{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T03:30:18Z","timestamp":1781062218329,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":53,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,10,10]],"date-time":"2022-10-10T00:00:00Z","timestamp":1665360000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Nanyang Technological University (NTU)-DESAY SV Research Program","award":["2018-0980"],"award-info":[{"award-number":["2018-0980"]}]},{"name":"Key Research Program of the Ministry of Science and Technology of China?","award":["2018YFF0215901"],"award-info":[{"award-number":["2018YFF0215901"]}]},{"name":"the program of China Scholarships Council","award":["202006210393"],"award-info":[{"award-number":["202006210393"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,10,10]]},"DOI":"10.1145\/3551349.3560432","type":"proceedings-article","created":{"date-parts":[[2023,1,5]],"date-time":"2023-01-05T20:43:54Z","timestamp":1672951434000},"page":"1-12","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":37,"title":["Towards Understanding Third-party Library Dependency in C\/C++ Ecosystem"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8866-7074","authenticated-orcid":false,"given":"Wei","family":"Tang","sequence":"first","affiliation":[{"name":"Tsinghua University, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8390-7518","authenticated-orcid":false,"given":"Zhengzi","family":"Xu","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1175-2753","authenticated-orcid":false,"given":"Chengwei","family":"Liu","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6758-4635","authenticated-orcid":false,"given":"Jiahui","family":"Wu","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4562-8208","authenticated-orcid":false,"given":"Shouguo","family":"Yang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yi","family":"Li","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7300-9215","authenticated-orcid":false,"given":"Ping","family":"Luo","sequence":"additional","affiliation":[{"name":"Tsinghua University, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yang","family":"Liu","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2023,1,5]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2022. APT Package Manager. https:\/\/en.wikipedia.org\/wiki\/APT_(software). (Accessed on 05\/05\/2022)."},{"key":"e_1_3_2_1_2_1","unstructured":"2022. Automation for updating third party libraries for Firefox. https:\/\/github.com\/mozillaservices\/updatebot. (Accessed on 04\/04\/2022)."},{"key":"e_1_3_2_1_3_1","unstructured":"2022. C\/C++ Package Manager. https:\/\/conan.io. (Accessed on 04\/04\/2022)."},{"key":"e_1_3_2_1_4_1","unstructured":"2022. CMake command: find-library. https:\/\/cmake.org\/cmake\/help\/latest\/command\/find_library.html. (Accessed on 05\/05\/2022)."},{"key":"e_1_3_2_1_5_1","unstructured":"2022. The code repository of CCScanner. https:\/\/anonymous.4open.science\/r\/ccscanner-7491\/. (Accessed on 05\/05\/2022)."},{"key":"e_1_3_2_1_6_1","unstructured":"2022. Debian Mirrors. https:\/\/www.debian.org\/mirror\/list. (Accessed on 05\/05\/2022)."},{"key":"e_1_3_2_1_7_1","unstructured":"2022. dependency-check \u2013 File Type Analyzers. https:\/\/jeremylong.github.io\/DependencyCheck\/analyzers\/index.html. (Accessed on 04\/04\/2022)."},{"key":"e_1_3_2_1_8_1","unstructured":"2022. DevOps - Wikipedia. https:\/\/en.wikipedia.org\/wiki\/DevOps. (Accessed on 05\/05\/2022)."},{"key":"e_1_3_2_1_9_1","unstructured":"2022. docs - chromium\/src.git - Git at Google. https:\/\/chromium.googlesource.com\/chromium\/src.git\/+\/master\/docs. (Accessed on 04\/04\/2022)."},{"key":"e_1_3_2_1_10_1","unstructured":"2022. An Eigen-based light-weight C++ Interface to Nonlinear Programming Solvers. https:\/\/github.com\/ethz-adrl\/ifopt. (Accessed on 04\/04\/2022)."},{"key":"e_1_3_2_1_11_1","unstructured":"2022. Files \u00b7 debian\/master \u00b7 Debian Multimedia Team \/ ffmpeg \u00b7 GitLab. https:\/\/salsa.debian.org\/multimedia-team\/ffmpeg\/-\/tree\/debian\/master. (Accessed on 04\/04\/2022)."},{"key":"e_1_3_2_1_12_1","unstructured":"2022. Homebrew The Missing Package Manager for macOS (or Linux). https:\/\/brew.sh. (Accessed on 05\/05\/2022)."},{"key":"e_1_3_2_1_13_1","unstructured":"2022. International Open Standard (ISO\/IEC 5962:2021) - Software Package Data Exchange (SPDX). https:\/\/spdx.dev. (Accessed on 04\/04\/2022)."},{"key":"e_1_3_2_1_14_1","unstructured":"2022. OWASP CycloneDX Software Bill of Materials (SBOM) Standard. https:\/\/cyclonedx.org. (Accessed on 04\/04\/2022)."},{"key":"e_1_3_2_1_15_1","unstructured":"2022. OWASP Dependency-Track. https:\/\/owasp.org\/www-project-dependency-track. (Accessed on 05\/05\/2022)."},{"key":"e_1_3_2_1_16_1","unstructured":"2022. rpm.org - Home. https:\/\/rpm.org. (Accessed on 04\/04\/2022)."},{"key":"e_1_3_2_1_17_1","unstructured":"2022. SBOM Software Bill of Materials. https:\/\/en.wikipedia.org\/wiki\/Software_bill_of_materials. (Accessed on 05\/05\/2022)."},{"key":"e_1_3_2_1_18_1","unstructured":"2022. Sonatype Dependency-Check. https:\/\/jeremylong.github.io\/DependencyCheck\/data\/ossindex.html. (Accessed on 05\/05\/2022)."},{"key":"e_1_3_2_1_19_1","unstructured":"2022. Windows Package Manager. https:\/\/docs.microsoft.com\/en-us\/windows\/package-manager\/. (Accessed on 05\/05\/2022)."