{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:10:12Z","timestamp":1750219812752,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":46,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,12,8]],"date-time":"2023-12-08T00:00:00Z","timestamp":1701993600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["1633437, 1901102, 1925615, 2120429"],"award-info":[{"award-number":["1633437, 1901102, 1925615, 2120429"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Estonian Research Council","award":["PRG1226"],"award-info":[{"award-number":["PRG1226"]}]},{"name":"Austrian ministries BMVIT and BMDW","award":[""],"award-info":[{"award-number":[""]}]},{"name":"Province of Upper Austria in frame of the Software Competence Center Hagenberg (SCCH)","award":[""],"award-info":[{"award-number":[""]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,12,8]]},"DOI":"10.1145\/3617555.3617872","type":"proceedings-article","created":{"date-parts":[[2023,12,1]],"date-time":"2023-12-01T03:27:53Z","timestamp":1701401273000},"page":"22-32","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Large Scale Study of Orphan Vulnerabilities in the Software Supply Chain"],"prefix":"10.1145","author":[{"given":"David","family":"Reid","sequence":"first","affiliation":[{"name":"University of Tennessee at Knoxville, Knoxville, USA"}]},{"given":"Kristiina","family":"Rahkema","sequence":"additional","affiliation":[{"name":"University of Tartu, Tartu, Estonia"}]},{"given":"James","family":"Walden","sequence":"additional","affiliation":[{"name":"Northern Kentucky University, Highland Heights, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,12,8]]},"reference":[{"doi-asserted-by":"publisher","key":"e_1_3_2_1_1_1","DOI":"10.1109\/SANER50967.2021.00048"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_2_1","DOI":"10.1109\/ISSRE.2016.12"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_3_1","DOI":"10.1145\/3475960.3475985"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_4_1","DOI":"10.1145\/3447245"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_5_1","DOI":"10.1145\/3340482.3342742"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_6_1","DOI":"10.1016\/j.jss.2018.09.016"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_7_1","DOI":"10.1145\/3196398.3196401"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_8_1","DOI":"10.1145\/3196398.3196401"},{"unstructured":"Roberto Di Cosmo and Stefano Zacchiroli. 2017. Software heritage: Why and how to preserve software source code. In iPRES 2017-14th International Conference on Digital Preservation. 1\u201310.","key":"e_1_3_2_1_9_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_10_1","DOI":"10.1145\/3133956.3134048"},{"doi-asserted-by":"crossref","unstructured":"Johannes D\u00fcsing and Ben Hermann. 2021. Analyzing the Direct and Transitive Impact of Vulnerabilities onto Different Artifact Repositories. Digital Threats: Research and Practice.","key":"e_1_3_2_1_11_1","DOI":"10.1145\/3472811"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_12_1","DOI":"10.1109\/ICSME.2014.61"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_13_1","DOI":"10.1109\/ICSE.2015.218"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_14_1","DOI":"10.1109\/MSR.2017.15"},{"unstructured":"Github. 2021. About the dependency graph. https:\/\/docs.github.com\/en\/code-security\/supply-chain-security\/understanding-your-software-supply-chain\/about-the-dependency-graph","key":"e_1_3_2_1_15_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_16_1","DOI":"10.1145\/1985404.1985418"},{"unstructured":"Google. 2021. Open Source Insights. https:\/\/deps.dev\/","key":"e_1_3_2_1_17_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_18_1","DOI":"10.1109\/ICSE.2012.6227181"},{"volume-title":"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation. 305\u2013314","author":"Kawamitsu N.","unstructured":"N. Kawamitsu, T. Ishio, T. Kanda, R. G. Kula, C. De Roover, and K. Inoue. 2014. Identifying Source Code Reuse across Repositories Using LCS-Based Source Code Similarity. In 2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation. 305\u2013314.","key":"e_1_3_2_1_19_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_20_1","DOI":"10.1109\/SP.2017.62"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_21_1","DOI":"10.1007\/s10664-017-9521-5"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_22_1","DOI":"10.1109\/ITOEC.2017.8122356"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_23_1","DOI":"10.1145\/3133908"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_24_1","DOI":"10.1109\/MSR.2019.00031"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_25_1","DOI":"10.1007\/s10664-020-09905-9"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_26_1","DOI":"10.1145\/3167132.3167290"},{"key":"e_1_3_2_1_27_1","volume-title":"Large-Scale Code Reuse in Open Source Software. In First International Workshop on Emerging Trends in FLOSS Research and Development (FLOSS\u201907: ICSE Workshops","author":"Mockus A.","year":"2007","unstructured":"A. Mockus. 