{"id":"https://openalex.org/W4406247337","doi":"https://doi.org/10.1142/s021819402550010x","title":"<scp>OscSe</scp>: A Practical Security Assessment Model for General Open Source Components","display_name":"<scp>OscSe</scp>: A Practical Security Assessment Model for General Open Source Components","publication_year":2025,"publication_date":"2025-01-10","ids":{"openalex":"https://openalex.org/W4406247337","doi":"https://doi.org/10.1142/s021819402550010x"},"language":"en","primary_location":{"id":"doi:10.1142/s021819402550010x","is_oa":false,"landing_page_url":"https://doi.org/10.1142/s021819402550010x","pdf_url":null,"source":{"id":"https://openalex.org/S131442419","display_name":"International Journal of Software Engineering and Knowledge Engineering","issn_l":"0218-1940","issn":["0218-1940","1793-6403"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319815","host_organization_name":"World Scientific","host_organization_lineage":["https://openalex.org/P4310319815"],"host_organization_lineage_names":["World Scientific"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Software Engineering and Knowledge Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100653662","display_name":"Ziyan Wang","orcid":"https://orcid.org/0000-0001-9264-2841"},"institutions":[{"id":"https://openalex.org/I24185976","display_name":"Sichuan University","ror":"https://ror.org/011ashp19","country_code":"CN","type":"education","lineage":["https://openalex.org/I24185976"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Ziyan Wang","raw_affiliation_strings":["School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, P.\u00a0R.\u00a0China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, P.\u00a0R.\u00a0China","institution_ids":["https://openalex.org/I24185976"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103571629","display_name":"Cheng Huang","orcid":null},"institutions":[{"id":"https://openalex.org/I24185976","display_name":"Sichuan University","ror":"https://ror.org/011ashp19","country_code":"CN","type":"education","lineage":["https://openalex.org/I24185976"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Cheng Huang","raw_affiliation_strings":["School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, P.\u00a0R.\u00a0China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, P.\u00a0R.\u00a0China","institution_ids":["https://openalex.org/I24185976"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100658700","display_name":"You Yang","orcid":"https://orcid.org/0000-0002-5695-1046"},"institutions":[{"id":"https://openalex.org/I4210126929","display_name":"CE Technologies (United Kingdom)","ror":"https://ror.org/02pw67e25","country_code":"GB","type":"company","lineage":["https://openalex.org/I4210126929"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Yang You","raw_affiliation_strings":["Nsfocus Technologies Group Co., Ltd., Beijing 10089, P.\u00a0R.\u00a0China"],"affiliations":[{"raw_affiliation_string":"Nsfocus Technologies Group Co., Ltd., Beijing 10089, P.\u00a0R.\u00a0China","institution_ids":["https://openalex.org/I4210126929"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5100653662"],"corresponding_institution_ids":["https://openalex.org/I24185976"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.00474306,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"23"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.8399999737739563,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.8399999737739563,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13999","display_name":"Digital Rights Management and Security","score":0.7721999883651733,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.6937000155448914,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/open-source","display_name":"Open source","score":0.6517845988273621},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6224452257156372},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.4503253996372223},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.40701502561569214},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.38785314559936523},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.15907052159309387},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.11946660280227661}],"concepts":[{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.6517845988273621},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6224452257156372},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.4503253996372223},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.40701502561569214},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.38785314559936523},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.15907052159309387},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.11946660280227661}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1142/s021819402550010x","is_oa":false,"landing_page_url":"https://doi.org/10.1142/s021819402550010x","pdf_url":null,"source":{"id":"https://openalex.org/S131442419","display_name":"International