{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,22]],"date-time":"2026-06-22T15:53:03Z","timestamp":1782143583828,"version":"3.54.5"},"publisher-location":"New York, NY, USA","reference-count":95,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,26]],"date-time":"2023-11-26T00:00:00Z","timestamp":1700956800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Google"},{"name":"NSF","award":["2229703"],"award-info":[{"award-number":["2229703"]}]},{"name":"Cisco"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,30]]},"DOI":"10.1145\/3605770.3625214","type":"proceedings-article","created":{"date-parts":[[2023,11,23]],"date-time":"2023-11-23T11:46:12Z","timestamp":1700739972000},"page":"5-15","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":22,"title":["An Empirical Study on Using Large Language Models to Analyze Software Supply Chain Security Failures"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-9108-1514","authenticated-orcid":false,"given":"Tanmay","family":"Singla","sequence":"first","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6191-1180","authenticated-orcid":false,"given":"Dharun","family":"Anandayuvaraj","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8749-9697","authenticated-orcid":false,"given":"Kelechi G.","family":"Kalu","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2181-5527","authenticated-orcid":false,"given":"Taylor R.","family":"Schorlemmer","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2495-686X","authenticated-orcid":false,"given":"James C.","family":"Davis","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2023,11,26]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2011.36"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3560879"},{"key":"e_1_3_2_1_3_1","first-page":"1","volume-title":"Proceedings of the 37th IEEE\/ACM International Conference on Automated Software Engineering, ASE '22","author":"Anandayuvaraj D.","year":"2023","unstructured":"D. Anandayuvaraj and J. C. Davis. Reflecting on Recurring Failures in IoT Development. In Proceedings of the 37th IEEE\/ACM International Conference on Automated Software Engineering, ASE '22, pages 1--5, New York, NY, USA, Jan. 2023. Association for Computing Machinery."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SERP4IoT59158.2023.00011"},{"key":"e_1_3_2_1_5_1","volume-title":"Introducing claude. https:\/\/www.anthropic.com\/index\/introducingclaude?","year":"2023","unstructured":"Anthropic. Introducing claude. https:\/\/www.anthropic.com\/index\/introducingclaude? 2023. Accessed: 2023-07-06."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2004.2"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-57209-0_6"},{"key":"e_1_3_2_1_8_1","volume-title":"Embrace Change. addison-wesley professional","author":"Beck K.","year":"2000","unstructured":"K. Beck. Extreme Programming Explained: Embrace Change. addison-wesley professional, 2000."},{"key":"e_1_3_2_1_9_1","first-page":"125","volume-title":"Proceedings of the Recent Advances in intrusion Detection","author":"Bishop M.","year":"1999","unstructured":"M. Bishop. Vulnerabilities analysis. In Proceedings of the Recent Advances in intrusion Detection, pages 125--136. Citeseer, 1999."},{"key":"e_1_3_2_1_10_1","volume-title":"Php supply chain attack on pear. https:\/\/blog.sonarsource.com\/ php-supply-chain-attack-on-pear\/","author":"Chauchefoin T.","year":"2022","unstructured":"T. Chauchefoin. Php supply chain attack on pear. https:\/\/blog.sonarsource.com\/ php-supply-chain-attack-on-pear\/, 2022."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978395"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3417055"},{"key":"e_1_3_2_1_13_1","volume-title":"Catalog of supply chain compromises. https:\/\/github.com\/cncf\/tag-security\/tree\/main\/supply-chain-security\/ compromises","author":"CNCF Security Technical Advisory Group","year":"2023","unstructured":"CNCF Security Technical Advisory Group. Catalog of supply chain compromises. https:\/\/github.com\/cncf\/tag-security\/tree\/main\/supply-chain-security\/ compromises, 2023. GitHub repository."