2007. Large-Scale Code Reuse in Open Source Software. In First International Workshop on Emerging Trends in FLOSS Research and Development (FLOSS\u201907: ICSE Workshops 2007). 7\u20137."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_28_1","DOI":"10.1145\/3379597.3387499"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_29_1","DOI":"10.1287\/mnsc.2017.2977"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_30_1","DOI":"10.1145\/2484313.2484377"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_31_1","DOI":"10.1109\/ICSM.2011.6080795"},{"unstructured":"OWASP. 2022. OWASP Dependency-Check. https:\/\/owasp.org\/www-project-dependency-check\/","key":"e_1_3_2_1_32_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_33_1","DOI":"10.1145\/3372297.3417232"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_34_1","DOI":"10.1109\/ACCESS.2018.2873509"},{"key":"e_1_3_2_1_35_1","volume-title":"Tracing Vulnerable Code Lineage. In 2021 IEEE\/ACM 18th International Conference on Mining Software Repositories (MSR). 621\u2013623","author":"Reid David","year":"2021","unstructured":"David Reid, Kalvin Eng, Chris Bogart, and Adam Tutko. 2021. Tracing Vulnerable Code Lineage. In 2021 IEEE\/ACM 18th International Conference on Mining Software Repositories (MSR). 621\u2013623."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_36_1","DOI":"10.1145\/3510003.3510216"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_37_1","DOI":"10.1007\/s10664-020-09828-5"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_38_1","DOI":"10.1109\/ICSE.2012.6227097"},{"unstructured":"Sonatype. 2022. Open Source Security and Risk Analysis Report. https:\/\/www.synopsys.com\/content\/dam\/synopsys\/sig-assets\/reports\/rep-ossra-2022.pdf","key":"e_1_3_2_1_39_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_40_1","DOI":"10.1145\/3551349.3560432"},{"unstructured":"James Wetter and Nicky Ringland. 2021. Understanding the Impact of Apache Log4j Vulnerability. https:\/\/security.googleblog.com\/2021\/12\/understanding-impact-of-apache-log4j.html","key":"e_1_3_2_1_41_1"},{"key":"e_1_3_2_1_42_1","volume-title":"30th USENIX Security Symposium. 3041\u20133058","author":"Woo Seunghoon","year":"2021","unstructured":"Seunghoon Woo, Dongwook Lee, Sunghan Park, Heejo Lee, and Sven Dietrich. 2021. $V0Finder$: Discovering the Correct Origin of Publicly Reported Software Vulnerabilities. In 30th USENIX Security Symposium. 3041\u20133058."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_43_1","DOI":"10.11185\/imt.7.1370"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_44_1","DOI":"10.11185\/imt.9.155"},{"key":"e_1_3_2_1_45_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Zimmermann Markus","year":"2019","unstructured":"Markus Zimmermann, Cristian-Alexandru Staicu, Cam Tenny, and Michael Pradel. 2019. Small world with high risks: A study of security threats in the npm ecosystem. In 28th USENIX Security Symposium (USENIX Security 19). 995\u20131010."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_46_1","DOI":"10.1145\/3387940.3392209"}],"event":{"sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"],"acronym":"PROMISE '23","name":"PROMISE '23: 19th International Conference on Predictive Models and Data Analytics in Software Engineering","location":"San Francisco CA USA"},"container-title":["Proceedings of the 19th International Conference on Predictive Models and Data Analytics in Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3617555.3617872","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/abs\/10.1145\/3617555.3617872","content-type":"text\/html","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3617555.3617872","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3617555.3617872","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:45:58Z","timestamp":1750178758000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3617555.3617872"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,12,8]]},"references-count":46,"alternative-id":["10.1145\/3617555.3617872","10.1145\/3617555"],"URL":"https:\/\/doi.org\/10.1145\/3617555.3617872","relation":{},"subject":[],"published":{"date-parts":[[2023,12,8]]},"assertion":[{"value":"2023-12-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}