{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,10]],"date-time":"2026-07-10T16:35:38Z","timestamp":1783701338468,"version":"3.55.0"},"publisher-location":"Cham","reference-count":25,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032120885","type":"print"},{"value":"9783032120892","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,11,20]],"date-time":"2025-11-20T00:00:00Z","timestamp":1763596800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,11,20]],"date-time":"2025-11-20T00:00:00Z","timestamp":1763596800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-12089-2_16","type":"book-chapter","created":{"date-parts":[[2025,11,19]],"date-time":"2025-11-19T04:15:32Z","timestamp":1763525732000},"page":"253-268","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Policy-Driven Software Bill of\u00a0Materials on\u00a0GitHub: An Empirical Study"],"prefix":"10.1007","author":[{"given":"Oleksii","family":"Novikov","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Davide","family":"Fucci","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Oleksandr","family":"Adamov","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Daniel","family":"Mendez","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2025,11,20]]},"reference":[{"key":"16_CR1","doi-asserted-by":"crossref","unstructured":"Feng, S.,\u00a0Lubis, M.: Defense-in-depth security strategy in LOG4J vulnerability analysis. In: 2022 International Conference Advancement in Data Science, E-learning and Information Systems (ICADEIS), pp. 01\u201304. IEEE (2022)","DOI":"10.1109\/ICADEIS56544.2022.10037384"},{"key":"16_CR2","unstructured":"Wolff, E.D., GroWlEy, K.M., Lerner, M.O., Welling, M.B., Gruden, M.G., et\u00a0al.: Navigating the SolarWinds supply chain attack. Procurement Lawyer 56(2), 3 (2021)"},{"key":"16_CR3","doi-asserted-by":"crossref","unstructured":"Arvanitis, I., Ntousakis, G., Ioannidis, S., Vasilakis, N.: A systematic analysis of the event-stream incident. In: Proceedings of the 15th European Workshop on Systems Security, pp. 22\u201328 (2022)","DOI":"10.1145\/3517208.3523753"},{"key":"16_CR4","doi-asserted-by":"crossref","unstructured":"Everson, D., Cheng, L., Zhang, Z.: Log4shell: redefining the web attack surface. In: Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) 2022 (2022)","DOI":"10.14722\/madweb.2022.23010"},{"issue":"2","key":"16_CR5","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1109\/MSEC.2023.3237100","volume":"21","author":"N Zahan","year":"2023","unstructured":"Zahan, N., Lin, E., Tamanna, M., Enck, W., Williams, L.: Software bills of materials are required. Are we there yet? IEEE Secur. Priv. 21(2), 82\u201388 (2023)","journal-title":"IEEE Secur. Priv."},{"key":"16_CR6","doi-asserted-by":"crossref","unstructured":"Hendrick, S., Zemlin, J.: The state of software bill of materials (SBOM) and cybersecurity readiness. Tech. Rep, The Linux Foundation (2022)","DOI":"10.70828\/RYTL5793"},{"key":"16_CR7","doi-asserted-by":"crossref","unstructured":"Kloeg, B., Ding, A.Y., Pellegrom, S., Zhauniarovich, Y.: Charting the path to SBOM adoption: a business stakeholder-centric approach. In: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, pp. 1770\u20131783 (2024)","DOI":"10.1145\/3634737.3637659"},{"key":"16_CR8","doi-asserted-by":"crossref","unstructured":"Stalnaker, T., Wintersgill, N., Chaparro, O., Di Penta, M., German, D.M., Poshyvanyk, D.: Boms away! inside the minds of stakeholders: a comprehensive study of bills of materials for software systems. In: Proceedings of the 46th IEEE\/ACM International Conference on Software Engineering, pp. 1\u201313 (2024)","DOI":"10.1145\/3597503.3623347"},{"key":"16_CR9","doi-asserted-by":"crossref","unstructured":"Xia, B., Bi, T., Xing, Z., Lu, Q., Zhu, L.: An empirical study on software bill of materials: where we stand and the road ahead arXiv (2023)","DOI":"10.1109\/ICSE48619.2023.00219"},{"issue":"6","key":"16_CR10","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1109\/MSEC.2023.3315887","volume":"21","author":"S Torres-Arias","year":"2023","unstructured":"Torres-Arias, S., Geer, D., Meyers, J.S.: A viewpoint on knowing software: bill of materials quality when you see it. IEEE Secur. Priv. 21(6), 50\u201354 (2023)","journal-title":"IEEE Secur. Priv."