{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T04:02:16Z","timestamp":1781064136278,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":31,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,4,8]],"date-time":"2024-04-08T00:00:00Z","timestamp":1712534400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,4,8]]},"DOI":"10.1145\/3605098.3635927","type":"proceedings-article","created":{"date-parts":[[2024,5,21]],"date-time":"2024-05-21T17:59:16Z","timestamp":1716314356000},"page":"1233-1241","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":24,"title":["SBOM Generation Tools Under Microscope: A Focus on The npm Ecosystem"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3815-8925","authenticated-orcid":false,"given":"Md Fazle","family":"Rabbi","sequence":"first","affiliation":[{"name":"Idaho State University, Pocatello, United States"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-2126-6251","authenticated-orcid":false,"given":"Arifa Islam","family":"Champa","sequence":"additional","affiliation":[{"name":"Idaho State University, Pocatello, United States"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-4133-6920","authenticated-orcid":false,"given":"Costain","family":"Nachuma","sequence":"additional","affiliation":[{"name":"Idaho State University, Pocatello, United States"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-5353-5030","authenticated-orcid":false,"given":"Minhaz Fahim","family":"Zibran","sequence":"additional","affiliation":[{"name":"Idaho State University, Pocatello, United States"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,5,21]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"The top programming languages. Retrieved","year":"2023","unstructured":"2023. The top programming languages. Retrieved Sep 5, 2023 from https:\/\/octoverse.github.com\/2022\/top-programming-languages"},{"key":"e_1_3_2_1_2_1","volume-title":"Solar Winds Hack: In-Depth Analysis and Countermeasures. In 12th International Conference on Computing Communication and Networking Technologies (ICCCNT). IEEE, 1--7.","author":"Alkhadra R.","unstructured":"R. Alkhadra, J. Abuzaid, M. AlShammari, and N. Mohammad. 2021. Solar Winds Hack: In-Depth Analysis and Countermeasures. In 12th International Conference on Computing Communication and Networking Technologies (ICCCNT). IEEE, 1--7."},{"key":"e_1_3_2_1_3_1","volume-title":"27th International Conference on Software Engineering and Data Engineering. 122--127","author":"Alwad D.","unstructured":"D. Alwad, M. Panta, and M. Zibran. 2018. An Empirical Study of the Relationships between Code Readability and Software Complexity. In 27th International Conference on Software Engineering and Data Engineering. 122--127."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"crossref","unstructured":"M. Balliu B. Baudry S. Bobadilla M. Ekstedt M. Monperrus J. Ron A. Sharma G. Skoglund C. Soto-Valero and M. Wittlinger. 2023. Challenges of Producing Software Bill Of Materials for Java. arXiv preprint arXiv:2303.11102 (2023).","DOI":"10.1145\/3605770.3625207"},{"key":"e_1_3_2_1_5_1","unstructured":"Solution Brief. 2021. Executive order on improving the nation's cybersecurity. (2021)."},{"key":"e_1_3_2_1_6_1","volume-title":"An Empirical Study on the Privacy and Security Awareness of Smartphone Sensors. In 21st IEEE International Conference on Software Engineering, Management and Applications (SERA). 1--8 (to appear).","author":"Champa A.","unstructured":"A. Champa, M. Rabbi, F. Eishita, and M. Zibran. 2023. Are We Aware? An Empirical Study on the Privacy and Security Awareness of Smartphone Sensors. In 21st IEEE International Conference on Software Engineering, Management and Applications (SERA). 1--8 (to appear)."},{"key":"e_1_3_2_1_7_1","volume-title":"20th IEEE International Conference on Mining Software Repositories. 357--361","author":"Champa A.","unstructured":"A. Champa, M. Rabbi, M. Zibran, and M. Islam. 2023. Insights into Female Contributions in Open-Source Projects. In 20th IEEE International Conference on Mining Software Repositories. 