{"id":"https://openalex.org/W4388954904","doi":"https://doi.org/10.1145/3605770.3625214","title":"An Empirical Study on Using Large Language Models to Analyze Software Supply Chain Security Failures","display_name":"An Empirical Study on Using Large Language Models to Analyze Software Supply Chain Security Failures","publication_year":2023,"publication_date":"2023-11-23","ids":{"openalex":"https://openalex.org/W4388954904","doi":"https://doi.org/10.1145/3605770.3625214"},"language":"en","primary_location":{"id":"doi:10.1145/3605770.3625214","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3605770.3625214","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3605770.3625214","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3605770.3625214","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5092796572","display_name":"Tanmay Singla","orcid":"https://orcid.org/0009-0002-9108-1514"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tanmay Singla","raw_affiliation_strings":["Purdue University, West Lafayette, IN, USA"],"raw_orcid":"https://orcid.org/0009-0002-9108-1514","affiliations":[{"raw_affiliation_string":"Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083834096","display_name":"Dharun Anandayuvaraj","orcid":"https://orcid.org/0000-0001-6191-1180"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Dharun Anandayuvaraj","raw_affiliation_strings":["Purdue University, West Lafayette, IN, USA"],"raw_orcid":"https://orcid.org/0000-0001-6191-1180","affiliations":[{"raw_affiliation_string":"Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5092698786","display_name":"Kelechi G. Kalu","orcid":"https://orcid.org/0000-0002-8749-9697"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kelechi G. Kalu","raw_affiliation_strings":["Purdue University, West Lafayette, IN, USA"],"raw_orcid":"https://orcid.org/0000-0002-8749-9697","affiliations":[{"raw_affiliation_string":"Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058699162","display_name":"Taylor R. Schorlemmer","orcid":"https://orcid.org/0000-0003-2181-5527"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Taylor R. Schorlemmer","raw_affiliation_strings":["Purdue University, West Lafayette, IN, USA"],"raw_orcid":"https://orcid.org/0000-0003-2181-5527","affiliations":[{"raw_affiliation_string":"Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5013948143","display_name":"James C. Davis","orcid":"https://orcid.org/0000-0003-2495-686X"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"James C. Davis","raw_affiliation_strings":["Purdue University, West Lafayette, IN, USA"],"raw_orcid":"https://orcid.org/0000-0003-2495-686X","affiliations":[{"raw_affiliation_string":"Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I219193219"],"apc_list":null,"apc_paid":null,"fwci":4.4386,"has_fulltext":true,"cited_by_count":22,"citation_normalized_percentile":{"value":0.97226754,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"5","last_page":"15"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6893922090530396},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6242458820343018},{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.5785719156265259},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4988722801208496},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.49345412850379944},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.48487791419029236},{"id":"https://openalex.org/keywords/categorization","display_name":"Categorization","score":0.4234873652458191},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.39708900451660156},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3628695607185364},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.273792028427124},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.22095069289207458},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.17135241627693176},{"id":"https://openalex.org/keywords/marketing","display_name":"Marketing","score":0.08510294556617737}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6893922090530396},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6242458820343018},{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.5785719156265259},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4988722801208496},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.49345412850379944},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.48487791419029236},{"id":"https://openalex.org/C94124525","wikidata":"https://www.wikidata.org/wiki/Q912550","display_name":"Categorization","level":2,"score":0.4234873652458191},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.39708900451660156},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3628695607185364},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.273792028427124},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.22095069289207458},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.17135241627693176},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.08510294556617737},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3605770.3625214","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3605770.3625214","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3605770.3625214","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3605770.3625214","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3605770.3625214","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3605770.3625214","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/4","display_name":"Quality