{"id":"https://openalex.org/W4308562529","doi":"https://doi.org/10.1145/3560835.3564557","title":"On the Use of Tests for Software Supply Chain Threats","display_name":"On the Use of Tests for Software Supply Chain Threats","publication_year":2022,"publication_date":"2022-11-08","ids":{"openalex":"https://openalex.org/W4308562529","doi":"https://doi.org/10.1145/3560835.3564557"},"language":"en","primary_location":{"id":"doi:10.1145/3560835.3564557","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3560835.3564557","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5079590222","display_name":"Joseph Hejderup","orcid":"https://orcid.org/0000-0002-3334-2133"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Joseph Hejderup","raw_affiliation_strings":["Endor Labs Inc., Palo Alto, CA, USA"],"affiliations":[{"raw_affiliation_string":"Endor Labs Inc., Palo Alto, CA, USA","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5079590222"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.2639,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.56801049,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"47","last_page":"49"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7004255056381226},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6676825881004333},{"id":"https://openalex.org/keywords/third-party","display_name":"Third party","score":0.6385027170181274},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5614221692085266},{"id":"https://openalex.org/keywords/reliability","display_name":"Reliability (semiconductor)","score":0.5430784225463867},{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.54015052318573},{"id":"https://openalex.org/keywords/test","display_name":"Test (biology)","score":0.5216451287269592},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.47630393505096436},{"id":"https://openalex.org/keywords/best-practice","display_name":"Best practice","score":0.45534855127334595},{"id":"https://openalex.org/keywords/strengths-and-weaknesses","display_name":"Strengths and weaknesses","score":0.44619351625442505},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.377219557762146},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.35217612981796265},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.19069471955299377},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.18125399947166443}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7004255056381226},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6676825881004333},{"id":"https://openalex.org/C2983583741","wikidata":"https://www.wikidata.org/wiki/Q16785388","display_name":"Third party","level":2,"score":0.6385027170181274},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5614221692085266},{"id":"https://openalex.org/C43214815","wikidata":"https://www.wikidata.org/wiki/Q7310987","display_name":"Reliability (semiconductor)","level":3,"score":0.5430784225463867},{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.54015052318573},{"id":"https://openalex.org/C2777267654","wikidata":"https://www.wikidata.org/wiki/Q3519023","display_name":"Test (biology)","level":2,"score":0.5216451287269592},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.47630393505096436},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.45534855127334595},{"id":"https://openalex.org/C63882131","wikidata":"https://www.wikidata.org/wiki/Q17122954","display_name":"Strengths and weaknesses","level":2,"score":0.44619351625442505},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.377219557762146},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.35217612981796265},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.19069471955299377},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.18125399947166443},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0},{"id":"https://openalex.org/C163258240","wikidata":"https://www.wikidata.org/wiki/Q25342","display_name":"Power (physics)","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3560835.3564557","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3560835.3564557","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.6499999761581421}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W48461931","https://openalex.org/W1971650562","https://openalex.org/W2101058980","https://openalex.org/W2408538694","https://openalex.org/W2548749170","https://openalex.org/W2767231363","https://openalex.org/W2899036005","https://openalex.org/W2963748706","https://openalex.org/W3203026168","https://openalex.org/W3204072835","https://openalex.org/W4316089533"],"related_works":["https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W1590307681","https://openalex.org/W4312814274","https://openalex.org/W4285370786","https://openalex.org/W2296488620","https://openalex.org/W2358353312","https://openalex.org/W2353836703","https://openalex.org/W41015297"],"abstract_inverted_index":{"Development":[0],"teams":[1],"are":[2,75],"increasingly":[3],"investing":[4],"in":[5,40,57,67,77],"automating":[6,156],"the":[7,14,22,107,136,145,153],"updating":[8],"of":[9,17,111,138,147,155],"third-party":[10,68,84,148],"libraries":[11,149],"to":[12,42,63,133],"limit":[13],"patch":[15],"time":[16],"zero-day":[18],"exploits":[19],"such":[20,27,33],"as":[21,28,92],"Equifax":[23],"breach.":[24],"GitHub":[25],"bots":[26],"Dependabot":[29],"and":[30,44,61,73,81,109,115,130,140,150],"Renovate":[31],"build":[32],"functionality":[34],"by":[35],"leveraging":[36],"existing":[37],"test":[38,43,55,71],"infrastructure":[39],"repositories":[41],"evaluate":[45],"new":[46,79],"library":[47,157],"updates.":[48,158],"However,":[49],"two":[50,125],"recent":[51,87],"studies":[52],"suggest":[53],"that":[54,128],"suites":[56],"projects":[58,93],"lack":[59,137],"effectiveness":[60,74],"coverage":[62,72],"reliably":[64],"find":[65],"regressions":[66],"libraries.":[69,85,102],"Adequate":[70],"critical":[76],"discovering":[78],"vulnerabilities":[80],"weaknesses":[82,108],"from":[83,117],"The":[86],"Log4Shell":[88],"incident":[89],"exemplifies":[90],"this,":[91],"will":[94],"likely":[95],"not":[96],"have":[97],"adequate":[98],"tests":[99],"for":[100,143],"logging":[101],"This":[103],"position":[104],"paper":[105],"discusses":[106],"challenges":[110,127],"current":[112],"testing":[113,144],"practices":[114,142],"techniques":[116],"a":[118],"supply":[119],"chain":[120],"security":[121],"perspective.":[122],"We":[123],"highlight":[124],"key":[126],"researchers":[129],"practitioners":[131],"need":[132],"address:":[134],"(1)":[135],"resources":[139],"best":[141],"uses":[146],"(2)":[151],"enhancing":[152],"reliability":[154]},"counts_by_year":[{"year":2024,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}