{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,3]],"date-time":"2026-02-03T16:43:36Z","timestamp":1770137016010,"version":"3.49.0"},"reference-count":27,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T00:00:00Z","timestamp":1763078400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T00:00:00Z","timestamp":1763078400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,11,14]]},"DOI":"10.1109\/trustcom66490.2025.00275","type":"proceedings-article","created":{"date-parts":[[2026,2,2]],"date-time":"2026-02-02T20:42:41Z","timestamp":1770064961000},"page":"2363-2372","source":"Crossref","is-referenced-by-count":0,"title":["Towards System-of-Systems Bill of Material Solution for Vulnerability Operational Impact Analysis"],"prefix":"10.1109","author":[{"given":"Lucas","family":"Tesson","sequence":"first","affiliation":[{"name":"Thales Land and Air Systems, BL IAS"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jamal","family":"El Hachem","sequence":"additional","affiliation":[{"name":"IRISA – UMR 6074, Univ. Bretagne-Sud,Vannes,France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Patrice","family":"Guillou","sequence":"additional","affiliation":[{"name":"Thales Land and Air Systems, BL IAS"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"J\u00e9r\u00e9my","family":"Buisson","sequence":"additional","affiliation":[{"name":"CRéA – École de l’Air et de l’Espace,Salon de Provence,France"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","article-title":"State of the Software Supply Chain","year":"2023"},{"key":"ref2","article-title":"Supply-chain Levels for Software Artifacts v1.0","year":"2023"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09830-x"},{"key":"ref4","article-title":"Software Bill of Materials (SBOM)","year":"2023"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/SVM66695.2025.00010"},{"key":"ref6","article-title":"Software as a Service Bill of Materials (SaaSBOM)","year":"2023"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-021-10071-9"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.55"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.5555\/646153.679523"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/236337.236371"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-31646-4_5"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/SOSE55356.2022.00011"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/SOSE55356.2022.00010"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-66326-0_1"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3661167.3661212"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2019.110484"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3643991.3644897"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1002\/(SICI)1520-6858(1998)1:4<267::AID-SYS3>3.0.CO;2-D"},{"key":"ref19","article-title":"Software Bill of Materials in Software Supply Chain Security A Systematic Literature Review","author":"O\u2019Donoghue","year":"2025"},{"key":"ref20","article-title":"A Landscape Study of Open Source and Proprietary Tools for Software Bill of Materials (SBOM)","author":"Mirakhorli","year":"2024"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2018.00067"},{"key":"ref22","article-title":"Fine-grained analysis of software supply chains","author":"Hejderup","year":"2024"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/QRS.2016.29"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/APSEC48747.2019.00056"},{"key":"ref25","article-title":"Two decades of secure software development","author":"Poll","year":"2025"},{"key":"ref26","article-title":"TTP-Based Hunting","author":"Roma","year":"2020"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1016\/j.heliyon.2024.e26317"}],"event":{"name":"2025 IEEE 24th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","location":"Guiyang, China","start":{"date-parts":[[2025,11,14]]},"end":{"date-parts":[[2025,11,17]]}},"container-title":["2025 IEEE 24th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11354467\/11354567\/11354575.pdf?arnumber=11354575","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,3]],"date-time":"2026-02-03T06:15:29Z","timestamp":1770099329000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11354575\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,14]]},"references-count":27,"URL":"https:\/\/doi.org\/10.1109\/trustcom66490.2025.00275","relation":{},"subject":[],"published":{"date-parts":[[2025,11,14]]}}}