{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T16:33:59Z","timestamp":1781109239779,"version":"3.54.1"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032200174","type":"print"},{"value":"9783032200181","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-20018-1_8","type":"book-chapter","created":{"date-parts":[[2026,5,17]],"date-time":"2026-05-17T22:09:16Z","timestamp":1779055756000},"page":"139-156","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Vexed by\u00a0VEX Tools: Consistency Evaluation of\u00a0Container Vulnerability Scanners"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-0657-095X","authenticated-orcid":false,"given":"Yekatierina","family":"Churakova","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3922-9606","authenticated-orcid":false,"given":"Mathias","family":"Ekstedt","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3600-6899","authenticated-orcid":false,"given":"Larissa","family":"Schmid","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2026,5,1]]},"reference":[{"key":"8_CR1","unstructured":"Melara, M.S., Bowman, M.: What is software supply chain security? (2022)"},{"key":"8_CR2","unstructured":"CISA. Software bill of materials (sbom) (2018)"},{"key":"8_CR3","unstructured":"Vulnerability-exploitability exchange (vex) \u2013 an overview (2021)"},{"key":"8_CR4","doi-asserted-by":"publisher","unstructured":"Koskinen, M., Mikkonen, T., Abrahamsson, P.: Containers in software development: a systematic mapping study. In: PFranch, X., M\u00e4nnist\u00f6, T., Mart\u00ednez-Fern\u00e1ndez, S. (eds.) PROFES 2019. LNCS, vol. 11915, pp. 176\u2013191. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-35333-9_13","DOI":"10.1007\/978-3-030-35333-9_13"},{"key":"8_CR5","unstructured":"OWASP. Docker-security (2025). https:\/\/github.com\/OWASP\/Docker-Security"},{"key":"8_CR6","doi-asserted-by":"crossref","unstructured":"Mounesan, M., Siadati, H., Jafarikhah, S.: Exploring the threat of software supply chain attacks on containerized applications. In: 2023 16th International Conference on Security of Information and Networks (SIN) (2023)","DOI":"10.1109\/SIN60469.2023.10474901"},{"key":"8_CR7","unstructured":"CISA. Minimum requirements for vulnerability exploitability exchange (vex) (2023)"},{"key":"8_CR8","doi-asserted-by":"crossref","unstructured":"O\u2019Donoghue, E., Boles, B., Izurieta, C., Reinhold, A.M.: Impacts of software bill of materials (sbom) generation on vulnerability detection. In: SCORED 2024 (2024)","DOI":"10.1145\/3689944.3696164"},{"key":"8_CR9","first-page":"241","volume":"7","author":"P Jaccard","year":"1901","unstructured":"Jaccard, P.: Distribution de la flore alpine dans le bassin des dranses et dans quelques r\u2019egions voisines. Bulletin de la Soci\u2019et\u2019e vaudoise des sciences naturelles 7, 241\u2013272 (1901)","journal-title":"Bulletin de la Soci\u2019et\u2019e vaudoise des sciences naturelles"},{"issue":"4","key":"8_CR10","doi-asserted-by":"publisher","first-page":"327","DOI":"10.1037\/0033-295X.84.4.327","volume":"84","author":"A Tversky","year":"1977","unstructured":"Tversky, A.: Features of similarity. Psychol. Rev. 84(4), 327 (1977)","journal-title":"Psychol. Rev."},{"key":"8_CR11","doi-asserted-by":"crossref","unstructured":"Cofano, S., Benedetti, G., Dell\u2019Amico, M.: Sbom generation tools in the Python ecosystem: an in-detail analysis. In: 2024 IEEE TrustCom) (2024)","DOI":"10.1109\/TrustCom63139.2024.00077"},{"key":"8_CR12","doi-asserted-by":"crossref","unstructured":"Yu, S., Song, W., Hu, X., Yin, H.: On the correctness of metadata-based sbom generation: a differential analysis approach. In: 2024 54th Annual IEEE\/IFIP DSN) (2024)","DOI":"10.1109\/DSN58291.2024.00018"},{"key":"8_CR13","doi-asserted-by":"crossref","unstructured":"Balliu, M., et al.: Challenges of producing software bill of materials for Java. IEEE Securi. Priv. 21 (2023)","DOI":"10.1109\/MSEC.2023.3302956"},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"Halbritter, A., Merli, D.: Accuracy evaluation of sbom tools for web applications and system-level software. In: Proceedings of the 19th International Conference ARS (2024)","DOI":"10.1145\/3664476.3670926"},{"key":"8_CR15","unstructured":"Ozkan, C., Zou, X., Singelee, D.: Supply chain insecurity: the lack of integrity protection in sbom solutions (2024)"},{"key":"8_CR16","doi-asserted-by":"crossref","unstructured":"Benedetti, G., Cofano, S., Brighente, A., Conti, M.: The impact of sbom generators on vulnerability