{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T22:11:05Z","timestamp":1771279865146,"version":"3.50.1"},"reference-count":107,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T00:00:00Z","timestamp":1769904000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T00:00:00Z","timestamp":1769904000000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T00:00:00Z","timestamp":1769904000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T00:00:00Z","timestamp":1769904000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"NSF","award":["1845446"],"award-info":[{"award-number":["1845446"]}]},{"name":"NSF","award":["1929701"],"award-info":[{"award-number":["1929701"]}]},{"name":"ONR","award":["N00014-22-1-2057"],"award-info":[{"award-number":["N00014-22-1-2057"]}]},{"name":"CCI-PE6GLBAE"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IIEEE Trans. Software Eng."],"published-print":{"date-parts":[[2026,2]]},"DOI":"10.1109\/tse.2025.3632765","type":"journal-article","created":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T18:49:13Z","timestamp":1763146153000},"page":"509-526","source":"Crossref","is-referenced-by-count":0,"title":["How Can ChatGPT Support Human Security Testers to Help Mitigate Supply Chain Attacks?"],"prefix":"10.1109","volume":"52","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2770-9189","authenticated-orcid":false,"given":"Ying","family":"Zhang","sequence":"first","affiliation":[{"name":"Department of Computer Science, Wake Forest University, Winston-Salem, NC, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-9597-3587","authenticated-orcid":false,"given":"Wenjia","family":"Song","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Virginia Tech, Blacksburg, VA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-0900-6456","authenticated-orcid":false,"given":"Zhengjie","family":"Ji","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Virginia Tech, Blacksburg, VA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8969-2792","authenticated-orcid":false,"given":"Danfeng","family":"Yao","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Virginia Tech, Blacksburg, VA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0230-5524","authenticated-orcid":false,"given":"Na","family":"Meng","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Virginia Tech, Blacksburg, VA, USA"}]}],"member":"263","reference":[{"key":"ref1","article-title":"GitHub - nearform \/ gammaray: Node.js vulnerability scanner","year":"2025"},{"key":"ref2","article-title":"OWASP Dependency-Check","year":"2025"},{"key":"ref3","article-title":"Snyk vulnerability database","year":"2025"},{"key":"ref4","article-title":"Supply chain attacks on open source software grew 650% in 2021","year":"2025"},{"key":"ref5","article-title":"Supply chain attacks show why you should be wary of third-party providers","year":"2025"},{"key":"ref6","article-title":"Log4Shell a year on","year":"2025"},{"key":"ref7","article-title":"About Dependabot alerts","year":"2025"},{"key":"ref8","article-title":"Alibaba \/ fastjson","year":"2025"},{"key":"ref9","article-title":"American fuzzy lop","year":"2025"},{"key":"ref10","article-title":"apache \/ commons-io","year":"2025"},{"key":"ref11","article-title":"apache \/ cxf","year":"2025"},{"key":"ref12","article-title":"apache \/ httpcomponents-client","year":"2025"},{"key":"ref13","article-title":"Apache Tika","year":"2023"},{"key":"ref14","article-title":"Snyk fix: Automatic vulnerability remediation from the Snyk CLI","year":"2025"},{"key":"ref15","article-title":"Codec","year":"2023"},{"key":"ref16","article-title":"Commons compress \u2013 Overview","year":"2023"},{"key":"ref17","article-title":"CVE-2020-28052 detail","year":"2023"},{"key":"ref18","article-title":"Dom4j","year":"2025"},{"key":"ref19","article-title":"FasterXML \/ jackson-databind","year":"2025"},{"key":"ref20","article-title":"FasterXML \/ jackson-dataformats-binary","year":"2025"},{"key":"ref21","article-title":"FasterXML \/ jackson-modules-java8","year":"2025"},{"key":"ref22","article-title":"GitHub security advisories","year":"2025"},{"key":"ref23","article-title":"haraldk \/ TwelveMonkeys","year":"2025"},{"key":"ref24","article-title":"How ChatGPT actually works?","year":"2025"},{"key":"ref25","article-title":"Inside ChatGPT\u2019s brain: Large language models","year":"2025"},{"key":"ref26","article-title":"junrar \/ junrar","year":"2025"},{"key":"ref27","article-title":"Mockito","year":"2025"},{"key":"ref28","article-title":"netplex \/ json-smart-v1","year":"2025"},{"key":"ref29","article-title":"netplex \/ json-smart-v2","year":"2025"},{"key":"ref30","article-title":"npm-audit","year":"2025"},{"key":"ref31","article-title":"OpenRefine","year":"2025"},{"key":"ref32","article-title":"OSS-Fuzz","year":"2025"},{"key":"ref33","article-title":"OWASP \/ json-sanitizer","year":"2025"},{"key":"ref34","article-title":"OWASP top ten","year":"2025"},{"key":"ref35","article-title":"Plexus archiver component","year":"2025"},{"key":"ref36","article-title":"Retire.js","year":"2025"},{"key":"ref37","article-title":"sonatype-nexus-community \/ auditjs: Audits an NPM package.json file to identify known vulnerabilities","year":"2025"},{"key":"ref38","article-title":"spring-projects \/ spring-data-commons","year":"2025"},{"key":"ref39","article-title":"spring-projects \/ spring-security","year":"2025"},{"key":"ref40","article-title":"srikanth-lingala \/ zip4j","year":"2025"},{"key":"ref41","article-title":"stleary \/ JSON-java","year":"2025"},{"key":"ref42","article-title":"Test - Snyk user docs","year":"2025"},{"key":"ref43","article-title":"The legion of the Bouncy Castle","year":"2025"},{"key":"ref44","article-title":"What is fuzz testing and how does it work? \u2014 Synopsys","year":"2025"},{"key":"ref45","article-title":"xerial \/ snappy-java","year":"2025"},{"key":"ref46","article-title":"XStream","year":"2025"},{"key":"ref47","article-title":"ZT