{"id":"https://openalex.org/W4404514821","doi":"https://doi.org/10.1145/3689944.3696160","title":"Developers' Approaches to Software Supply Chain Security: An Interview Study","display_name":"Developers' Approaches to Software Supply Chain Security: An Interview Study","publication_year":2023,"publication_date":"2023-11-19","ids":{"openalex":"https://openalex.org/W4404514821","doi":"https://doi.org/10.1145/3689944.3696160"},"language":"en","primary_location":{"id":"doi:10.1145/3689944.3696160","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3689944.3696160","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5114708587","display_name":"Rami Sammak","orcid":null},"institutions":[{"id":"https://openalex.org/I206945453","display_name":"Paderborn University","ror":"https://ror.org/058kzsd48","country_code":"DE","type":"education","lineage":["https://openalex.org/I206945453"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Rami Sammak","raw_affiliation_strings":["Paderborn University, Paderborn, Germany"],"raw_orcid":"https://orcid.org/0009-0009-9061-9563","affiliations":[{"raw_affiliation_string":"Paderborn University, Paderborn, Germany","institution_ids":["https://openalex.org/I206945453"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114708588","display_name":"Anna Lena Rotthaler","orcid":"https://orcid.org/0009-0009-7785-7110"},"institutions":[{"id":"https://openalex.org/I206945453","display_name":"Paderborn University","ror":"https://ror.org/058kzsd48","country_code":"DE","type":"education","lineage":["https://openalex.org/I206945453"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Anna Lena Rotthaler","raw_affiliation_strings":["Paderborn University, Paderborn, Germany"],"raw_orcid":"https://orcid.org/0009-0009-7785-7110","affiliations":[{"raw_affiliation_string":"Paderborn University, Paderborn, Germany","institution_ids":["https://openalex.org/I206945453"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074142826","display_name":"Harshini Sri Ramulu","orcid":"https://orcid.org/0000-0002-0000-5843"},"institutions":[{"id":"https://openalex.org/I206945453","display_name":"Paderborn University","ror":"https://ror.org/058kzsd48","country_code":"DE","type":"education","lineage":["https://openalex.org/I206945453"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Harshini Sri Ramulu","raw_affiliation_strings":["Paderborn University, Paderborn, Germany"],"raw_orcid":"https://orcid.org/0000-0002-0000-5843","affiliations":[{"raw_affiliation_string":"Paderborn University, Paderborn, Germany","institution_ids":["https://openalex.org/I206945453"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004650891","display_name":"Dominik Wermke","orcid":"https://orcid.org/0009-0008-2921-1254"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Dominik Wermke","raw_affiliation_strings":["North Carolina State University, Raleigh, NC, USA"],"raw_orcid":"https://orcid.org/0009-0008-2921-1254","affiliations":[{"raw_affiliation_string":"North Carolina State University, Raleigh, NC, USA","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5074668699","display_name":"Yasemin Acar","orcid":"https://orcid.org/0000-0001-7167-7383"},"institutions":[{"id":"https://openalex.org/I206945453","display_name":"Paderborn University","ror":"https://ror.org/058kzsd48","country_code":"DE","type":"education","lineage":["https://openalex.org/I206945453"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Yasemin Acar","raw_affiliation_strings":["Paderborn University &amp; George Washington University, Paderborn, Germany"],"raw_orcid":"https://orcid.org/0000-0001-7167-7383","affiliations":[{"raw_affiliation_string":"Paderborn University &amp; George Washington University, Paderborn, Germany","institution_ids":["https://openalex.org/I206945453"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.8627,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.82559027,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"56","last_page":"66"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6634502410888672},{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.6033196449279785},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5208469033241272},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5095491409301758},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.45749175548553467},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.39433830976486206},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.2624242901802063},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.2226848006248474},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.20113369822502136},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.13498347997665405}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6634502410888672},{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.6033196449279785},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5208469033241272},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5095491409301758},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.45749175548553467},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.39433830976486206},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2624242901802063},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.2226848006248474},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.20113369822502136},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.13498347997665405},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3689944.3696160","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3689944.3696160","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G6452848497","display_name":null,"funder_award_id":"CNS-2207008 