{"id":"https://openalex.org/W4309135084","doi":"https://doi.org/10.1145/3570923","title":"OSS Supply-chain Security: What Will It Take?","display_name":"OSS Supply-chain Security: What Will It Take?","publication_year":2022,"publication_date":"2022-10-31","ids":{"openalex":"https://openalex.org/W4309135084","doi":"https://doi.org/10.1145/3570923"},"language":"en","primary_location":{"id":"doi:10.1145/3570923","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3570923","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3570923","source":{"id":"https://openalex.org/S45584542","display_name":"Queue","issn_l":"1542-7730","issn":["1542-7730","1542-7749"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Queue","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3570923","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5045727485","display_name":"Maya Kaczorowski","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Maya Kaczorowski","raw_affiliation_strings":["Tailscale"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Tailscale","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017963899","display_name":"Falcon Momot","orcid":"https://orcid.org/0000-0001-9655-8321"},"institutions":[{"id":"https://openalex.org/I4210146606","display_name":"Shanmuganathan Engineering College","ror":"https://ror.org/052frf812","country_code":"IN","type":"education","lineage":["https://openalex.org/I4210146606"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Falcon Momot","raw_affiliation_strings":["Leviathan Security"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Leviathan Security","institution_ids":["https://openalex.org/I4210146606"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086373341","display_name":"George V. Neville-Neil","orcid":"https://orcid.org/0000-0003-1223-2637"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"George V. Neville-Neil","raw_affiliation_strings":[""],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5037966810","display_name":"Chris McCubbin","orcid":null},"institutions":[{"id":"https://openalex.org/I1311688040","display_name":"Amazon (United States)","ror":"https://ror.org/04mv4n011","country_code":"US","type":"company","lineage":["https://openalex.org/I1311688040"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chris McCubbin","raw_affiliation_strings":["Amazon Web Services"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Amazon Web Services","institution_ids":["https://openalex.org/I1311688040"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5045727485"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.13133083,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"20","issue":"5","first_page":"86","last_page":"102"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.991100013256073,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9865999817848206,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7828402519226074},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7519134879112244},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6923046112060547},{"id":"https://openalex.org/keywords/cybercrime","display_name":"Cybercrime","score":0.6734800934791565},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6579703688621521},{"id":"https://openalex.org/keywords/codebase","display_name":"Codebase","score":0.5801499485969543},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.520497739315033},{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.5047646760940552},{"id":"https://openalex.org/keywords/point","display_name":"Point (geometry)","score":0.48732003569602966},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4365638792514801},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4252763092517853},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.32858794927597046},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.1964239776134491},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.17634013295173645},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.08318105340003967}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7828402519226074},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7519134879112244},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6923046112060547},{"id":"https://openalex.org/C2779390178","wikidata":"https://www.wikidata.org/wiki/Q29137","display_name":"Cybercrime","level":3,"score":0.6734800934791565},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6579703688621521},{"id":"https://openalex.org/C51929080","wikidata":"https://www.wikidata.org/wiki/Q2425187","display_name":"Codebase","level":3,"score":0.5801499485969543},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.520497739315033},{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.5047646760940552},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.48732003569602966},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4365638792514801},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4252763092517853},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.32858794927597046},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.1964239776134491},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.17634013295173645},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.08318105340003967},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3570923","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3570923","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3570923","source":{"id":"https://openalex.org/S45584542","display_name":"Queue","issn_l":"1542-7730","issn":["1542-7730","1542-7749"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Queue","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3570923","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3570923","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3570923","source":{"id":"https://openalex.org/S45584542","display_name":"Queue","issn_l":"1542-7730","issn":["1542-7730","1542-7749"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Queue","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.6399999856948853,"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4309135084.pdf","grobid_xml":"https://content.openalex.org/works/W4309135084.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W4284893819","https://openalex.org/W4366249425","https://openalex.org/W2900235625","https://openalex.org/W3196431560","https://openalex.org/W2242743405","https://openalex.org/W4235738472","https://openalex.org/W2397135192","https://openalex.org/W2312254734","https://openalex.org/W4309135084","https://openalex.org/W1778399108"],"abstract_inverted_index":{"While":[0],"enterprise":[1],"security":[2],"teams":[3],"naturally":[4],"tend":[5],"to":[6,11,31,76,84],"turn":[7],"their":[8,15],"focus":[9],"primarily":[10],"direct":[12],"attacks":[13],"on":[14],"own":[16],"infrastructure,":[17],"cybercrime":[18,64],"exploits":[19],"now":[20],"are":[21,73],"increasingly":[22],"aimed":[23],"at":[24,41,45,81],"easier":[25],"targets":[26],"upstream.":[27],"This":[28],"has":[29,67],"led":[30],"a":[32],"perfect":[33],"storm,":[34],"since":[35],"virtually":[36],"all":[37],"significant":[38],"codebase":[39],"repositories":[40],"this":[42,82],"point":[43,83],"include":[44],"least":[46],"some":[47],"amount":[48],"of":[49,60],"open-source":[50,70],"software.":[51],"But":[52],"opportunities":[53],"also":[54],"abound":[55],"there":[56],"for":[57],"the":[58,86],"authors":[59],"malware.":[61],"The":[62],"broader":[63],"world,":[65],"meanwhile,":[66],"noted":[68],"that":[69],"supply":[71],"chains":[72],"generally":[74],"easy":[75],"penetrate.":[77],"What's":[78],"being":[79],"done":[80],"address":[85],"apparent":[87],"risks?":[88]},"counts_by_year":[],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}