357--361."},{"key":"e_1_3_2_1_8_1","volume-title":"Software bill of materials (SBOM). Retrieved","author":"Cybersecurity and Infrastructure Security Agency (CISA). 2023.","year":"2023","unstructured":"Cybersecurity and Infrastructure Security Agency (CISA). 2023. Software bill of materials (SBOM). Retrieved Sep 5, 2023 from https:\/\/www.cisa.gov\/sbom"},{"key":"e_1_3_2_1_9_1","volume-title":"A practical guide to cyclonedx. Retrieved","author":"SA.","year":"2023","unstructured":"FOSSA. 2023. A practical guide to cyclonedx. Retrieved Sep 5, 2023 from https:\/\/fossa.com\/learn\/cyclonedx#cyclonedx-vs-spdx"},{"key":"e_1_3_2_1_10_1","volume-title":"Sonatype Embraces CycloneDX Standard for Integrating Software Bills of Materials (SBOMs). Retrieved","author":"Fulton M.","year":"2023","unstructured":"M. Fulton. 2021. Sonatype Embraces CycloneDX Standard for Integrating Software Bills of Materials (SBOMs). Retrieved Sep 5, 2023 from https:\/\/www.sonatype.com\/press-releases\/sonatype-embraces-cyclonedx-standard-for-integrating-software-bills-of-materials-sboms"},{"key":"e_1_3_2_1_11_1","volume-title":"10th IEEE Intl. Workshop on Software Clones. 8--14","author":"Islam M.","unstructured":"M. Islam and M. Zibran. 2016. A Comparative Study on Vulnerabilities in Categories of Clones and Non-Cloned Code. In 10th IEEE Intl. Workshop on Software Clones. 8--14."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.4018\/IJSI.2016100103"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"crossref","unstructured":"M. Islam and M. Zibran. 2016. Towards Understanding and Exploiting Developers' Emotional Variations in Software Engineering. In SERA. 185--192.","DOI":"10.1109\/SERA.2016.7516145"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"crossref","unstructured":"M. Islam and M. Zibran. 2017. A Comparison of Dictionary Building Methods for Sentiment Analysis in Software Engineering Text. In ESEM. 478--479.","DOI":"10.1109\/ESEM.2017.67"},{"key":"e_1_3_2_1_15_1","volume-title":"25th IEEE International Conference on Software Analysis, Evolution and Reengineering. 487--491","author":"Islam M.","unstructured":"M. Islam and M. Zibran. 2018. A Comparison of Software Engineering Domain Specific Sentiment Analysis Tools. In 25th IEEE International Conference on Software Analysis, Evolution and Reengineering. 487--491."},{"key":"e_1_3_2_1_16_1","volume-title":"On the Characteristics of Buggy Code Clones: A Code Quality Perspective. In 12th IEEE Intl. Workshop on Software Clones. 23--29","author":"Islam M.","unstructured":"M. Islam and M. Zibran. 2018. On the Characteristics of Buggy Code Clones: A Code Quality Perspective. In 12th IEEE Intl. Workshop on Software Clones. 23--29."},{"key":"e_1_3_2_1_17_1","unstructured":"M. Islam and M. Zibran. 2018. Sentiment Analysis of Software Bug Related Commit Messages. In SEDE."},{"key":"e_1_3_2_1_18_1","volume-title":"Sentiment Analysis of Software Bug Related Commit Messages. In 27th Intl. Conference on Software Engineering and Data Engineering. 3--8.","author":"Islam M.","unstructured":"M. Islam and M. Zibran. 2018. Sentiment Analysis of Software Bug Related Commit Messages. In 27th Intl. Conference on Software Engineering and Data Engineering. 3--8."},{"key":"e_1_3_2_1_19_1","volume-title":"How Bugs Are Fixed: Exposing Bug-fix Patterns with Edits and Nesting Levels. In 35th ACM\/SIGAPP Symposium on Applied Computing. 1523--1531","author":"Islam M.","unstructured":"M. Islam and M. Zibran. 2020. How Bugs Are Fixed: Exposing Bug-fix Patterns with Edits and Nesting Levels. In 35th ACM\/SIGAPP Symposium on Applied Computing. 1523--1531."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3447332.3447334"},{"key":"e_1_3_2_1_21_1","volume-title":"Security Vulnerabilities in Categories of Clones and Non-Cloned Code: An Empirical Study. In 11th ACM\/IEEE Intl. Symposium on Empirical Software Engineering and Measurement. 20--29","author":"Islam M.","unstructured":"M. Islam, M. Zibran, and A. Nagpal. 