},{"key":"e_1_3_2_1_14_1","volume-title":"Educational and psychological measurement, 20(1):37--46","author":"Cohen J.","year":"1960","unstructured":"J. Cohen. A coefficient of agreement for nominal scales. Educational and psychological measurement, 20(1):37--46, 1960."},{"key":"e_1_3_2_1_15_1","first-page":"2023","author":"Technologies I. Cohere","year":"2023","unstructured":"I. Cohere Technologies. Cohere, 2023. Accessed: 2023-07-06.","journal-title":"Cohere"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/52.526833"},{"key":"e_1_3_2_1_17_1","volume-title":"The backdooring of wordpress. https:\/\/lwn.net\/Articles\/224997\/","year":"2007","unstructured":"Corbet. The backdooring of wordpress. https:\/\/lwn.net\/Articles\/224997\/, 2007."},{"key":"e_1_3_2_1_18_1","volume-title":"kernel.org status: hints on how to check your machine for intrusion. https:\/\/lwn.net\/Articles\/461237\/","year":"2011","unstructured":"Corbet. kernel.org status: hints on how to check your machine for intrusion. https:\/\/lwn.net\/Articles\/461237\/, 2011."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1010941.1010947"},{"key":"e_1_3_2_1_20_1","volume-title":"Defending against software supply chain attacks. Technical report","author":"Cybersecurity and Infrastructure Security Agency","year":"2021","unstructured":"Cybersecurity and Infrastructure Security Agency. Defending against software supply chain attacks. Technical report, Cybersecurity and Infrastructure Security Agency, April 2021."},{"key":"e_1_3_2_1_21_1","volume-title":"https:\/\/github. com\/advisories\/GHSA-jxf5--7x3j-8j9m","author":"Database G. A.","year":"2020","unstructured":"G. A. Database. Malicious package in load-from-cwd-or-npm. https:\/\/github. com\/advisories\/GHSA-jxf5--7x3j-8j9m, 2020."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/JVA60410.2023.00015"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2009.82"},{"key":"e_1_3_2_1_24_1","volume-title":"Evaluating and Mitigating Software Supply Chain Security Risks. Technical report","author":"Ellison R. J.","year":"2010","unstructured":"R. J. Ellison, J. B. Goodenough, C. B. Weinstock, and C. Woody. Evaluating and Mitigating Software Supply Chain Security Risks. Technical report, CarnegieMellon Univ. Pittsburgh PA Software Engineering Inst., May 2010. Section: Technical Reports."},{"key":"e_1_3_2_1_25_1","volume-title":"May","author":"Epson N.","year":"2023","unstructured":"N. Epson. From GPT-1 to GPT-4: The Evolution of Large Language Models, May 2023. Section: Artificial Intelligence Development."},{"key":"e_1_3_2_1_26_1","volume-title":"Warning: The binaries of the cli wallet were compromised for a short time. https:\/\/web.getmonero.org\/2019\/11\/19\/warning-compromised-binaries. html","year":"2019","unstructured":"ErCiccione. Warning: The binaries of the cli wallet were compromised for a short time. https:\/\/web.getmonero.org\/2019\/11\/19\/warning-compromised-binaries. html, 2019."},{"key":"e_1_3_2_1_27_1","first-page":"1","volume-title":"2nd Summit on Advances in Programming Languages (SNAPL 2017), volume 71 of Leibniz International Proceedings in Informatics (LIPIcs)","author":"Ernst M. D.","year":"2017","unstructured":"M. D. Ernst. Natural Language is a Programming Language: Applying Natural Language Processing to Software Development. In 2nd Summit on Advances in Programming Languages (SNAPL 2017), volume 71 of Leibniz International Proceedings in Informatics (LIPIcs), pages 4:1--4:14. Schloss Dagstuhl--LeibnizZentrum fuer Informatik, 2017."},{"key":"e_1_3_2_1_28_1","volume-title":"ENISA Threat Landscape","author":"European Union Agency for Cybersecurity.","year":"2021","unstructured":"European Union Agency for Cybersecurity. ENISA Threat Landscape 2021. Report\/Study, European Union Agency for Cybersecurity, Oct. 2021."