CNS-2206865","funder_id":"https://openalex.org/F4320323817","funder_display_name":"Universitas Brawijaya"}],"funders":[{"id":"https://openalex.org/F4320323817","display_name":"Universitas Brawijaya","ror":"https://ror.org/01wk3d929"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":54,"referenced_works":["https://openalex.org/W205609712","https://openalex.org/W1984487609","https://openalex.org/W2121513440","https://openalex.org/W2740279154","https://openalex.org/W2765843494","https://openalex.org/W2789570312","https://openalex.org/W2796056969","https://openalex.org/W2889097348","https://openalex.org/W2899036005","https://openalex.org/W2955656327","https://openalex.org/W2971660263","https://openalex.org/W3028407954","https://openalex.org/W3030378309","https://openalex.org/W3030599819","https://openalex.org/W3031471692","https://openalex.org/W3103898014","https://openalex.org/W3104664309","https://openalex.org/W3106855263","https://openalex.org/W3121596715","https://openalex.org/W3137262157","https://openalex.org/W3155859537","https://openalex.org/W3156903202","https://openalex.org/W3161491624","https://openalex.org/W3162344723","https://openalex.org/W3196277935","https://openalex.org/W4221145571","https://openalex.org/W4226330898","https://openalex.org/W4226410005","https://openalex.org/W4233279977","https://openalex.org/W4233410239","https://openalex.org/W4253731935","https://openalex.org/W4288057734","https://openalex.org/W4288057810","https://openalex.org/W4308562555","https://openalex.org/W4308562592","https://openalex.org/W4312875384","https://openalex.org/W4360948905","https://openalex.org/W4380982237","https://openalex.org/W4383898619","https://openalex.org/W4384808064","https://openalex.org/W4384948741","https://openalex.org/W4385080312","https://openalex.org/W4385080331","https://openalex.org/W4385208592","https://openalex.org/W4385288180","https://openalex.org/W4385485201","https://openalex.org/W4386977908","https://openalex.org/W4388675555","https://openalex.org/W4388858722","https://openalex.org/W4388954771","https://openalex.org/W4388955103","https://openalex.org/W4389162688","https://openalex.org/W4389544232","https://openalex.org/W4391724819"],"related_works":["https://openalex.org/W2899084033","https://openalex.org/W2767550285","https://openalex.org/W2620085874","https://openalex.org/W2064496565","https://openalex.org/W2327847502","https://openalex.org/W1575661125","https://openalex.org/W4309070544","https://openalex.org/W4389778395","https://openalex.org/W169337936","https://openalex.org/W2049056888"],"abstract_inverted_index":{"Software":[0],"Supply":[1],"Chain":[2],"Security":[3],"(SSC)":[4],"involves":[5],"numerous":[6],"stakeholders,":[7],"processes":[8],"and":[9,30,36,45,64,85,94,121,158,170,184,194],"tools":[10],"that":[11,133],"work":[12],"together":[13],"to":[14,89,112,127,155,172,186],"deliver":[15],"a":[16,165],"software":[17,181],"product.":[18],"A":[19],"vulnerability":[20],"in":[21,110,139,148],"one":[22],"element":[23],"can":[24],"cascade":[25],"through":[26],"the":[27,42,46,76,122,129,134,141],"entire":[28],"system":[29],"potentially":[31],"affect":[32],"thousands":[33],"of":[34,38,124,168,190],"dependents":[35],"millions":[37],"end":[39],"users.":[40],"Despite":[41],"SSC's":[43],"importance":[44],"increasing":[47],"awareness":[48],"around":[49],"its":[50],"security,":[51],"existing":[52],"research":[53],"mainly":[54,74],"focuses":[55],"on":[56],"either":[57],"technical":[58],"aspects,":[59],"exploring":[60],"various":[61,125],"attack":[62],"vectors":[63],"their":[65,117,174],"mitigation,":[66],"or":[67],"it":[68],"empirically":[69],"studies":[70],"developers'":[71],"challenges,":[72,120],"but":[73,144,176],"within":[75],"open":[77],"source":[78],"context.":[79],"To":[80],"better":[81],"develop":[82],"supportive":[83],"tooling":[84],"education,":[86],"we":[87],"need":[88],"understand":[90],"how":[91],"developers":[92,107,135],"consider":[93],"mitigate":[95],"supply":[96,142],"chain":[97],"security":[98,151,157],"challenges.":[99],"We":[100,131],"conducted":[101],"18":[102],"semi-structured":[103],"interviews":[104],"with":[105],"experienced":[106],"actively":[108],"working":[109],"industry":[111],"gather":[113],"in-depth":[114],"insights":[115],"into":[116],"experiences,":[118],"encountered":[119],"effectiveness":[123],"strategies":[126],"secure":[128,173,180],"SSC.":[130],"find":[132],"are":[136],"generally":[137],"interested":[138],"securing":[140],"chain,":[143],"encounter":[145],"many":[146],"obstacles":[147],"implementing":[149],"effective":[150],"measures,":[152],"both":[153],"specific":[154,192],"SSC":[156,191],"for":[159],"general":[160,179],"security.":[161],"Developers":[162],"also":[163],"mention":[164],"wide":[166],"set":[167],"approaches":[169],"methods":[171],"projects,":[175],"mostly":[177,188],"report":[178],"engineering":[182],"methodologies":[183],"seem":[185],"be":[187],"unaware":[189],"threats":[193],"mitigations.":[195]},"counts_by_year":[{"year":2025,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}