Journal of Software Engineering and Knowledge Engineering","issn_l":"0218-1940","issn":["0218-1940","1793-6403"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319815","host_organization_name":"World Scientific","host_organization_lineage":["https://openalex.org/P4310319815"],"host_organization_lineage_names":["World Scientific"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Software Engineering and Knowledge Engineering","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W2004584049","https://openalex.org/W2015729052","https://openalex.org/W2017530789","https://openalex.org/W2026997423","https://openalex.org/W2034960640","https://openalex.org/W2036398651","https://openalex.org/W2038526668","https://openalex.org/W2040280148","https://openalex.org/W2063770056","https://openalex.org/W2069205948","https://openalex.org/W2077937403","https://openalex.org/W2082608961","https://openalex.org/W2097515494","https://openalex.org/W2099432245","https://openalex.org/W2105300539","https://openalex.org/W2121866145","https://openalex.org/W2159610968","https://openalex.org/W2171071863","https://openalex.org/W2512328062","https://openalex.org/W2766411424","https://openalex.org/W2884852277","https://openalex.org/W2885479617","https://openalex.org/W2914047920","https://openalex.org/W3088005007","https://openalex.org/W3163214939","https://openalex.org/W3167050758"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Open":[0],"source":[1,124,186,242],"components":[2,17],"(OSCs)":[3],"have":[4],"become":[5],"a":[6,68,93,158,239],"vital":[7],"part":[8],"for":[9,72],"developing":[10],"modern":[11],"applications.":[12],"The":[13,82,193,229],"security":[14,22,31,69,110,211],"of":[15,23,32,111,122,149,172,195,234],"these":[16],"could":[18],"affect":[19],"the":[20,24,30,42,45,75,88,109,130,140,146,150,162,175,198,204,210,215,232,245],"overall":[21],"software":[25],"depends":[26],"on":[27],"them.":[28],"Thus,":[29],"an":[33],"OSC":[34,91,112],"should":[35],"be":[36,52],"evaluated":[37],"first":[38],"before":[39],"integrating":[40],"to":[41,56,102,214,237],"software.":[43],"However,":[44],"existing":[46],"models":[47],"lack":[48],"generality,":[49],"and":[50,80,95,126,136,155,169,217],"cannot":[51],"easily":[53],"automatic":[54],"applied":[55],"OSCs":[57,196,220],"developed":[58],"in":[59,116,197,201],"different":[60],"programming":[61],"language.":[62],"To":[63],"this":[64],"end,":[65],"we":[66,133,143,178,207],"propose":[67],"assessment":[70],"model":[71,84,152,226,236],"OSCs,":[73],"called":[74],"CRAM,":[76],"which":[77],"features":[78],"generality":[79],"automation.":[81],"proposed":[83,151],"is":[85,99,153,157,190],"constructed":[86],"under":[87],"hypothesis":[89,148,189],"that":[90,145],"with":[92,183,203],"larger":[94],"more":[96,100,104],"active":[97],"community":[98,125,163],"likely":[101],"disclose":[103],"vulnerabilities.":[105],"And":[106],"it":[107],"evaluates":[108],"from":[113],"its":[114],"performance":[115],"size":[117,164],"as":[118,120,165,167,222],"well":[119,166],"activities":[121,168],"open":[123,185,241],"vulnerability":[127,170],"disclosures.":[128],"In":[129,139,174],"experiment":[131],"section,":[132],"present":[134],"validation":[135,141],"application":[137,176],"experiments.":[138],"experiment,":[142,177],"find":[144],"basic":[147],"valid,":[154],"there":[156],"positive":[159],"correlation":[160],"between":[161],"risk":[171],"OSCs.":[173],"further":[179,191],"evaluate":[180],"our":[181,225,235],"approach":[182],"large-scale":[184],"components.":[187],"Our":[188],"validated.":[192],"most":[194],"ecosystem":[199,243],"are":[200,227],"line":[202],"hypothesis.":[205],"Finally,":[206],"successfully":[208],"build":[209],"baseline":[212],"according":[213],"hypothesis,":[216],"5":[218],"vulnerable":[219,223,240],"classified":[221],"by":[224],"analyzed.":[228],"result":[230],"proves":[231],"effectiveness":[233],"identify":[238],"around":[244],"ecosystem.":[246]},"counts_by_year":[],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-01-11T00:00:00"}