},{"key":"e_1_3_2_1_29_1","volume-title":"ENISA threat landscape for supply chain attacks. Technical report","author":"European Union Agency for Cybersecurity.","year":"2021","unstructured":"European Union Agency for Cybersecurity. ENISA threat landscape for supply chain attacks. Technical report, Publications Office, LU, July 2021."},{"key":"e_1_3_2_1_30_1","volume-title":"ENISA threat landscape","author":"European Union Agency for Cybersecurity.","year":"2022","unstructured":"European Union Agency for Cybersecurity. ENISA threat landscape 2022. Technical report, Publications Office, LU, 2022."},{"issue":"10","key":"e_1_3_2_1_31_1","first-page":"133","article-title":"Inspecting software design and code","volume":"23","author":"Fagan M. E.","year":"1977","unstructured":"M. E. Fagan. Inspecting software design and code. Datamation, 23(10):133, 1977.","journal-title":"Datamation"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1147\/sj.382.0258"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064183"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2020.106321"},{"key":"e_1_3_2_1_35_1","volume-title":"Medium","author":"Gavara J. I.","year":"2023","unstructured":"J. I. Gavara. Claude vs chatgpt. Medium, 2023."},{"key":"e_1_3_2_1_36_1","volume-title":"For good measure: Counting broken links: A quant's view of software supply chain security. USENIX","author":"Geer D.","year":"2020","unstructured":"D. Geer, B. Tozer, and J. S. Meyers. For good measure: Counting broken links: A quant's view of software supply chain security. USENIX; Login, 45(4), 2020."},{"key":"e_1_3_2_1_37_1","volume-title":"our breakthrough conversation technology. https: \/\/blog.google\/technology\/ai\/lamda\/","author":"Ghahramani Z.","year":"2023","unstructured":"Z. Ghahramani. Lamda: our breakthrough conversation technology. https: \/\/blog.google\/technology\/ai\/lamda\/, 2023. Accessed: 2023-06--29."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.5555\/562741"},{"key":"e_1_3_2_1_39_1","volume-title":"What is open-source intelligence? = https:\/\/www.sans.org\/blog\/what-isopen-source-intelligence\/","author":"Gill R.","year":"2023","unstructured":"R. Gill. What is open-source intelligence? = https:\/\/www.sans.org\/blog\/what-isopen-source-intelligence\/, 2023. Accessed: 2023-06--21."},{"key":"e_1_3_2_1_40_1","unstructured":"B. Gokkaya L. Aniello and B. Halak. Software supply chain: review of attacks risk assessment strategies and security controls."},{"key":"e_1_3_2_1_41_1","volume-title":"Software supply chain security | google cloud. = https:\/\/cloud.google.com\/software-supply-chain-security\/docs\/overview","author":"Cloud Google","year":"2023","unstructured":"Google Cloud. Software supply chain security | google cloud. = https:\/\/cloud.google.com\/software-supply-chain-security\/docs\/overview, 2023."},{"key":"e_1_3_2_1_42_1","volume-title":"https:\/\/www. contextis.com\/en\/blog\/context-threat-intelligence-the-monju-incident","author":"Graham M.","year":"2014","unstructured":"M. Graham. Context threat intelligence - the monju incident. https:\/\/www. contextis.com\/en\/blog\/context-threat-intelligence-the-monju-incident, 2014."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSCI54926.2021.00190"},{"key":"e_1_3_2_1_44_1","volume-title":"Compromised npm package: event-stream. https:\/\/medium.com\/ intrinsic\/compromised-npm-package-event-stream-d47d08605502","author":"T. Hunter","year":"2018","unstructured":"T. Hunter II. Compromised npm package: event-stream. https:\/\/medium.com\/ intrinsic\/compromised-npm-package-event-stream-d47d08605502, 2018."},{"key":"e_1_3_2_1_45_1","volume-title":"IEEE Standard for Software Quality Assurance Processes. Technical report","author":"IEEE Standards Association","year":"2014","unstructured":"IEEE Standards Association. IEEE Standard for Software Quality Assurance Processes. Technical report, IEEE, 2014."},{"key":"e_1_3_2_1_46_1","volume-title":"Standard","author":"IEEE","year":"2018","unstructured":"ISO\/IEC\/IEEE 90003:2018 Software engineering - Guidelines for the application of ISO 9001:2015 to computer software. Standard, International Organization for Standardization, 2018."