{"id":"https://openalex.org/W4412704002","doi":"https://doi.org/10.1145/3696630.3734200","title":"Can the Rising Tide of Software Supply Chain Attacks Raise All Software Engineering Boats?","display_name":"Can the Rising Tide of Software Supply Chain Attacks Raise All Software Engineering Boats?","publication_year":2025,"publication_date":"2025-06-23","ids":{"openalex":"https://openalex.org/W4412704002","doi":"https://doi.org/10.1145/3696630.3734200"},"language":"en","primary_location":{"id":"doi:10.1145/3696630.3734200","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696630.3734200","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696630.3734200","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3696630.3734200","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5028171895","display_name":"Laurie Williams","orcid":"https://orcid.org/0000-0003-3300-6540"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Laurie Williams","raw_affiliation_strings":["North Carolina State University, Raleigh, NC, USA"],"raw_orcid":"https://orcid.org/0000-0003-3300-6540","affiliations":[{"raw_affiliation_string":"North Carolina State University, Raleigh, NC, USA","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042785629","display_name":"Sivana Hamer","orcid":"https://orcid.org/0009-0001-8381-1436"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sivana Hamer","raw_affiliation_strings":["North Carolina State University, Raleigh, NC, USA"],"raw_orcid":"https://orcid.org/0009-0001-8381-1436","affiliations":[{"raw_affiliation_string":"North Carolina State University, Raleigh, NC, USA","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101839591","display_name":"Nusrat Zahan","orcid":"https://orcid.org/0000-0002-2738-4118"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nusrat Zahan","raw_affiliation_strings":["North Carolina State University, Raleigh, NC, USA"],"raw_orcid":"https://orcid.org/0000-0002-2738-4118","affiliations":[{"raw_affiliation_string":"North Carolina State University, Raleigh, NC, USA","institution_ids":["https://openalex.org/I137902535"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.3589,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.89973231,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"18","last_page":"26"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9926000237464905,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9926000237464905,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9815999865531921,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11807","display_name":"Infrastructure Resilience and Vulnerability Analysis","score":0.9610999822616577,"subfield":{"id":"https://openalex.org/subfields/2205","display_name":"Civil and Structural Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.6149873733520508},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5869335532188416},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.48192906379699707},{"id":"https://openalex.org/keywords/marine-engineering","display_name":"Marine engineering","score":0.37539470195770264},{"id":"https://openalex.org/keywords/oceanography","display_name":"Oceanography","score":0.33393919467926025},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.23503157496452332},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.17818161845207214},{"id":"https://openalex.org/keywords/geology","display_name":"Geology","score":0.1694193184375763},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.12722450494766235}],"concepts":[{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.6149873733520508},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5869335532188416},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.48192906379699707},{"id":"https://openalex.org/C199104240","wikidata":"https://www.wikidata.org/wiki/Q118291","display_name":"Marine engineering","level":1,"score":0.37539470195770264},{"id":"https://openalex.org/C111368507","wikidata":"https://www.wikidata.org/wiki/Q43518","display_name":"Oceanography","level":1,"score":0.33393919467926025},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.23503157496452332},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.17818161845207214},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.1694193184375763},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.12722450494766235},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3696630.3734200","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696630.3734200","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696630.3734200","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3696630.3734200","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696630.3734200","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696630.3734200","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G5914965034","display_name":null,"funder_award_id":"2207008","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4412704002.pdf","grobid_xml":"https://content.openalex.org/works/W4412704002.grobid-xml"},"referenced_works_count":24,"referenced_works":["https://openalex.org/W2482623328","https://openalex.org/W2910341011","https://openalex.org/W2912944541","https://openalex.org/W2934464716","https://openalex.org/W4234627006","https://openalex.org/W4246788636","https://openalex.org/W4248746314","https://openalex.org/W4250691433","https://openalex.org/W4285264172","https://openalex.org/W4300721236","https://openalex.org/W4376607756","https://openalex.org/W4380982237","https://openalex.org/W4388867283","https://openalex.org/W4404515033","https://openalex.org/W4408664520","https://openalex.org/W4408664535","https://openalex.org/W6600175564","https://openalex.org/W6600577311","https://openalex.org/W6604285789","https://openalex.org/W6615517700","https://openalex.org/W6630747295","https://openalex.org/W6740129966","https://openalex.org/W6842290808","https://openalex.org/W6848049481"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Software":[0,90],"organizations":[1],"largely":[2],"did":[3],"not":[4],"anticipate":[5],"how":[6],"the":[7,86],"software":[8,38,87],"supply":[9,39,88,91],"chain":[10,40,92],"(SSC)":[11],"would":[12],"become":[13,72],"a":[14,34],"deliberate":[15],"attack":[16,75],"vector.":[17],"Attackers":[18],"have":[19,94],"moved":[20],"from":[21],"finding":[22],"and":[23,62],"exploiting":[24,85],"vulnerabilities":[25,44,71],"contributed":[26],"by":[27,84],"well-intentioned":[28],"developers,":[29],"such":[30],"as":[31],"log4j,":[32],"to":[33,64,79],"new":[35],"generation":[36],"of":[37],"attacks,":[41],"aggressively":[42],"implanting":[43],"directly":[45],"into":[46,60],"dependencies":[47],"available":[48],"in":[49],"open":[50],"source.":[51],"As":[52],"with":[53],"SolarWinds,":[54],"adversaries":[55,78],"also":[56],"find":[57],"their":[58],"way":[59],"builds":[61],"deployments":[63],"deploy":[65],"rogue":[66],"software.":[67],"Once":[68],"implanted,":[69],"these":[70],"an":[73],"efficient":[74],"vector":[76],"for":[77],"gain":[80],"leverage":[81],"at":[82],"scale":[83],"chain.":[89],"attacks":[93],"increased":[95],"exponentially":[96],"since":[97],"2020.":[98]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}