{"id":"https://openalex.org/W4413267892","doi":"https://doi.org/10.1145/3696630.3728578","title":"Dirty-Waters: Detecting Software Supply Chain Smells","display_name":"Dirty-Waters: Detecting Software Supply Chain Smells","publication_year":2025,"publication_date":"2025-06-23","ids":{"openalex":"https://openalex.org/W4413267892","doi":"https://doi.org/10.1145/3696630.3728578"},"language":"en","primary_location":{"id":"doi:10.1145/3696630.3728578","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696630.3728578","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3696630.3728578","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Raphina Liu","orcid":"https://orcid.org/0009-0009-7681-3490"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Raphina Liu","raw_affiliation_strings":["KTH Royal Institute of Technology, Stockholm, Sweden"],"raw_orcid":"https://orcid.org/0009-0009-7681-3490","affiliations":[{"raw_affiliation_string":"KTH Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050065507","display_name":"Sofia Bobadilla","orcid":"https://orcid.org/0000-0003-3116-3278"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Sofia Bobadilla","raw_affiliation_strings":["KTH Royal Institute of Technology, Stockholm, Sweden"],"raw_orcid":"https://orcid.org/0000-0003-3116-3278","affiliations":[{"raw_affiliation_string":"KTH Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086536054","display_name":"Beno\u00eet Baudry","orcid":"https://orcid.org/0000-0002-4015-4640"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Benoit Baudry","raw_affiliation_strings":["KTH Royal Institute of Technology, Stockholm, Sweden"],"raw_orcid":"https://orcid.org/0000-0002-4015-4640","affiliations":[{"raw_affiliation_string":"KTH Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5027206285","display_name":"Martin Monperrus","orcid":"https://orcid.org/0000-0003-3505-3383"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Martin Monperrus","raw_affiliation_strings":["KTH Royal Institute of Technology, Stockholm, Sweden"],"raw_orcid":"https://orcid.org/0000-0003-3505-3383","affiliations":[{"raw_affiliation_string":"KTH Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I86987016"],"apc_list":null,"apc_paid":null,"fwci":2.9051,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.92298021,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"1045","last_page":"1049"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9878000020980835,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.986299991607666,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.7433241605758667},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5984079837799072},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5221890807151794},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.34416356682777405},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.3329027593135834},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.12733763456344604},{"id":"https://openalex.org/keywords/marketing","display_name":"Marketing","score":0.09338834881782532}],"concepts":[{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.7433241605758667},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5984079837799072},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5221890807151794},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34416356682777405},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.3329027593135834},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.12733763456344604},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.09338834881782532}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3696630.3728578","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696630.3728578","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3696630.3728578","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696630.3728578","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W2440056063","https://openalex.org/W2915997584","https://openalex.org/W3020617474","https://openalex.org/W3104802707","https://openalex.org/W3109094705","https://openalex.org/W3196126762","https://openalex.org/W3198867963","https://openalex.org/W3202114283","https://openalex.org/W4285820335","https://openalex.org/W4312497378","https://openalex.org/W4313006837","https://openalex.org/W4321383456","https://openalex.org/W4353007392","https://openalex.org/W4380352271","https://openalex.org/W4385208592","https://openalex.org/W4385687882","https://openalex.org/W4386320426","https://openalex.org/W4396802057","https://openalex.org/W4400581944","https://openalex.org/W4400680939","https://openalex.org/W4404515219","https://openalex.org/W6811284660","https://openalex.org/W6870802257"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Using":[0],"open-source":[1],"dependencies":[2],"is":[3,20,138],"essential":[4],"in":[5,15],"modern":[6],"software":[7,34,68,77,89,107],"development.":[8],"However,":[9],"this":[10,27,46],"practice":[11],"implies":[12],"significant":[13],"trust":[14],"third-party":[16,43],"code,":[17],"while":[18],"there":[19],"little":[21],"support":[22],"for":[23,87,115,123],"developers":[24,58,124],"to":[25,125],"assess":[26],"trust.":[28],"As":[29],"a":[30,84],"consequence,":[31],"attacks,":[32,37],"called":[33],"supply":[35,69,78,90,108,132],"chain":[36,79,91,109],"have":[38],"been":[39],"increasingly":[40],"occurring":[41],"through":[42],"dependencies.":[44],"In":[45],"paper,":[47],"we":[48],"target":[49],"the":[50,62,73,102,128],"problem":[51],"of":[52,61,76,104,130],"projects":[53,99],"that":[54],"use":[55],"dependencies,":[56],"where":[57],"are":[59],"unaware":[60],"potential":[63,113],"risks":[64,114],"posed":[65],"by":[66],"their":[67,131],"chain.":[70,133],"We":[71,93],"define":[72],"novel":[74,85],"concept":[75],"smell":[80],"and":[81,100,119],"present":[82],"Dirty-Waters,":[83],"tool":[86],"detecting":[88],"smells.":[92,110],"evaluate":[94],"Dirty-Waters":[95,111,137],"on":[96,127],"three":[97],"JavaScript":[98],"demonstrate":[101],"prevalence":[103],"all":[105],"proposed":[106],"reveals":[112],"previously":[116],"invisible":[117],"problems":[118],"provides":[120],"clear":[121],"indicators":[122],"act":[126],"security":[129],"A":[134],"video":[135],"demonstrating":[136],"available":[139],"at:":[140],"http://l.4open.science/dirty-waters-demo.":[141]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2025-12-22T23:10:17.713674","created_date":"2025-10-10T00:00:00"}