{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T03:28:14Z","timestamp":1781062094214,"version":"3.54.1"},"reference-count":15,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"6","license":[{"start":{"date-parts":[[2023,11,1]],"date-time":"2023-11-01T00:00:00Z","timestamp":1698796800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2023,11,1]],"date-time":"2023-11-01T00:00:00Z","timestamp":1698796800000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2023,11,1]],"date-time":"2023-11-01T00:00:00Z","timestamp":1698796800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2023,11,1]],"date-time":"2023-11-01T00:00:00Z","timestamp":1698796800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["2207008"],"award-info":[{"award-number":["2207008"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Secur. Privacy"],"published-print":{"date-parts":[[2023,11]]},"DOI":"10.1109\/msec.2023.3279773","type":"journal-article","created":{"date-parts":[[2023,6,26]],"date-time":"2023-06-26T18:57:01Z","timestamp":1687805821000},"page":"76-88","source":"Crossref","is-referenced-by-count":13,"title":["OpenSSF Scorecard: On the Path Toward Ecosystem-Wide Automated Security Metrics"],"prefix":"10.1109","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2738-4118","authenticated-orcid":false,"given":"Nusrat","family":"Zahan","sequence":"first","affiliation":[{"name":"Computer Science Department, North Carolina State University, Raleigh, NC, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Parth","family":"Kanakiya","sequence":"additional","affiliation":[{"name":"Software Developer, Amazon, Seattle, WA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Brian","family":"Hambleton","sequence":"additional","affiliation":[{"name":"Computer Science Department, North Carolina State University, Raleigh, NC, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0252-5084","authenticated-orcid":false,"given":"Shohanuzzaman","family":"Shohan","sequence":"additional","affiliation":[{"name":"Eli Lilly, New York, NY, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3300-6540","authenticated-orcid":false,"given":"Laurie","family":"Williams","sequence":"additional","affiliation":[{"name":"Secure Computing Institute, North Carolina State University, Raleigh, NC, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"700 average increase in open source supply chain attacks","year":"2022"},{"key":"ref2","volume-title":"Secure software development framework, version 1.1","author":"Souppaya","year":"2022"},{"key":"ref3","volume-title":"Open Web Application Security Project","year":"2020"},{"key":"ref4","volume-title":"OpenSSF","year":"2021"},{"key":"ref5","volume-title":"Google","year":"2021"},{"key":"ref6","volume-title":"Executive order on improving the nations cybersecurity","year":"2021"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3510457.3513044"},{"key":"ref8","volume-title":"PyPI","year":"2022"},{"key":"ref9","volume-title":"OSI","year":"2022"},{"key":"ref10","article-title":"Phantom artifacts and code review coverage in dependency updates","author":"Imtiaz","year":"2022"},{"key":"ref11","volume-title":"The GitHub branches","year":"2022"},{"key":"ref12","volume-title":"10 GitHub security best practices","year":"2023"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/sp46214.2022.9833686"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24224"},{"key":"ref15","volume-title":"Vulnerable GitHub actions workflows","author":"Dotam","year":"2023"}],"container-title":["IEEE Security & Privacy"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielam\/8013\/10315765\/10163720-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8013\/10315765\/10163720.pdf?arnumber=10163720","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,1]],"date-time":"2024-03-01T11:53:55Z","timestamp":1709294035000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10163720\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11]]},"references-count":15,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.1109\/msec.2023.3279773","relation":{},"ISSN":["1540-7993","1558-4046"],"issn-type":[{"value":"1540-7993","type":"print"},{"value":"1558-4046","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,11]]}}}