"id":"doi:10.1109/syscon64521.2025.11014830","is_oa":false,"landing_page_url":"https://doi.org/10.1109/syscon64521.2025.11014830","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International systems Conference (SysCon)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5117770634","display_name":"Antoine Lemay","orcid":null},"institutions":[{"id":"https://openalex.org/I4210150617","display_name":"Hitachi (Canada)","ror":"https://ror.org/03td1t893","country_code":"CA","type":"company","lineage":["https://openalex.org/I4210150617","https://openalex.org/I65143321"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Antoine Lemay","raw_affiliation_strings":["Hitachi Energy Research,Montreal,Canada"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Hitachi Energy Research,Montreal,Canada","institution_ids":["https://openalex.org/I4210150617"]}]},{"author_position":"last","author":{"id":null,"display_name":"Neeraj Katiyar","orcid":null},"institutions":[{"id":"https://openalex.org/I4210150617","display_name":"Hitachi (Canada)","ror":"https://ror.org/03td1t893","country_code":"CA","type":"company","lineage":["https://openalex.org/I4210150617","https://openalex.org/I65143321"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Neeraj Katiyar","raw_affiliation_strings":["Hitachi Energy Research,Montreal,Canada"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Hitachi Energy Research,Montreal,Canada","institution_ids":["https://openalex.org/I4210150617"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.2,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.91745673,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11864","display_name":"Supply Chain Resilience and Risk Management","score":0.8725000023841858,"subfield":{"id":"https://openalex.org/subfields/1408","display_name":"Strategy and Management"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11864","display_name":"Supply Chain Resilience and Risk Management","score":0.8725000023841858,"subfield":{"id":"https://openalex.org/subfields/1408","display_name":"Strategy and Management"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.810699999332428,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.7498999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.5642691850662231},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.46561527252197266},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.3830312490463257},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.3118212819099426},{"id":"https://openalex.org/keywords/marketing","display_name":"Marketing","score":0.07139936089515686}],"concepts":[{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.5642691850662231},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.46561527252197266},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3830312490463257},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.3118212819099426},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.07139936089515686}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/syscon64521.2025.11014830","is_oa":false,"landing_page_url":"https://doi.org/10.1109/syscon64521.2025.11014830","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International systems Conference (SysCon)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W3131069091","https://openalex.org/W3186780619","https://openalex.org/W3206583257","https://openalex.org/W4310928915","https://openalex.org/W4384345766","https://openalex.org/W4386977908","https://openalex.org/W4390541824","https://openalex.org/W4400153951","https://openalex.org/W6862407746"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"The":[0],"attempt":[1],"to":[2,31,64,76,87,95,101,128],"backdoor":[3],"SSH":[4],"via":[5],"an":[6],"infiltration":[7],"operation":[8],"in":[9],"one":[10],"of":[11,21,28,38,69,105,117],"its":[12,74],"dependencies,":[13],"namely":[14],"the":[15,19,29,97,103,133],"XZ":[16],"library,":[17],"illustrated":[18],"importance":[20],"robust":[22],"software":[23,36],"supply":[24,71,118],"chain":[25,119],"security.":[26],"One":[27],"tools":[30],"achieve":[32],"this":[33,42,88],"objective":[34],"is":[35],"bill":[37],"materials":[39],"(SBOM).":[40],"In":[41,108,130],"paper,":[43],"we":[44,84,111,136],"proposed":[45],"enriching":[46],"data":[47,134],"from":[48,56],"our":[49,70,106],"internal":[50],"SBOM":[51],"tooling":[52],"with":[53],"maintenance-related":[54],"metadata":[55],"GitHub":[57],"and":[58,90,150],"Node":[59],"Package":[60],"Manager":[61],"(npm)":[62],"repositories":[63],"get":[65],"a":[66,92],"better":[67],"understanding":[68],"chain,":[72],"regarding":[73],"susceptibility":[75],"XZ-type":[77],"infiltration.":[78],"We":[79],"defined":[80],"several":[81,138],"features":[82],"that":[83,124],"believed":[85],"contributed":[86],"risk":[89,93],"calculated":[91],"metric":[94],"identify":[96,114],"most":[98],"extreme":[99],"cases":[100,139],"test":[102],"validity":[104],"approach.":[107],"doing":[109],"so,":[110],"did":[112],"not":[113],"any":[115],"case":[116],"attacks":[120],"but":[121],"identified":[122],"libraries":[123],"could":[125],"be":[126],"susceptible":[127],"it.":[129],"addition,":[131],"during":[132],"analysis":[135],"encountered":[137],"where":[140],"developers":[141],"were":[142],"making":[143],"seemingly":[144],"irrational":[145],"tradeoffs":[146],"between":[147],"productivity":[148],"gains":[149],"technical":[151],"debt,":[152],"including":[153],"cyber":[154],"security":[155],"risks.":[156]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}