{"id":"https://openalex.org/W4412703916","doi":"https://doi.org/10.1145/3696630.3728525","title":"Drop the Golden Apples: Identifying Third-Party Reuse by DB-Less Software Composition Analysis","display_name":"Drop the Golden Apples: Identifying Third-Party Reuse by DB-Less Software Composition Analysis","publication_year":2025,"publication_date":"2025-06-23","ids":{"openalex":"https://openalex.org/W4412703916","doi":"https://doi.org/10.1145/3696630.3728525"},"language":"en","primary_location":{"id":"doi:10.1145/3696630.3728525","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696630.3728525","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696630.3728525","source":null,"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3696630.3728525","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5047814742","display_name":"Lyuye Zhang","orcid":"https://orcid.org/0000-0003-3087-9645"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Lyuye Zhang","raw_affiliation_strings":["College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0003-3087-9645","affiliations":[{"raw_affiliation_string":"College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100319564","display_name":"Chengwei Liu","orcid":"https://orcid.org/0000-0003-1175-2753"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Chengwei Liu","raw_affiliation_strings":["College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0003-1175-2753","affiliations":[{"raw_affiliation_string":"College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100636729","display_name":"Jiahui Wu","orcid":"https://orcid.org/0000-0001-6758-4635"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Jiahui Wu","raw_affiliation_strings":["College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0001-6758-4635","affiliations":[{"raw_affiliation_string":"College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014913156","display_name":"Shuguang ZHANG","orcid":null},"institutions":[{"id":"https://openalex.org/I162868743","display_name":"Tianjin University","ror":"https://ror.org/012tb2g32","country_code":"CN","type":"education","lineage":["https://openalex.org/I162868743"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shiyang Zhang","raw_affiliation_strings":["Tianjin University, Tianjin, Tianjin, China"],"raw_orcid":"https://orcid.org/0009-0004-1128-3840","affiliations":[{"raw_affiliation_string":"Tianjin University, Tianjin, Tianjin, China","institution_ids":["https://openalex.org/I162868743"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050358271","display_name":"Chengyue Liu","orcid":"https://orcid.org/0000-0001-7034-1255"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Chengyue Liu","raw_affiliation_strings":["College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0001-7034-1255","affiliations":[{"raw_affiliation_string":"College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049629263","display_name":"Zhengzi Xu","orcid":"https://orcid.org/0000-0002-8390-7518"},"institutions":[{"id":"https://openalex.org/I4210136567","display_name":"GlobalFoundries (Singapore)","ror":"https://ror.org/03whnfd14","country_code":"SG","type":"company","lineage":["https://openalex.org/I35662394","https://openalex.org/I4210136567"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Zhengzi Xu","raw_affiliation_strings":["Imperial Global Singapore, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-8390-7518","affiliations":[{"raw_affiliation_string":"Imperial Global Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I4210136567"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100658276","display_name":"Sen Chen","orcid":"https://orcid.org/0000-0001-9477-4100"},"institutions":[{"id":"https://openalex.org/I205237279","display_name":"Nankai University","ror":"https://ror.org/01y1kjr75","country_code":"CN","type":"education","lineage":["https://openalex.org/I205237279"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Sen Chen","raw_affiliation_strings":["Nankai University, Tianjin, China"],"raw_orcid":"https://orcid.org/0000-0001-9477-4100","affiliations":[{"raw_affiliation_string":"Nankai University, Tianjin, China","institution_ids":["https://openalex.org/I205237279"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100355692","display_name":"Yang Liu","orcid":"https://orcid.org/0000-0001-7300-9215"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Yang Liu","raw_affiliation_strings":["College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0001-7300-9215","affiliations":[{"raw_affiliation_string":"College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5047814742"],"corresponding_institution_ids":["https://openalex.org/I172675005"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.26263267,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"691","last_page":"695"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9735000133514404,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9674000144004822,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.7006652355194092},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6111215949058533},{"id":"https://openalex.org/keywords/composition","display_name":"Composition (language)","score":0.5867263674736023},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5839885473251343},{"id":"https://openalex.org/keywords/drop","display_name":"Drop (telecommunication)","score":0.5290113091468811},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.19954916834831238},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.17399775981903076},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.16770395636558533},{"id":"https://openalex.org/keywords/waste-management","display_name":"Waste management","score":0.11974203586578369},{"id":"https://openalex.org/keywords/art","display_name":"Art","score":0.10154810547828674}],"concepts":[{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.7006652355194092},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6111215949058533},{"id":"https://openalex.org/C40231798","wikidata":"https://www.wikidata.org/wiki/Q1333743","display_name":"Composition (language)","level":2,"score":0.5867263674736023},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5839885473251343},{"id":"https://openalex.org/C2781345722","wikidata":"https://www.wikidata.org/wiki/Q5308388","display_name":"Drop (telecommunication)","level":2,"score":0.5290113091468811},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.19954916834831238},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.17399775981903076},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.16770395636558533},{"id":"https://openalex.org/C548081761","wikidata":"https://www.wikidata.org/wiki/Q180388","display_name":"Waste management","level":1,"score":0.11974203586578369},{"id":"https://openalex.org/C142362112","wikidata":"https://www.wikidata.org/wiki/Q735","display_name":"Art","level":0,"score":0.10154810547828674},{"id":"https://openalex.org/C124952713","wikidata":"https://www.wikidata.org/wiki/Q8242","display_name":"Literature","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3696630.3728525","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696630.3728525","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696630.3728525","source":null,"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:dr.ntu.edu.sg:10356/201809","is_oa":false,"landing_page_url":"https://hdl.handle.net/10356/201809","pdf_url":null,"source":{"id":"https://openalex.org/S4306402609","display_name":"DR-NTU (Nanyang Technological University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I172675005","host_organization_name":"Nanyang Technological University","host_organization_lineage":["https://openalex.org/I172675005"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":null,"raw_type":"Conference Paper"}],"best_oa_location":{"id":"doi:10.1145/3696630.3728525","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696630.3728525","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696630.3728525","source":null,"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G6036235291","display_name":null,"funder_award_id":"NCRP25-P04-TAICeN","funder_id":"https://openalex.org/F4320320709","funder_display_name":"National Research Foundation Singapore"},{"id":"https://openalex.org/G8982717833","display_name":null,"funder_award_id":"AISG2-GC-2023-008","funder_id":"https://openalex.org/F4320320709","funder_display_name":"National Research Foundation Singapore"}],"funders":[{"id":"https://openalex.org/F4320320671","display_name":"National Research Foundation","ror":"https://ror.org/05s0g1g46"},{"id":"https://openalex.org/F4320320709","display_name":"National Research Foundation Singapore","ror":"https://ror.org/03cpyc314"},{"id":"https://openalex.org/F4320320751","display_name":"Ministry of Education - Singapore","ror":"https://ror.org/01kcva023"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4412703916.pdf","grobid_xml":"https://content.openalex.org/works/W4412703916.grobid-xml"},"referenced_works_count":9,"referenced_works":["https://openalex.org/W40327287","https://openalex.org/W2604348044","https://openalex.org/W2911282308","https://openalex.org/W2914452207","https://openalex.org/W4239652717","https://openalex.org/W4300874258","https://openalex.org/W4391136507","https://openalex.org/W4391558518","https://openalex.org/W6854692045"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2384475851","https://openalex.org/W2000444236","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109"],"abstract_inverted_index":{"The":[0],"prevalent":[1],"use":[2],"of":[3,20,32,40,54,58,64,92,97,106,112,121,128,139],"third-party":[4],"libraries":[5],"(TPLs)":[6],"in":[7,95,182],"modern":[8],"software":[9,68],"development":[10],"introduces":[11],"significant":[12],"security":[13,129],"and":[14,61,117,135,159],"compliance":[15],"risks,":[16],"necessitating":[17],"the":[18,30,38,41,52,55,62,90,103,113,119,125,137,145,175],"implementation":[19],"Software":[21],"Composition":[22],"Analysis":[23],"(SCA)":[24],"to":[25,45,75,89,109,123,131],"manage":[26],"these":[27],"threats.":[28],"However,":[29],"accuracy":[31],"SCA":[33],"tools":[34],"heavily":[35],"relies":[36],"on":[37,150,166],"quality":[39],"integrated":[42],"feature":[43,79],"database":[44,80,116],"cross-reference":[46],"with":[47],"user":[48],"projects.":[49],"While":[50],"under":[51],"circumstance":[53],"exponentially":[56],"growing":[57],"open-source":[59],"ecosystems":[60],"integration":[63],"large":[65],"models":[66],"into":[67],"development,":[69],"it":[70],"becomes":[71],"even":[72],"more":[73],"challenging":[74],"maintain":[76],"a":[77],"comprehensive":[78],"for":[81,157,163,178],"potential":[82],"TPLs.":[83],"To":[84],"this":[85],"end,":[86],"after":[87],"referring":[88],"evolution":[91],"LLM":[93],"applications":[94],"terms":[96],"external":[98],"data":[99],"interactions,":[100],"we":[101],"propose":[102],"first":[104],"framework":[105],"DB-Less":[107],"SCA,":[108],"get":[110],"rid":[111],"traditional":[114],"heavy":[115],"embrace":[118],"flexibility":[120],"LLMs":[122],"mimic":[124],"manual":[126],"analysis":[127],"analysts":[130],"retrieve":[132],"identical":[133],"evidence":[134],"confirm":[136],"identity":[138],"TPLs":[140],"by":[141],"supportive":[142],"information":[143],"from":[144],"open":[146],"Internet.":[147],"Our":[148],"experiments":[149],"two":[151],"typical":[152],"scenarios,":[153],"native":[154],"library":[155],"identification":[156],"Android":[158],"copy-based":[160],"TPL":[161],"reuse":[162],"C/C++,":[164],"especially":[165],"artifacts":[167],"that":[168,171],"are":[169],"not":[170],"underappreciated,":[172],"have":[173],"demonstrated":[174],"favorable":[176],"future":[177],"implementing":[179],"database-less":[180],"strategies":[181],"SCA.":[183]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}