},{"key":"e_1_3_2_1_47_1","volume-title":"Quality management systems-requirements. Standard","author":"ISO","year":"2015","unstructured":"ISO 9001: Quality management systems-requirements. Standard, International Organization for Standardization, 2015."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.5555\/2025240"},{"key":"e_1_3_2_1_49_1","volume-title":"Shadowhammer: Malicious updates for asus laptops. https:\/\/www. kaspersky.com\/blog\/shadow-hammer-teaser\/26149\/","year":"2019","unstructured":"Kaspersky. Shadowhammer: Malicious updates for asus laptops. https:\/\/www. kaspersky.com\/blog\/shadow-hammer-teaser\/26149\/, 2019. Accessed: 2023-06--18."},{"key":"e_1_3_2_1_50_1","volume-title":"The Scrum Guide. Scrum.org","author":"Ken Schwaber J. S.","year":"2020","unstructured":"J. S. Ken Schwaber. The Scrum Guide. Scrum.org, 2020."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2020.106257"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179304"},{"key":"e_1_3_2_1_53_1","volume-title":"ACM","author":"Leveson N. G.","year":"1995","unstructured":"N. G. Leveson. Safeware: System Safety and Computers. ACM, 1995."},{"key":"e_1_3_2_1_54_1","volume-title":"Apple cleans up ios app store after first big malware attack. https:\/\/www.theregister.com\/2015\/09\/21\/xcodeghost_apple_ios_store_ malware_zapped\/","author":"Leyden J.","year":"2015","unstructured":"J. Leyden. Apple cleans up ios app store after first big malware attack. https:\/\/www.theregister.com\/2015\/09\/21\/xcodeghost_apple_ios_store_ malware_zapped\/, 2015."},{"key":"e_1_3_2_1_55_1","volume-title":"Pre-train, prompt, and predict: A systematic survey of prompting methods in natural language processing","author":"Liu P.","year":"2021","unstructured":"P. Liu, W. Yuan, J. Fu, Z. Jiang, H. Hayashi, and G. Neubig. Pre-train, prompt, and predict: A systematic survey of prompting methods in natural language processing, 2021."},{"key":"e_1_3_2_1_56_1","volume-title":"https:\/\/iq.opengenus.org\/gpt-3--5- model\/","author":"Mandour A.","year":"2023","unstructured":"A. Mandour. Gpt-3.5 model architecture. https:\/\/iq.opengenus.org\/gpt-3--5- model\/, 2023. Accessed: 2023-06--27."},{"key":"e_1_3_2_1_57_1","volume-title":"Google AI","author":"Manyika J.","year":"2023","unstructured":"J. Manyika. An overview of bard: an early experiment with generative ai. Technical report, Google AI, 2023."},{"key":"e_1_3_2_1_58_1","first-page":"21s","article-title":"The pathology of failures in iot systems","volume":"2021","author":"Melo M.","year":"2021","unstructured":"M. Melo and G. Aquino. The pathology of failures in iot systems. In Computational Science and Its Applications--ICCSA 2021: 21st International Conference, 2021.","journal-title":"Computational Science and Its Applications--ICCSA"},{"key":"e_1_3_2_1_59_1","volume-title":"National Academies Press","author":"National Research","year":"2007","unstructured":"National Research Council et al. Software for dependable systems: Sufficient evidence? National Academies Press, 2007."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382274"},{"key":"e_1_3_2_1_61_1","volume-title":"MITRE CORP MCLEAN VA","author":"Nissen C.","year":"2018","unstructured":"C. Nissen, J. E. Gronager, R. S. Metzger, and H. Rishikof. Deliver uncompromised: A strategy for supply chain security and resilience in response to the changing character of war. Technical report, MITRE CORP MCLEAN VA, 2018."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-52683-2_2"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3560835.3564556"},{"key":"e_1_3_2_1_64_1","volume-title":"Gpt best practices. https:\/\/platform.openai.com\/docs\/guides\/gpt-bestpractices","author":"AI.","year":"2023","unstructured":"OpenAI. Gpt best practices. https:\/\/platform.openai.com\/docs\/guides\/gpt-bestpractices, 2023."