zip","year":"2025"},{"key":"ref48","article-title":"soarsmu\/transfer","year":"2025"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-79379-1_6"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/2560217.2560219"},{"key":"ref51","article-title":"The National Vulnerability Database (Nvd): Overview","author":"Booth","year":"2013"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.17"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.31"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2022.3147265"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2022.3156637"},{"key":"ref56","article-title":"Revolutionizing the field of grey-box attack surface testing with evolutionary fuzzing","volume-title":"Proc. Black Hat DEFCON","author":"Demott","year":"2007"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1007\/s40264-024-01499-1"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/2025113.2025179"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3549098"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2005.1553574"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-NIER.2019.00012"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/2090147.2094081"},{"key":"ref63","article-title":"Seam-contextual components","volume-title":"A Framework Java EE","author":"Hat","year":"2025"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC52881.2021.00046"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/ICSTW58534.2023.00078"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev53368.2022.00027"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534398"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115707"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/3560835.3564548"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00085"},{"key":"ref71","article-title":"AmpleGCG: Learning a universal and transferable generative model of adversarial suffixes for jailbreaking both open and closed LLMs","author":"Liao","year":"2024"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1145\/3293882.3330577"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786811"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66399-9_13"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1109\/IWAST.2009.5069042"},{"key":"ref76","article-title":"CWE TOP 25 Most Dangerous Software Errors","author":"Martin","year":"2025"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-99241-9_3"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180201"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2024.24556"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.23919\/DATE54114.2022.9774672"},{"key":"ref81","article-title":"Probabilistic reasoning in generative large language models","author":"Nafar","year":"2024"},{"key":"ref82","article-title":"Comparing software developers with ChatGPT: An empirical investigation","author":"Nascimento","year":"2023"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427658"},{"key":"ref84","article-title":"The end of an era: Can AI subsume software developers? Evaluating ChatGPT and copilot capabilities using LeetCode problems","author":"Nikolaidis","year":"2025"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1145\/3697010"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833571"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09830-x"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2019.00064"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345659"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1145\/3524613.3527806"},{"key":"ref91","article-title":"Do anything now\u2019: Characterizing and evaluating in-the-wild jailbreak prompts on large language models","author":"Shen","year":"2023"},{"key":"ref92","doi-asserted-by":"crossref","DOI":"10.1109\/APR59189.2023.00012","article-title":"An analysis of the automatic bug fixing performance of ChatGPT","author":"Sobania","year":"2023"},{"key":"ref93","volume-title":"Fuzzing for Software Security Testing and Quality Assurance","volume":"2","author":"Takanen","year":"2017"},{"key":"ref94","article-title":"Is ChatGPT the ultimate programming assistant \u2013 How far is it?","author":"Tian","year":"2023"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3420015"},{"key":"ref96","article-title":"Common Vulnerabilities and Exposures (CVE)","year":"1999"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00095"},{"key":"ref98","first-page":"1547","article-title":"Fuzz4All: Universal fuzzing with large language models","volume-title":"Proc. IEEE\/ACM 46th Int. Conf. Softw. Eng. (ICSE)","author":"Xia","year":"2024"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2012.24"},{"key":"ref100","article-title":"An llm can fool itself: A prompt-based adversarial attack","author":"Xu","year":"2023"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2018.2874648"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2007.4317620"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2023.3308897"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2022.3150302"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1145\/3524610.3527749"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v38i19.30185"},{"key":"ref107","article-title":"Universal and transferable adversarial attacks on aligned language models","author":"Zou","year":"2023"}],"container-title":["IEEE Transactions on Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielam\/32\/11395383\/11247924-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/32\/11395383\/11247924.pdf?arnumber=11247924","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T21:06:46Z","timestamp":1771276006000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11247924\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2]]},"references-count":107,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/tse.2025.3632765","relation":{},"ISSN":["0098-5589","1939-3520","2326-3881"],"issn-type":[{"value":"0098-5589","type":"print"},{"value":"1939-3520","type":"electronic"},{"value":"2326-3881","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2]]}}}