},{"key":"16_CR11","unstructured":"Mirakhorli, M., et al.: A landscape study of open source and proprietary tools for software bill of materials (SBOM). arXiv preprint arXiv:2402.11151 (2024)"},{"key":"16_CR12","doi-asserted-by":"crossref","unstructured":"O\u2019Donoghue, E., Reinhold, A.M., Izurieta, C.: Assessing security risks of software supply chains using software bill of materials. In: 2nd International Workshop on Mining Software Repositories for Privacy and Security, MSR4P &S,(SANER 2024), Rovaniemi, Finland (2024)","DOI":"10.1109\/SANER-C62648.2024.00023"},{"key":"16_CR13","doi-asserted-by":"crossref","unstructured":"Balliu, M., et al.: Challenges of producing software bill of materials for Java. IEEE Secur. Priv. 21, 12\u201323 (2023)","DOI":"10.1109\/MSEC.2023.3302956"},{"key":"16_CR14","doi-asserted-by":"crossref","unstructured":"Yu, S., Song, W., Hu, X., Yin, H.: On the correctness of metadata-based SBOM generation: a differential analysis approach. In: 2024 54th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 29\u201336. IEEE (2024)","DOI":"10.1109\/DSN58291.2024.00018"},{"key":"16_CR15","doi-asserted-by":"crossref","unstructured":"Rabbi, M.F., Champa, A.I., Nachuma, C., Zibran, M.F.: SBOM generation tools under microscope: a focus on the NPM ecosystem. In: Proceedings of the 39th ACM\/SIGAPP Symposium on Applied Computing, pp. 1233\u20131241 (2024)","DOI":"10.1145\/3605098.3635927"},{"key":"16_CR16","doi-asserted-by":"publisher","first-page":"1537","DOI":"10.1007\/s10664-016-9438-4","volume":"22","author":"C Vendome","year":"2017","unstructured":"Vendome, C., Bavota, G., Penta, M.D., Linares-V\u00e1squez, M., German, D., Poshyvanyk, D.: License usage and changes: a large-scale study on GitHub. Empir. Softw. Eng. 22, 1537\u20131577 (2017)","journal-title":"Empir. Softw. Eng."},{"key":"16_CR17","unstructured":"Stewart, K.,\u00a0Rhodes, M.: Types of software bill of materials (SBOM). https:\/\/web.archive.org\/web\/20240907164647\/https:\/\/www.cisa.gov\/sites\/default\/files\/2023-04\/sbom-types-document-508c.pdf"},{"key":"16_CR18","doi-asserted-by":"crossref","unstructured":"Nocera, S.,\u00a0Romano, S.,\u00a0Di\u00a0Penta, M.,\u00a0Francese, R.,\u00a0Scanniello, G.: Software bill of materials adoption: a mining study from Github. In: 2023 IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 39\u201349. IEEE (2023)","DOI":"10.1109\/ICSME58846.2023.00016"},{"key":"16_CR19","doi-asserted-by":"crossref","unstructured":"Soeiro, L.,\u00a0Robert, T.,\u00a0Zacchiroli, S.: Wild SBOMS: a large-scale dataset of software bills of materials from public code (2025). https:\/\/arxiv.org\/abs\/2503.15021","DOI":"10.1109\/MSR66628.2025.00036"},{"key":"16_CR20","doi-asserted-by":"crossref","unstructured":"Hassan, A.E.: Mining software repositories to assist developers and support managers. In: 2006 22nd IEEE International Conference on Software Maintenance, pp. 339\u2013342. IEEE (2006)","DOI":"10.1109\/ICSM.2006.38"},{"key":"16_CR21","unstructured":"Taherdoost, H.: Determining sample size; how to calculate survey sample size. Int. J. Econ. Manage. Syst. 2 (2017)"},{"key":"16_CR22","doi-asserted-by":"crossref","unstructured":"Bi, T.,\u00a0Xia, B.,\u00a0Xing, Z.,\u00a0Lu, Q.,\u00a0Zhu, L.: On the way to SBOMs: investigating design issues and solutions in practice. ACM Trans. Softw. Eng. Methodol. 33, 1\u201325 (2024)","DOI":"10.1145\/3654442"},{"key":"16_CR23","unstructured":"Imtiaz, N.,\u00a0Williams, L.: Memory error detection in security testing (2021)"},{"key":"16_CR24","doi-asserted-by":"crossref","unstructured":"Cruz, D.B., Almeida, J.R., Oliveira, J.L.: Open source solutions for vulnerability assessment: a comparative analysis. IEEE Access 11, 100234\u2013100255 (2023)","DOI":"10.1109\/ACCESS.2023.3315595"},{"issue":"1","key":"16_CR25","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3518994","volume":"32","author":"S Xu","year":"2023","unstructured":"Xu, S., Gao, Y., Fan, L., Liu, Z., Liu, Y., Ji, H.: LIDetector: license incompatibility detection for open source software. ACM Trans. Softw. Eng. Methodol. 32(1), 1\u201328 (2023)","journal-title":"ACM Trans. Softw. Eng. Methodol."}],"container-title":["Lecture Notes in Computer Science","Product-Focused Software Process Improvement"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-12089-2_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,19]],"date-time":"2025-11-19T04:15:36Z","timestamp":1763525736000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-12089-2_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,20]]},"ISBN":["9783032120885","9783032120892"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-12089-2_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,11,20]]},"assertion":[{"value":"20 November 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PROFES","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Product-Focused Software Process Improvement","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Salerno","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 December 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 December 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"profes2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/conf.researchr.org\/home\/profes-2025","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}