},{"key":"e_1_3_2_1_65_1","volume-title":"Openai platform. https:\/\/platform.openai.com\/docs\/api-reference\/chat","author":"AI.","year":"2023","unstructured":"OpenAI. Openai platform. https:\/\/platform.openai.com\/docs\/api-reference\/chat, 2023. Accessed: 2023-07-05."},{"key":"e_1_3_2_1_66_1","volume-title":"Openai platform - gpt-3.5 models. https:\/\/platform.openai.com\/docs\/ models\/gpt-3--5","author":"AI.","year":"2023","unstructured":"OpenAI. Openai platform - gpt-3.5 models. https:\/\/platform.openai.com\/docs\/ models\/gpt-3--5, 2023. Accessed: 2023-06--27."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2015.7332474"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3239235.3268920"},{"key":"e_1_3_2_1_69_1","volume-title":"UKAIS Conference","author":"Pedersen K.","year":"2010","unstructured":"K. Pedersen. Barriers for post mortem evaluations in systems development. In UKAIS Conference, Glasgow, UK. ; Conference date: 19-05--2010, 2004."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511805073"},{"key":"e_1_3_2_1_71_1","volume-title":"An important next step on our ai journey. https:\/\/blog.google\/ technology\/ai\/bard-google-ai-search-updates\/","author":"Pichai S.","year":"2023","unstructured":"S. Pichai. An important next step on our ai journey. https:\/\/blog.google\/ technology\/ai\/bard-google-ai-search-updates\/, 2023. Accessed: 2023-07-03."},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09830-x"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigData52589.2021.9671824"},{"key":"e_1_3_2_1_74_1","volume-title":"Gentoo linux security announcement. https:\/\/archives.gentoo.org\/ gentoo-announce\/message\/7b0581416ddd91522c14513cb789f17a","author":"Robbins D.","year":"2003","unstructured":"D. Robbins. Gentoo linux security announcement. https:\/\/archives.gentoo.org\/ gentoo-announce\/message\/7b0581416ddd91522c14513cb789f17a, 2003."},{"key":"e_1_3_2_1_75_1","volume-title":"European Journal of Scientific Research","author":"Sarwar I.","year":"2009","unstructured":"I. Sarwar, A. Samad, and S. Mumtaz. Object oriented software modeling using nlp based knowledge extraction. European Journal of Scientific Research, 2009."},{"key":"e_1_3_2_1_76_1","volume-title":"Introducing chatgpt. https:\/\/openai.com\/blog\/chatgpt","author":"Schulman J.","year":"2023","unstructured":"J. Schulman, B. Zoph, C. Kim, J. Hilton, J. Menick, J. Weng, J. F. C. Uribe, and L. Fedus. Introducing chatgpt. https:\/\/openai.com\/blog\/chatgpt, 2023."},{"key":"e_1_3_2_1_77_1","volume-title":"https:\/\/lists.archlinux. org\/pipermail\/aur-general\/2018-July\/034152.html","author":"Schwartz E.","year":"2018","unstructured":"E. Schwartz. [aur-general] acroread package compromised. https:\/\/lists.archlinux. org\/pipermail\/aur-general\/2018-July\/034152.html, 2018."},{"key":"e_1_3_2_1_78_1","volume-title":"Cloud Native Computing Foundation","author":"Security Technical Advisory Group","year":"2021","unstructured":"Security Technical Advisory Group. Software Supply Chain Best Practices. Technical report, Cloud Native Computing Foundation, May 2021."},{"key":"e_1_3_2_1_79_1","unstructured":"I. Sommerville. Software Engineering. Pearson Education 2015."},{"key":"e_1_3_2_1_80_1","volume-title":"State of the software supply chain. https:\/\/www.sonatype.com\/ resources\/state-of-the-software-supply-chain-2021","year":"2021","unstructured":"Sonatype. State of the software supply chain. https:\/\/www.sonatype.com\/ resources\/state-of-the-software-supply-chain-2021, 2021."},{"key":"e_1_3_2_1_82_1","unstructured":"Synopsys. 2023 OSSRA Report. https:\/\/www.synopsys.com\/software-integrity\/ engage\/ossra\/rep-ossra-2023-pdf."},{"key":"e_1_3_2_1_83_1","volume-title":"SLSA: Supply-chain levels for software artifacts. https: \/\/slsa.dev","author":"Foundation The Linux","year":"2022","unstructured":"The Linux Foundation. SLSA: Supply-chain levels for software artifacts. https: \/\/slsa.dev, 2022. Accessed: 2022-04--30."