{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T02:36:41Z","timestamp":1773110201869,"version":"3.50.1"},"reference-count":17,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,4,7]],"date-time":"2025-04-07T00:00:00Z","timestamp":1743984000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,4,7]],"date-time":"2025-04-07T00:00:00Z","timestamp":1743984000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,4,7]]},"DOI":"10.1109\/syscon64521.2025.11014830","type":"proceedings-article","created":{"date-parts":[[2025,5,30]],"date-time":"2025-05-30T17:43:30Z","timestamp":1748627010000},"page":"1-8","source":"Crossref","is-referenced-by-count":2,"title":["Supply Chain Risk Analysis Via SBOM Data Enrichment"],"prefix":"10.1109","author":[{"given":"Antoine","family":"Lemay","sequence":"first","affiliation":[{"name":"Hitachi Energy Research,Montreal,Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Neeraj","family":"Katiyar","sequence":"additional","affiliation":[{"name":"Hitachi Energy Research,Montreal,Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","article-title":"National Cyber Security Centre","volume-title":"Log4j vulnerability what everyone needs to know","year":"2021"},{"key":"ref2","article-title":"A pernicious potpourri of Python packages in PyPI","author":"L\u00e9veill\u00e9","year":"2023","journal-title":"ESET Research"},{"key":"ref3","article-title":"Wikipedia","volume-title":"XZ Utils backdoor","year":"2024"},{"key":"ref4","article-title":"SBOMs 101: What You Need to Know","author":"Muro","year":"2022","journal-title":"DevOps.com"},{"key":"ref5","article-title":"The Linux Foundation Projects","year":"2023","journal-title":"System Package Data Exchange (SPDX\u00ae)"},{"key":"ref6","volume-title":"International Standards Organization","year":"2020"},{"key":"ref7","doi-asserted-by":"crossref","DOI":"10.6028\/NIST.IR.8397","volume-title":"Guidelines on Minimum Standards for Developer Verification of Software","author":"Black","year":"2021"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00219"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3623347"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1038\/s41746-021-00403-w"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.2172\/1901825"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-50815-8_3"},{"key":"ref13","article-title":"A Landscape Study of Open Source and Proprietary Tools for Software Bill of Materials (SBOM)","author":"Mirakhorli","year":"2024","journal-title":"arXiv preprint"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.55859\/ijiss.1455039"},{"key":"ref15","article-title":"Oversecured","volume-title":"Introducing MavenGate: a supply chain attack method for Java and Android applications","year":"2024"},{"key":"ref16","volume-title":"gomzyakov\/achievements","author":"Gomzyakov","year":"2024"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2021.106740"}],"event":{"name":"2025 IEEE International systems Conference (SysCon)","location":"Montreal, QC, Canada","start":{"date-parts":[[2025,4,7]]},"end":{"date-parts":[[2025,4,10]]}},"container-title":["2025 IEEE International systems Conference (SysCon)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11014641\/11014642\/11014830.pdf?arnumber=11014830","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,31]],"date-time":"2025-05-31T04:47:39Z","timestamp":1748666859000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11014830\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,7]]},"references-count":17,"URL":"https:\/\/doi.org\/10.1109\/syscon64521.2025.11014830","relation":{},"subject":[],"published":{"date-parts":[[2025,4,7]]}}}