{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T02:21:35Z","timestamp":1773195695867,"version":"3.50.1"},"reference-count":27,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,12,8]]},"DOI":"10.1109\/acsacw69556.2025.00031","type":"proceedings-article","created":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T19:56:13Z","timestamp":1773086173000},"page":"242-247","source":"Crossref","is-referenced-by-count":0,"title":["The SBOM Transparency v. Exposure Dilemma: A Case Study on Adversarial Access to Public SBOMs in Healthcare"],"prefix":"10.1109","author":[{"given":"Jiarou","family":"Deng","sequence":"first","affiliation":[{"name":"Johns Hopkins University,Baltimore,MD,USA"}]},{"given":"Yang","family":"Yang","sequence":"additional","affiliation":[{"name":"Johns Hopkins University,Baltimore,MD,USA"}]},{"given":"Michael","family":"Rushanan","sequence":"additional","affiliation":[{"name":"Harbor Labs,Pikesville,MD,USA"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions","author":"Food","year":"2025"},{"key":"ref2","article-title":"Consolidated Appropriations Act, 2023","author":"Congress","year":"2022"},{"key":"ref3","article-title":"National Institute of Standards and Technology (NIST)","volume-title":"Cve-2014-0224: Openssl changecipherspec injection vulnerability","year":"2014"},{"key":"ref4","volume-title":"Openssl-ccs-inject-test","year":"2014"},{"key":"ref5","volume-title":"Cybersecurity Safety Communications and Other Alerts","year":"2025"},{"key":"ref6","volume-title":"SweynTooth Cybersecurity Vulnerabilities May Affect Certain Medical Devices","year":"2020"},{"key":"ref7","volume-title":"Urgent\/11 Cybersecurity Vulnerabilities May Introduce Risks During Use of Certain Medical Devices","year":"2019"},{"key":"ref8","volume-title":"Top routinely exploited vulnerabilities. CISA Cybersecurity Advisory AA21-229A","year":"2021"},{"key":"ref9","volume-title":"Rockwell automation multiple products. CISA ICS Advisory ICSA-22-067-01","year":"2022"},{"key":"ref10","volume-title":"Apache releases log4j version 2.15.0 to address critical rce vulnerability under exploitation. CISA Alert","year":"2021"},{"key":"ref11","article-title":"Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)","year":"2021"},{"key":"ref12","article-title":"ECMA-424: CycloneDX Bill of materials specification","author":"International","year":"2024"},{"key":"ref13","article-title":"Information technology \u2014 SPDX Specification V2.2.1, ISO\/IEC JTC 1 Std. ISO\/IEC 5962:2021","volume-title":"standard adopted under the JTC 1 PAS procedure and prepared by the Joint Development Foundation as SPDX\u00ae Specification V2.2.1","year":"2021"},{"key":"ref14","article-title":"Information technology \u2014 IT asset management \u2014 Part 2: Software identification tag, ISO\/IEC JTC 1 Std. ISO\/IEC 19770-2:2015","volume-title":"standard defining the structure and use of Software Identification (SWID) tags","year":"2015"},{"key":"ref15","volume-title":"Cyclonedx conan plugin. SBOM generation plugin for Conan-based C\/C++ projects","year":"2023"},{"key":"ref16","article-title":"Syft: Cli tool and library for generating sboms from container images and filesystems","volume-title":"Supports multiple formats including CycloneDX and SPDX","year":"2024"},{"key":"ref17","article-title":"Dependency-Track","author":"Foundation"},{"key":"ref18","volume-title":"CycloneDX VEX: Vulnerability Exploitability eXchange","year":"2023"},{"key":"ref19","article-title":"Semantic versioning 2.0.0","author":"Preston-Werner","year":"2025"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2025.240322"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/msec.2023.3302956"},{"key":"ref22","article-title":"The impact of sbom generators on vulnerability assessment in python: A comparison and a novel approach","author":"Benedetti","year":"2024"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom63139.2024.00077"},{"key":"ref24","article-title":"Pocgen: Generating proof-of-concept exploits for vulnerabilities in npm packages","author":"Simsek","year":"2025"},{"key":"ref25","article-title":"Llm agents can autonomously exploit one-day vulnerabilities","author":"Fang","year":"2024"},{"key":"ref26","article-title":"Cve-bench: A benchmark for ai agents\u2019 ability to exploit real-world web application vulnerabilities","author":"Zhu","year":"2025"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/sp.2014.40"}],"event":{"name":"2025 Annual Computer Security Applications Conference Workshops (ACSAC Workshops)","location":"Honolulu, HI, USA","start":{"date-parts":[[2025,12,8]]},"end":{"date-parts":[[2025,12,9]]}},"container-title":["2025 Annual Computer Security Applications Conference Workshops (ACSAC Workshops)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11417955\/11417996\/11418046.pdf?arnumber=11418046","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T05:34:57Z","timestamp":1773120897000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11418046\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,8]]},"references-count":27,"URL":"https:\/\/doi.org\/10.1109\/acsacw69556.2025.00031","relation":{},"subject":[],"published":{"date-parts":[[2025,12,8]]}}}