{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T10:14:12Z","timestamp":1772532852207,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":22,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,9,12]],"date-time":"2022-09-12T00:00:00Z","timestamp":1662940800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"UKRI","award":["EP\/V00784X\/1"],"award-info":[{"award-number":["EP\/V00784X\/1"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,9,12]]},"DOI":"10.1145\/3503229.3547061","type":"proceedings-article","created":{"date-parts":[[2022,8,25]],"date-time":"2022-08-25T22:15:43Z","timestamp":1661465743000},"page":"110-116","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["Trust challenges in reusing open source software"],"prefix":"10.1145","author":[{"given":"Javad","family":"Ghofrani","sequence":"first","affiliation":[{"name":"University of L\u00fcbeck, L\u00fcbeck, Germany"}]},{"given":"Paria","family":"Heravi","sequence":"additional","affiliation":[{"name":"University of Guilan, Rasht, Iran"}]},{"given":"Kambiz A.","family":"Babaei","sequence":"additional","affiliation":[{"name":"University of Guilan, Rasht, Iran"}]},{"given":"Mohammad D.","family":"Soorati","sequence":"additional","affiliation":[{"name":"University of Southampton, Southampton, UK"}]}],"member":"320","published-online":{"date-parts":[[2022,9,12]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2017.4451227"},{"key":"e_1_3_2_1_2_1","volume-title":"Learning Groovy 3","author":"Davis Adam L","unstructured":"Adam L Davis. 2019. Gradle. In Learning Groovy 3. Springer, 105--114."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2018.00050"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/234528.234531"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-22888-0_13"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2020.110653"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3196398.3196454"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3183399.3183417"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/130844.130856"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9521-5"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00607-020-00833-6"},{"key":"e_1_3_2_1_12_1","unstructured":"Frederic P Miller Agnes F Vandome and John McBrewster. 2010. Apache Maven. Alpha Press."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2597073.2597123"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.5555\/998675.999433"},{"key":"e_1_3_2_1_15_1","volume-title":"Pro Apache Ant","author":"Moodie Matthew","unstructured":"Matthew Moodie. 2006. Pro Apache Ant. Apress."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3239235.3268920"},{"key":"e_1_3_2_1_17_1","volume-title":"Antonino Sabetta, and Fabio Massacci.","author":"Pashchenko Ivan","year":"2020","unstructured":"Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta, and Fabio Massacci. 2020. Vuln4real: A methodology for counting actually vulnerable dependencies. IEEE Transactions on Software Engineering (2020)."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2018.00054"},{"key":"e_1_3_2_1_19_1","first-page":"1","article-title":"Out of sight, out of mind? How vulnerable dependencies affect open-source projects","volume":"26","author":"Azriadi Prana Gede Artha","year":"2021","unstructured":"Gede Artha Azriadi Prana, Abhishek Sharma, Lwin Khin Shar, Darius Foo, Andrew E Santosa, Asankhaya Sharma, and David Lo. 2021. Out of sight, out of mind? How vulnerable dependencies affect open-source projects. Empirical Software Engineering 26, 4 (2021), 1--34.","journal-title":"Empirical Software Engineering"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2993248"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833686"},{"key":"e_1_3_2_1_22_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Zimmermann Markus","year":"2019","unstructured":"Markus Zimmermann, Cristian-Alexandru Staicu, Cam Tenny, and Michael Pradel. 2019. Small world with high risks: A study of security threats in the npm ecosystem. In 28th USENIX Security Symposium (USENIX Security 19). 995--1010."}],"event":{"name":"SPLC '22: 26th ACM International Systems and Software Product Line Conference","location":"Graz Austria","acronym":"SPLC '22","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 26th ACM International Systems and Software Product Line Conference - Volume B"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3503229.3547061","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3503229.3547061","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:50Z","timestamp":1750188650000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3503229.3547061"}},"subtitle":["an interview-based initial study"],"short-title":[],"issued":{"date-parts":[[2022,9,12]]},"references-count":22,"alternative-id":["10.1145\/3503229.3547061","10.1145\/3503229"],"URL":"https:\/\/doi.org\/10.1145\/3503229.3547061","relation":{},"subject":[],"published":{"date-parts":[[2022,9,12]]},"assertion":[{"value":"2022-09-12","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}