Education","score":0.46000000834465027}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320307791","display_name":"Cisco Systems","ror":"https://ror.org/03yt1ez60"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4388954904.pdf","grobid_xml":"https://content.openalex.org/works/W4388954904.grobid-xml"},"referenced_works_count":49,"referenced_works":["https://openalex.org/W40566595","https://openalex.org/W199384682","https://openalex.org/W1504550119","https://openalex.org/W2000351074","https://openalex.org/W2089983832","https://openalex.org/W2101678831","https://openalex.org/W2107249747","https://openalex.org/W2126574721","https://openalex.org/W2128200145","https://openalex.org/W2136076768","https://openalex.org/W2145071552","https://openalex.org/W2257451327","https://openalex.org/W2530458615","https://openalex.org/W2532945044","https://openalex.org/W2606939423","https://openalex.org/W2613761352","https://openalex.org/W2620994026","https://openalex.org/W2889097348","https://openalex.org/W2915997584","https://openalex.org/W2999173898","https://openalex.org/W3024613973","https://openalex.org/W3040158574","https://openalex.org/W3046453918","https://openalex.org/W3047881323","https://openalex.org/W3127557348","https://openalex.org/W3153389197","https://openalex.org/W3185341429","https://openalex.org/W3200866585","https://openalex.org/W3211608049","https://openalex.org/W3214874403","https://openalex.org/W4226346873","https://openalex.org/W4244831466","https://openalex.org/W4246394460","https://openalex.org/W4283720448","https://openalex.org/W4285325114","https://openalex.org/W4297676335","https://openalex.org/W4297801719","https://openalex.org/W4308562555","https://openalex.org/W4362515116","https://openalex.org/W4378508740","https://openalex.org/W4385208592","https://openalex.org/W4385245566","https://openalex.org/W4385301055","https://openalex.org/W4390874818","https://openalex.org/W6663855623","https://openalex.org/W6677065307","https://openalex.org/W6739901393","https://openalex.org/W6801527378","https://openalex.org/W6851775633"],"related_works":["https://openalex.org/W2165912799","https://openalex.org/W2735662278","https://openalex.org/W2382615723","https://openalex.org/W4311804456","https://openalex.org/W1987484445","https://openalex.org/W2623658258","https://openalex.org/W2143413548","https://openalex.org/W1969219540","https://openalex.org/W2370459448","https://openalex.org/W2105067402"],"abstract_inverted_index":{"As":[0],"we":[1,100],"increasingly":[2],"depend":[3],"on":[4],"software":[5,13,112,126,184],"systems,":[6],"the":[7,12,35,93,102,121,135,189],"consequences":[8],"of":[9,54,74,95,104,124,134,153,166,173,220],"breaches":[10,45],"in":[11,28,212],"supply":[14,113,127,185],"chain":[15,114,128,186],"become":[16],"more":[17,75],"severe.":[18],"High-profile":[19],"cyber":[20],"attacks":[21],"like":[22],"SolarWinds":[23],"and":[24,31,61,71,157,168,215,222],"ShadowHammer":[25],"have":[26],"resulted":[27],"significant":[29],"financial":[30],"data":[32],"losses,":[33],"underlining":[34],"need":[36],"for":[37,144,195],"stronger":[38],"cybersecurity.":[39],"One":[40],"way":[41],"to":[42,91,109,119,146],"prevent":[43],"future":[44],"is":[46],"by":[47,132,149],"studying":[48],"past":[49,56],"failures.":[50,76,96,223],"However,":[51],"traditional":[52],"methods":[53],"analyzing":[55],"failures":[57,130,187],"require":[58],"manually":[59],"reading":[60],"summarizing":[62],"reports":[63],"about":[64],"them.":[65],"Automated":[66],"support":[67],"could":[68,88],"reduce":[69],"costs":[70],"allow":[72],"analysis":[73,94,123],"Natural":[77],"Language":[78,85,106],"Processing":[79],"(NLP)":[80],"techniques":[81],"such":[82],"as":[83],"Large":[84,105],"Models":[86,107],"(LLMs)":[87,108],"be":[89],"leveraged":[90],"assist":[92],"In":[97],"this":[98,213],"study,":[99],"assessed":[101],"ability":[103],"analyze":[110],"historical":[111],"breaches.":[115],"We":[116,141,178],"used":[117],"LLMs":[118,145,181],"replicate":[120],"manual":[122,198],"69":[125],"security":[129],"performed":[131],"members":[133],"Cloud":[136],"Native":[137],"Computing":[138],"Foundation":[139],"(CNCF).":[140],"developed":[142],"prompts":[143],"categorize":[147],"these":[148,176],"four":[150],"dimensions:":[151],"type":[152],"compromise,":[154],"intent,":[155],"nature,":[156],"impact.":[158],"GPT":[159],"3.5's":[160],"categorizations":[161],"had":[162,170],"an":[163,171],"average":[164],"accuracy":[165,172],"68%":[167],"Bard's":[169],"58%":[174],"over":[175],"dimensions.":[177],"report":[179],"that":[180],"effectively":[182],"characterize":[183],"when":[188],"source":[190],"articles":[191,221],"are":[192],"detailed":[193],"enough":[194],"consensus":[196],"among":[197],"analysts,":[199],"but":[200],"cannot":[201],"yet":[202],"replace":[203],"human":[204],"analysts.":[205],"Future":[206],"work":[207],"can":[208],"improve":[209],"LLM":[210],"performance":[211],"context,":[214],"study":[216],"a":[217],"broader":[218],"range":[219]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":16},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1}],"updated_date":"2026-06-26T08:34:08.712188","created_date":"2025-10-10T00:00:00"}