},{"key":"e_1_3_2_1_84_1","volume-title":"What is open source intelligence and how is it used? https:\/\/www.recordedfuture.com\/open-source-intelligence-definition","author":"Future Team The Recorded","year":"2022","unstructured":"The Recorded Future Team. What is open source intelligence and how is it used? https:\/\/www.recordedfuture.com\/open-source-intelligence-definition, 2022."},{"key":"e_1_3_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484736"},{"key":"e_1_3_2_1_86_1","volume-title":"Attention is all you need","author":"Vaswani A.","year":"2023","unstructured":"A. Vaswani, N. Shazeer, N. Parmar, J. Uszkoreit, L. Jones, A. N. Gomez, L. Kaiser, and I. Polosukhin. Attention is all you need, 2023."},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1007\/s12652-017-0503-7"},{"key":"e_1_3_2_1_88_1","unstructured":"K. Vivek. Is software reuse leading to dependency hell? www.linkedin.com\/pulse\/software-reuse-leading-dependency-hell-vivekkant 2022."},{"key":"e_1_3_2_1_89_1","volume-title":"A prompt pattern catalog to enhance prompt engineering with chatgpt. arXiv preprint arXiv:2302.11382","author":"White J.","year":"2023","unstructured":"J. White, Q. Fu, S. Hays, M. Sandborn, C. Olea, H. Gilbert, A. Elnashar, J. SpencerSmith, and D. C. Schmidt. A prompt pattern catalog to enhance prompt engineering with chatgpt. arXiv preprint arXiv:2302.11382, 2023."},{"key":"e_1_3_2_1_90_1","volume-title":"Chatgpt prompt patterns for improving code quality, refactoring, requirements elicitation, and software design. arXiv preprint arXiv:2303.07839","author":"White J.","year":"2023","unstructured":"J. White, S. Hays, Q. Fu, J. Spencer-Smith, and D. C. Schmidt. Chatgpt prompt patterns for improving code quality, refactoring, requirements elicitation, and software design. arXiv preprint arXiv:2303.07839, 2023."},{"key":"e_1_3_2_1_91_1","volume-title":"TOPBOTS","author":"Yao M.","year":"2023","unstructured":"M. Yao. Top 6 nlp language models transforming ai in 2023. TOPBOTS, 2023."},{"key":"e_1_3_2_1_92_1","volume-title":"International Conference on Software Engineering (ICSE)","author":"Zahan N.","year":"2022","unstructured":"N. Zahan, T. Zimmermann, P. Godefroid, B. Murphy, C. Maddila, and L. Williams. What are Weak Links in the npm Supply Chain? In International Conference on Software Engineering (ICSE), 2022."},{"key":"e_1_3_2_1_93_1","volume-title":"google' hackers had ability to alter source code. https:\/\/www.wired. com\/2010\/03\/source-code-hacks\/","author":"Zetter K.","year":"2010","unstructured":"K. Zetter. 'google' hackers had ability to alter source code. https:\/\/www.wired. com\/2010\/03\/source-code-hacks\/, 2010."},{"key":"e_1_3_2_1_94_1","doi-asserted-by":"publisher","DOI":"10.1145\/3444689"},{"key":"e_1_3_2_1_95_1","volume-title":"A survey of large language models","author":"Zhao W. X.","year":"2023","unstructured":"W. X. Zhao, K. Zhou, J. Li, T. Tang, X. Wang, Y. Hou, Y. Min, B. Zhang, J. Zhang, Z. Dong, Y. Du, C. Yang, Y. Chen, Z. Chen, J. Jiang, R. Ren, Y. Li, X. Tang, Z. Liu, P. Liu, J.-Y. Nie, and J.-R. Wen. A survey of large language models, 2023."},{"key":"e_1_3_2_1_96_1","volume-title":"USENIX Security","author":"Zimmermann M.","year":"2019","unstructured":"M. Zimmermann, C.-A. Staicu, and M. Pradel. Small World with High Risks: A Study of Security Threats in npm Ecosystem. In USENIX Security, 2019."}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","location":"Copenhagen Denmark","acronym":"CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3605770.3625214","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3605770.3625214","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:36:18Z","timestamp":1750178178000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3605770.3625214"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,26]]},"references-count":95,"alternative-id":["10.1145\/3605770.3625214","10.1145\/3605770"],"URL":"https:\/\/doi.org\/10.1145\/3605770.3625214","relation":{},"subject":[],"published":{"date-parts":[[2023,11,26]]},"assertion":[{"value":"2023-11-26","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}