{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,14]],"date-time":"2026-02-14T10:24:08Z","timestamp":1771064648831,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":11,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,10,30]],"date-time":"2020-10-30T00:00:00Z","timestamp":1604016000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100007601","name":"Horizon 2020","doi-asserted-by":"publisher","award":["830929, 675320,830892"],"award-info":[{"award-number":["830929, 675320,830892"]}],"id":[{"id":"10.13039\/501100007601","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,10,30]]},"DOI":"10.1145\/3372297.3420015","type":"proceedings-article","created":{"date-parts":[[2021,3,4]],"date-time":"2021-03-04T16:22:09Z","timestamp":1614874929000},"page":"2093-2095","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":45,"title":["Towards Using Source Code Repositories to Identify Software Supply Chain Attacks"],"prefix":"10.1145","author":[{"given":"Duc Ly","family":"Vu","sequence":"first","affiliation":[{"name":"University of Trento, Trento, Italy"}]},{"given":"Ivan","family":"Pashchenko","sequence":"additional","affiliation":[{"name":"University of Trento, Trento, Italy"}]},{"given":"Fabio","family":"Massacci","sequence":"additional","affiliation":[{"name":"University of Trento & Vrije Universiteit Amsterdam, Trento, Italy"}]},{"given":"Henrik","family":"Plate","sequence":"additional","affiliation":[{"name":"SAP Security Research, Sophia-Antipolis, France"}]},{"given":"Antonino","family":"Sabetta","sequence":"additional","affiliation":[{"name":"SAP Security Research, Sophia-Antipolis, France"}]}],"member":"320","published-online":{"date-parts":[[2020,11,2]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"R. Duan O. Alrawi R.P. Kasturi R. Elder B. Saltaformaggio and W. Lee. 2020. Measuring and preventing supply chain attacks on package managers. arXiv (2020).  R. Duan O. Alrawi R.P. Kasturi R. Elder B. Saltaformaggio and W. Lee. 2020. Measuring and preventing supply chain attacks on package managers. arXiv (2020)."},{"key":"e_1_3_2_1_2_1","volume-title":"Proc. of ICSENIER'19","author":"Garrett K","unstructured":"K Garrett , G. Ferreira , L. Jia , J. Sunshine , and C. K\u00e4stner . 2019. Detecting suspicious package updates . In Proc. of ICSENIER'19 . K Garrett, G. Ferreira, L. Jia, J. Sunshine, and C. K\u00e4stner. 2019. Detecting suspicious package updates. In Proc. of ICSENIER'19."},{"key":"e_1_3_2_1_3_1","unstructured":"T. Herr J. Lee W. Loomis and S. Scott. 2020. Breaking Trust: Shades of Crisis Across an Insecure Software Supply Chain. https:\/\/www.atlanticcouncil.org\/in-depth-researchreports\/report\/breaking-trust-shades-of-crisis-across-aninsecure-software-supply-chain\/.  T. Herr J. Lee W. Loomis and S. Scott. 2020. Breaking Trust: Shades of Crisis Across an Insecure Software Supply Chain. https:\/\/www.atlanticcouncil.org\/in-depth-researchreports\/report\/breaking-trust-shades-of-crisis-across-aninsecure-software-supply-chain\/."},{"key":"e_1_3_2_1_4_1","first-page":"08","article-title":"hugovk\/top-pypi-packages","volume":"2020","author":"Kemenade H.V.","year":"2020","unstructured":"H.V. Kemenade . 2020 . hugovk\/top-pypi-packages : Release 2020 . 08 . https:\/\/doi.org\/10.5281\/zenodo.3969444 10.5281\/zenodo.3969444 H.V. Kemenade. 2020. hugovk\/top-pypi-packages: Release 2020.08. https:\/\/doi.org\/10.5281\/zenodo.3969444","journal-title":"Release"},{"key":"e_1_3_2_1_5_1","volume-title":"PSA: There is a fake version of this package on PyPI with malicious code. https:\/\/github.com\/dateutil\/dateutil\/issues\/984.","year":"2019","unstructured":"Lutoma. 2019 . PSA: There is a fake version of this package on PyPI with malicious code. https:\/\/github.com\/dateutil\/dateutil\/issues\/984. Lutoma. 2019. PSA: There is a fake version of this package on PyPI with malicious code. https:\/\/github.com\/dateutil\/dateutil\/issues\/984."},{"key":"e_1_3_2_1_6_1","unstructured":"Tomislav Maljic. 2020. Mining for malicious Ruby gems Typosquatting barrage on RubyGem software repository users. https:\/\/blog.reversinglabs.com\/blog\/mining-for-malicious-ruby-gems.  Tomislav Maljic. 2020. Mining for malicious Ruby gems Typosquatting barrage on RubyGem software repository users. https:\/\/blog.reversinglabs.com\/blog\/mining-for-malicious-ruby-gems."},{"key":"e_1_3_2_1_7_1","volume-title":"Proc. of DIMVA'20","author":"Ohm M.","unstructured":"M. Ohm , H. Plate , A. Sykosch , and M. Meier . 2020. Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks . In Proc. of DIMVA'20 . M. Ohm, H. Plate, A. Sykosch, and M. Meier. 2020. Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks. In Proc. of DIMVA'20."},{"key":"e_1_3_2_1_8_1","volume-title":"Proc. of ARES'2020","author":"Ohm M.","unstructured":"M. Ohm , A. Sykosch , and M. Meier . 2020. Towards detection of software supply chain attacks by forensic artifacts . In Proc. of ARES'2020 . M. Ohm, A. Sykosch, and M. Meier. 2020. Towards detection of software supply chain attacks by forensic artifacts. In Proc. of ARES'2020."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"crossref","unstructured":"M. Taylor R.K. Vaidya D. Davidson L. D. Carli and V. Rastogi. 2020. SpellBound: Defending Against Package Typosquatting. arXiv (2020).  M. Taylor R.K. Vaidya D. Davidson L. D. Carli and V. Rastogi. 2020. SpellBound: Defending Against Package Typosquatting. arXiv (2020).","DOI":"10.1007\/978-3-030-65745-1_7"},{"key":"e_1_3_2_1_10_1","unstructured":"R.K. Vaidya L. D. Carli D. Davidson and V. Rastogi. 2019. Security issues in language-based sofware ecosystems. arXiv (2019).  R.K. Vaidya L. D. Carli D. Davidson and V. Rastogi. 2019. Security issues in language-based sofware ecosystems. arXiv (2019)."},{"key":"e_1_3_2_1_11_1","volume-title":"Proc. of EuroS&PW'20","author":"Vu D.L.","unstructured":"D.L. Vu , I. Pashchenko , F. Massacci , H. Plate , and A. Sabetta . 2020. Typosquatting and Combosquatting Attacks on the Python Ecosystem . In Proc. of EuroS&PW'20 . D.L. Vu, I. Pashchenko, F. Massacci, H. Plate, and A. Sabetta. 2020. Typosquatting and Combosquatting Attacks on the Python Ecosystem. In Proc. of EuroS&PW'20."}],"event":{"name":"CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event USA","acronym":"CCS '20","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3372297.3420015","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3372297.3420015","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:01:32Z","timestamp":1750197692000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3372297.3420015"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,10,30]]},"references-count":11,"alternative-id":["10.1145\/3372297.3420015","10.1145\/3372297"],"URL":"https:\/\/doi.org\/10.1145\/3372297.3420015","relation":{},"subject":[],"published":{"date-parts":[[2020,10,30]]},"assertion":[{"value":"2020-11-02","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}