2017. Security Vulnerabilities in Categories of Clones and Non-Cloned Code: An Empirical Study. In 11th ACM\/IEEE Intl. Symposium on Empirical Software Engineering and Measurement. 20--29."},{"key":"e_1_3_2_1_22_1","volume-title":"Choosing the Weapon: A Comparative Study of Security Analyzers for Android Applications. In Intl. Conference on Software Engineering, Management and Applications. 51--57","author":"Joseph R.","unstructured":"R. Joseph, M. Zibran, and F. Eishita. 2021. Choosing the Weapon: A Comparative Study of Security Analyzers for Android Applications. In Intl. Conference on Software Engineering, Management and Applications. 51--57."},{"key":"e_1_3_2_1_23_1","volume-title":"Intl. Conference on Software Engineering, Management and Applications. 39--44","author":"Murphy D.","unstructured":"D. Murphy, M. Zibran, and F. Eishita. 2021. Plugins to Detect Vulnerable Plugins: An Empirical Assessment of the Security Scanner Plugins for WordPress. In Intl. Conference on Software Engineering, Management and Applications. 39--44."},{"key":"e_1_3_2_1_24_1","volume-title":"Intl. Conference on Software Engineering, Management and Applications. 70--76","author":"Rajbhandari A.","unstructured":"A. Rajbhandari, M. Zibran, and F. Eishita. 2022. Security Versus Performance Bugs: How Bugs are Handled in the Chromium Project. In Intl. Conference on Software Engineering, Management and Applications. 70--76."},{"key":"e_1_3_2_1_25_1","volume-title":"Minimum Elements for a Software Bill of Materials (SBOM). Retrieved","author":"National Telecommunications and Information Administration (NTIA). 2023.","year":"2023","unstructured":"National Telecommunications and Information Administration (NTIA). 2023. Minimum Elements for a Software Bill of Materials (SBOM). Retrieved Sep 5, 2023 from https:\/\/www.ntia.doc.gov\/files\/ntia\/publications\/sbom_minimum_elements_report.pdf"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","unstructured":"Y. Wang. 2023. The Power of Openness-How Open Source Software is Reshaping Software Engineering and Industrial Adoption. (2023). 10.36227\/techrxiv.23896002.v1","DOI":"10.36227\/techrxiv.23896002.v1"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.2345\/0899-8205-56.3.72"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"crossref","unstructured":"B. Xia T. Bi Z. Xing Q. Lu and L. Zhu. 2023. An empirical study on software bill of materials: Where we stand and the road ahead. arXiv preprint arXiv:2301.05362 (2023).","DOI":"10.1109\/ICSE48619.2023.00219"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2023.3237100"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1049\/iet-sen.2012.0058"},{"key":"e_1_3_2_1_31_1","volume-title":"Evaluating the Conventional Wisdom in Clone Removal: A Genealogy-based Empirical Study. In 28th ACM\/SIGAPP Symposium on Applied Computing. 1123--1130","author":"Zibran M.","unstructured":"M. Zibran, R. Saha, C. Roy, and K. Schneider. 2013. Evaluating the Conventional Wisdom in Clone Removal: A Genealogy-based Empirical Study. In 28th ACM\/SIGAPP Symposium on Applied Computing. 1123--1130."}],"event":{"name":"SAC '24: 39th ACM\/SIGAPP Symposium on Applied Computing","location":"Avila Spain","acronym":"SAC '24","sponsor":["SIGAPP ACM Special Interest Group on Applied Computing"]},"container-title":["Proceedings of the 39th ACM\/SIGAPP Symposium on Applied Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3605098.3635927","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3605098.3635927","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:36:14Z","timestamp":1750178174000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3605098.3635927"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,8]]},"references-count":31,"alternative-id":["10.1145\/3605098.3635927","10.1145\/3605098"],"URL":"https:\/\/doi.org\/10.1145\/3605098.3635927","relation":{},"subject":[],"published":{"date-parts":[[2024,4,8]]},"assertion":[{"value":"2024-05-21","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}