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-021-00085-7"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-021-09951-x"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3196398.3196401"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2019.00061"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134048"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3395363.3397362"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2020.110653"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468571"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409689"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-022-10131-8"},{"key":"e_1_3_2_1_31_1","volume-title":"Dependency smells in Javascript projects","author":"Jafari Abbas\u00a0Javan","year":"2021","unstructured":"Abbas\u00a0Javan Jafari, Diego\u00a0Elias Costa, Rabe Abdalkareem, Emad Shihab, and Nikolaos Tsantalis. 2021. Dependency smells in Javascript projects. IEEE Transactions on Software Engineering(2021)."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2007.30"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-015-9393-5"},{"key":"e_1_3_2_1_34_1","volume-title":"Nufix: Escape From NuGet Dependency Maze. In 2022 International Conference on Software Engineering. https:\/\/www.microsoft.com\/en-us\/research\/publication\/nufix-escape-from-nuget-dependency-maze\/","author":"Li Zhenming","year":"2022","unstructured":"Zhenming Li, Ying Wang, Zeqi Lin, Shing-Chi Cheung, and Jian-Guang Lou. 2022. Nufix: Escape From NuGet Dependency Maze. In 2022 International Conference on Software Engineering. https:\/\/www.microsoft.com\/en-us\/research\/publication\/nufix-escape-from-nuget-dependency-maze\/"},{"key":"e_1_3_2_1_35_1","unstructured":"Chengwei Liu Sen Chen Lingling Fan Bihuan Chen Yang Liu and Xin Peng. 2022. Demystifying the Vulnerability Propagation and Its Evolution via Dependency Trees in the NPM Ecosystem. arXiv preprint arXiv:2201.03981(2022)."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133908"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2018.8330201"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3167132.3167290"},{"key":"e_1_3_2_1_39_1","unstructured":"Nlohmann. 2022. Conan poject nlohmann-json. https:\/\/github.com\/nlohmann\/json. (Accessed on 07\/25\/2022)."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417232"},{"key":"e_1_3_2_1_41_1","first-page":"1","article-title":"Out of sight, out of mind? How vulnerable dependencies affect open-source projects","volume":"26","author":"Artha\u00a0Azriadi Prana Gede","year":"2021","unstructured":"Gede Artha\u00a0Azriadi Prana, Abhishek Sharma, Lwin\u00a0Khin Shar, Darius Foo, Andrew\u00a0E Santosa, Asankhaya Sharma, and David Lo. 2021. Out of sight, out of mind? How vulnerable dependencies affect open-source projects. Empirical Software Engineering 26, 4 (2021), 1\u201334.","journal-title":"Empirical Software Engineering"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME46990.2020.00014"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00022"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380426"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236056"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00068"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3057767"},{"key":"e_1_3_2_1_48_1","unstructured":"Wireshark. 2022. CMake Project . https:\/\/github.com\/wireshark\/wireshark. (Accessed on 07\/25\/2022)."},{"key":"e_1_3_2_1_49_1","volume-title":"CENTRIS: A Precise and Scalable Approach for Identifying Modified Open-Source Software Reuse. In 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE). IEEE, 860\u2013872","author":"Woo Seunghoon","year":"2021","unstructured":"Seunghoon Woo, Sunghan Park, Seulbae Kim, Heejo Lee, and Hakjoo Oh. 2021. CENTRIS: A Precise and Scalable Approach for Identifying Modified Open-Source Software Reuse. In 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE). IEEE, 860\u2013872."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.18293\/SEKE2015-009"},{"key":"e_1_3_2_1_51_1","volume-title":"Modx: Binary Level Partial Imported Third-Party Library Detection through Program Modularization and Semantic Matching. arXiv preprint arXiv:2204.08237(2022).","author":"Yang Can","year":"2022","unstructured":"Can Yang, Zhengzi Xu, Hongxu Chen, Yang Liu, Xiaorui Gong, and Baoxu Liu. 2022. Modx: Binary Level Partial Imported Third-Party Library Detection through Program Modularization and Semantic Matching. arXiv preprint arXiv:2204.08237(2022)."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"crossref","unstructured":"Ahmed Zerouali Tom Mens Alexandre Decan and Coen De\u00a0Roover. 2021. On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency Networks. arXiv preprint arXiv:2106.06747(2021).","DOI":"10.1007\/s10664-022-10154-1"},{"key":"e_1_3_2_1_53_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Zimmermann Markus","year":"2019","unstructured":"Markus Zimmermann, Cristian-Alexandru Staicu, Cam Tenny, and Michael Pradel. 2019. Small world with high risks: A study of security threats in the npm ecosystem. In 28th USENIX Security Symposium (USENIX Security 19). 995\u20131010."}],"event":{"name":"ASE '22: 37th IEEE\/ACM International Conference on Automated Software Engineering","location":"Rochester MI USA","acronym":"ASE '22"},"container-title":["Proceedings of the 37th IEEE\/ACM International Conference on Automated Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3551349.3560432","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3551349.3560432","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T07:59:42Z","timestamp":1755849582000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3551349.3560432"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,10]]},"references-count":53,"alternative-id":["10.1145\/3551349.3560432","10.1145\/3551349"],"URL":"https:\/\/doi.org\/10.1145\/3551349.3560432","relation":{},"subject":[],"published":{"date-parts":[[2022,10,10]]},"assertion":[{"value":"2023-01-05","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}