{"id":"https://openalex.org/W4296974094","doi":"https://doi.org/10.1145/3560835.3564555","title":"Talking Trojan","display_name":"Talking Trojan","publication_year":2022,"publication_date":"2022-11-08","ids":{"openalex":"https://openalex.org/W4296974094","doi":"https://doi.org/10.1145/3560835.3564555"},"language":"en","primary_location":{"id":"doi:10.1145/3560835.3564555","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3560835.3564555","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3560835.3564555","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3560835.3564555","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5058523704","display_name":"Nicholas Boucher","orcid":"https://orcid.org/0000-0002-5674-3730"},"institutions":[{"id":"https://openalex.org/I241749","display_name":"University of Cambridge","ror":"https://ror.org/013meh722","country_code":"GB","type":"education","lineage":["https://openalex.org/I241749"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Nicholas Boucher","raw_affiliation_strings":["University of Cambridge, Cambridge, United Kingdom"],"affiliations":[{"raw_affiliation_string":"University of Cambridge, Cambridge, United Kingdom","institution_ids":["https://openalex.org/I241749"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5046983053","display_name":"Ross Anderson","orcid":"https://orcid.org/0000-0001-8697-5682"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ross Anderson","raw_affiliation_strings":["Universities of Cambridge and Edinburgh, Cambridge, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Universities of Cambridge and Edinburgh, Cambridge, United Kingdom","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5058523704"],"corresponding_institution_ids":["https://openalex.org/I241749"],"apc_list":null,"apc_paid":null,"fwci":0.96218734,"has_fulltext":true,"cited_by_count":3,"citation_normalized_percentile":{"value":0.76347581,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"83","last_page":"92"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10081","display_name":"Auditing, Earnings Management, Governance","score":0.8335999846458435,"subfield":{"id":"https://openalex.org/subfields/1402","display_name":"Accounting"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10081","display_name":"Auditing, Earnings Management, Governance","score":0.8335999846458435,"subfield":{"id":"https://openalex.org/subfields/1402","display_name":"Accounting"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T13957","display_name":"Corporate Governance and Financial Management","score":0.7232000231742859,"subfield":{"id":"https://openalex.org/subfields/1408","display_name":"Strategy and Management"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/trojan","display_name":"Trojan","score":0.8201962113380432},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6331263184547424},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6078811883926392},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.5904028415679932},{"id":"https://openalex.org/keywords/government","display_name":"Government (linguistics)","score":0.5433065295219421},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5322598814964294},{"id":"https://openalex.org/keywords/compiler","display_name":"Compiler","score":0.5301409959793091},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5086218118667603},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4832392632961273},{"id":"https://openalex.org/keywords/interpreter","display_name":"Interpreter","score":0.42105239629745483},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3427008390426636},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3322981595993042},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1979275941848755}],"concepts":[{"id":"https://openalex.org/C174333608","wikidata":"https://www.wikidata.org/wiki/Q19635","display_name":"Trojan","level":2,"score":0.8201962113380432},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6331263184547424},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6078811883926392},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.5904028415679932},{"id":"https://openalex.org/C2778137410","wikidata":"https://www.wikidata.org/wiki/Q2732820","display_name":"Government (linguistics)","level":2,"score":0.5433065295219421},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5322598814964294},{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.5301409959793091},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5086218118667603},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4832392632961273},{"id":"https://openalex.org/C122783720","wikidata":"https://www.wikidata.org/wiki/Q183065","display_name":"Interpreter","level":2,"score":0.42105239629745483},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3427008390426636},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3322981595993042},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1979275941848755},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3560835.3564555","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3560835.3564555","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3560835.3564555","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2209.10717","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2209.10717","pdf_url":"https://arxiv.org/pdf/2209.10717","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"doi:10.1145/3560835.3564555","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3560835.3564555","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3560835.3564555","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Partnerships for the goals","id":"https://metadata.un.org/sdg/17","score":0.49000000953674316}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4296974094.pdf","grobid_xml":"https://content.openalex.org/works/W4296974094.grobid-xml"},"referenced_works_count":3,"referenced_works":["https://openalex.org/W2752976060","https://openalex.org/W3137262157","https://openalex.org/W4288057714"],"related_works":["https://openalex.org/W4253721122","https://openalex.org/W1671033612","https://openalex.org/W4389527383","https://openalex.org/W4206524843","https://openalex.org/W2139923244","https://openalex.org/W2237899707","https://openalex.org/W576137284","https://openalex.org/W2116135171","https://openalex.org/W4307856894","https://openalex.org/W4308001588"],"abstract_inverted_index":{"While":[0],"vulnerability":[1,36],"research":[2],"often":[3],"focuses":[4],"on":[5,101,111],"technical":[6],"findings":[7],"and":[8,44,61,88],"post-public":[9],"release":[10],"industrial":[11],"response,":[12],"we":[13],"provide":[14],"an":[15,48,99],"analysis":[16],"of":[17,20],"the":[18,21,23,76,96,105,123],"rest":[19],"story:":[22],"coordinated":[24,125],"disclosure":[25,83,126],"process":[26],"from":[27],"discovery":[28],"through":[29],"public":[30],"release.":[31],"The":[32],"industry-wide":[33],"'Trojan":[34],"Source'":[35],"which":[37],"affected":[38],"most":[39],"compilers,":[40],"interpreters,":[41],"code":[42,45,103],"editors,":[43],"repositories":[46],"provided":[47],"interesting":[49],"natural":[50],"experiment,":[51],"enabling":[52],"us":[53],"to":[54,98,107,121],"compare":[55,95],"responses":[56],"by":[57,62],"firms":[58,63,70],"versus":[59,69],"nonprofits":[60],"that":[64,71],"managed":[65],"their":[66],"own":[67],"response":[68,97,106],"outsourced":[72],"it.":[73],"We":[74,94,117],"document":[75],"interaction":[77],"with":[78,104,119],"bug":[79],"bounty":[80],"programs,":[81],"government":[82],"assistance,":[84],"academic":[85],"peer":[86],"review,":[87],"press":[89],"coverage,":[90],"among":[91],"other":[92],"topics.":[93],"attack":[100,110],"source":[102],"a":[108],"comparable":[109],"NLP":[112],"systems":[113],"employing":[114],"machine-learning":[115],"techniques.":[116],"conclude":[118],"recommendations":[120],"improve":[122],"global":[124],"system.":[127]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":2}],"updated_date":"2026-02-09T09:26:11.010843","created_date":"2022-09-25T00:00:00"}