assessment in python: a comparison and a novel approach. Appl. Cryptogr. Netw. Secur. (2025)","DOI":"10.1007\/978-3-031-95764-2_19"},{"key":"8_CR17","unstructured":"Mirakhorli, M., et al.: A landscape study of open source and proprietary tools for software bill of materials (sbom) (2024)"},{"key":"8_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"487","DOI":"10.1007\/978-3-031-95764-2_19","volume-title":"Applied Cryptography and Network Security - ACNS 2025","author":"G Benedetti","year":"2025","unstructured":"Benedetti, G., Cofano, S., Brighente, A., Conti, M.: The impact of sbom generators on vulnerability assessment in python: a comparison and a novel approach. In: Fischlin, M., Moonsamy, V. (eds.) Applied Cryptography and Network Security - ACNS 2025. Lecture Notes in Computer Science, vol. 15826, pp. 487\u2013509. Springer, Cham (2025). https:\/\/doi.org\/10.1007\/978-3-031-95764-2_19"},{"key":"8_CR19","unstructured":"NIST. The minimum elements for a software bill of materials (sbom) (2021)"},{"key":"8_CR20","doi-asserted-by":"crossref","unstructured":"Xia, B., Bi, T., Xing, Z., Qinghua, L., Zhu, L.: An empirical study on software bill of materials: where we stand and the road ahead (2023)","DOI":"10.1109\/ICSE48619.2023.00219"},{"key":"8_CR21","doi-asserted-by":"crossref","unstructured":"Eggers, S.L., Simon, T.B., Morgan, B.R., Bauer, E.S., Christensen, D.: Towards software bill of materials in the nuclear industry, 9 (2022)","DOI":"10.2172\/1901825"},{"key":"8_CR22","unstructured":"Sheng, Yu., Song, W., Xunchao, H., Yin, H.: On the correctness of metadata-based sbom generation: a differential analysis approach (2024)"},{"key":"8_CR23","unstructured":"Dunlap, T., et al.: S3c2 summit 2023-02: Industry secure supply chain summit (2023)"},{"key":"8_CR24","unstructured":"Raihanul Haque, B.M.: An analysis of sbom in the context of software supply-chain risk management. Master\u2019s thesis, Oslo, Norway (2023)"},{"key":"8_CR25","doi-asserted-by":"crossref","unstructured":"Williams, L., Benedetti, G., Hamer, S., et\u00a0al.: . Research directions in software supply chain security. ACM TSEM (2025)","DOI":"10.1145\/3714464"},{"key":"8_CR26","doi-asserted-by":"crossref","unstructured":"Javed, O., Toor, S.: Understanding the quality of container security vulnerability detection tools (2021)","DOI":"10.1145\/3481646.3481661"},{"key":"8_CR27","doi-asserted-by":"crossref","unstructured":"Javed, O., Toor, S.: An evaluation of container security vulnerability detection tools. In: Proceedings of the 2021 5th International Conference on Cloud and Big Data Computing, New York, NY, USA (2021)","DOI":"10.1145\/3481646.3481661"},{"key":"8_CR28","doi-asserted-by":"crossref","unstructured":"O\u2019Donoghue, E., Reinhold, A.M., Izurieta, C.: Assessing security risks of software supply chains using software bill of materials. In: 2024 IEEE SANER-C (2024)","DOI":"10.1109\/SANER-C62648.2024.00023"},{"key":"8_CR29","doi-asserted-by":"crossref","unstructured":"Kalaiselvi, R., Ravisankar, S., Varun, M., Ravindran, D.: Enhancing the container image scanning tool - grype. In: 2023 2nd ICAECA (2023)","DOI":"10.1109\/ICAECA56562.2023.10200828"},{"key":"8_CR30","doi-asserted-by":"crossref","unstructured":"Dann, A., Plate, H., Hermann, B., Ponta, S.E., Bodden, E.: Identifying challenges for OSS vulnerability scanners - a study & test suite. IEEE Trans. Softw. Eng. 48(9), 3613\u20133625 (2022)","DOI":"10.1109\/TSE.2021.3101739"}],"container-title":["Lecture Notes in Computer Science","Foundations and Practice of Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-20018-1_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,17]],"date-time":"2026-05-17T22:09:22Z","timestamp":1779055762000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-20018-1_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032200174","9783032200181"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-20018-1_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"1 May 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FPS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Foundations and Practice of Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Brest","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 November 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 November 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fps2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/hub.imt-atlantique.fr\/fps2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}