{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:12:40Z","timestamp":1750219960784,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":19,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,8]],"date-time":"2022-11-08T00:00:00Z","timestamp":1667865600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,11]]},"DOI":"10.1145\/3560835.3564557","type":"proceedings-article","created":{"date-parts":[[2022,11,9]],"date-time":"2022-11-09T02:38:26Z","timestamp":1667961506000},"page":"47-49","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["On the Use of Tests for Software Supply Chain Threats"],"prefix":"10.1145","author":[{"given":"Joseph","family":"Hejderup","sequence":"first","affiliation":[{"name":"Endor Labs Inc., Palo Alto, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2022,11,8]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Taylor Armerding. 2022. Open Source News from the 2022 OSSRA Report. https:\/\/thenewstack.io\/open-source-news-from-the-2022-ossra-report\/. (2022). (Accessed on 05\/08\/2022)."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950325"},{"key":"e_1_3_2_1_3_1","unstructured":"Thomas Claburn. 2018. Check your repos... Crypto-coin-stealing code sneaks into fairly popular NPM lib (2m downloads per week). https:\/\/www.theregister. com\/2018\/11\/26\/npm_repo_bitcoin_stealer\/. (2018). (Accessed on 05\/08\/2022)."},{"key":"e_1_3_2_1_4_1","volume-title":"16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22)","author":"David Yaniv","year":"2022","unstructured":"Yaniv David, Xudong Sun, Raphael J Sofaer, Aditya Senthilnathan, Junfeng Yang, Zhiqiang Zuo, Guoqing Harry Xu, Jason Nieh, and Ronghui Gu. 2022. {UPGRADVISOR}: Early Adopting Dependency Updates Using Hybrid Program Analysis and Hardware Tracing. In 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22). 751--767."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9589-y"},{"key":"e_1_3_2_1_6_1","unstructured":"Dependabot. 2022. Automated dependency updates. https:\/\/dependabot.com\/. (2022). (Accessed on 17\/04\/2022)."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2025113.2025179"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2021.111097"},{"key":"e_1_3_2_1_9_1","unstructured":"William C Hetzel and Bill Hetzel. 1988. The complete guide to software testing. QED Information Sciences Wellesley MA."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.5555\/795671.796919"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2007.26"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115621"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2016.73"},{"volume-title":"The art of software testing","author":"Myers Glenford J","key":"e_1_3_2_1_14_1","unstructured":"Glenford J Myers, Corey Sandler, and Tom Badgett. 2011. The art of software testing. John Wiley & Sons."},{"key":"e_1_3_2_1_15_1","volume-title":"Hybrid Multi-level Crossover for Unit Test Case Generation. In International Symposium on Search Based Software Engineering. Springer, 72--86","author":"Olsthoorn Mitchell","year":"2021","unstructured":"Mitchell Olsthoorn, Pouria Derakhshanfar, and Annibale Panichella. 2021. Hybrid Multi-level Crossover for Unit Test Case Generation. In International Symposium on Search Based Software Engineering. Springer, 72--86."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"crossref","unstructured":"Renovate. 2022. Automated dependency management. https:\/\/renovatebot.com\/. (2022). (Accessed on 26\/07\/2022).","DOI":"10.12968\/S2514-9768(23)90310-8"},{"key":"e_1_3_2_1_17_1","unstructured":"Kostya Serebryany. 2017. {OSS-Fuzz}-Google's continuous fuzzing service for open source software. (2017)."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236062"},{"volume-title":"How to Break Software: A Practical Guide to Testing with Cdrom","author":"Whittaker James A","key":"e_1_3_2_1_19_1","unstructured":"James A Whittaker. 2002. How to Break Software: A Practical Guide to Testing with Cdrom. Addison-Wesley Longman Publishing Co., Inc"}],"event":{"name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Los Angeles CA USA","acronym":"CCS '22"},"container-title":["Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3560835.3564557","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3560835.3564557","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:49:09Z","timestamp":1750182549000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3560835.3564557"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,8]]},"references-count":19,"alternative-id":["10.1145\/3560835.3564557","10.1145\/3560835"],"URL":"https:\/\/doi.org\/10.1145\/3560835.3564557","relation":{},"subject":[],"published":{"date-parts":[[2022,11,8]]},"assertion":[{"value":"2022-11-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}