{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T10:15:22Z","timestamp":1775470522665,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":25,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,4,15]],"date-time":"2024-04-15T00:00:00Z","timestamp":1713139200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,4,15]]},"DOI":"10.1145\/3643662.3643957","type":"proceedings-article","created":{"date-parts":[[2024,8,26]],"date-time":"2024-08-26T18:16:08Z","timestamp":1724696168000},"page":"12-19","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":14,"title":["Trust in Software Supply Chains: Blockchain-Enabled SBOM and the AIBOM Future"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-7385-4023","authenticated-orcid":false,"given":"Boming","family":"Xia","sequence":"first","affiliation":[{"name":"CSIRO's Data61, Sydney, Australia"},{"name":"University of New South Wales, Sydney, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0801-475X","authenticated-orcid":false,"given":"Dawen","family":"Zhang","sequence":"additional","affiliation":[{"name":"CSIRO's Data61, Sydney, Australia"},{"name":"Australian National University, Canberra, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2958-9923","authenticated-orcid":false,"given":"Yue","family":"Liu","sequence":"additional","affiliation":[{"name":"CSIRO's Data61, Sydney, Australia"},{"name":"University of New South Wales, Sydney, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7783-5183","authenticated-orcid":false,"given":"Qinghua","family":"Lu","sequence":"additional","affiliation":[{"name":"CSIRO's Data61, Sydney, Australia"},{"name":"University of New South Wales, Sydney, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7663-1421","authenticated-orcid":false,"given":"Zhenchang","family":"Xing","sequence":"additional","affiliation":[{"name":"CSIRO's Data61, Sydney, Australia"},{"name":"Australian National University, Canberra, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5839-3765","authenticated-orcid":false,"given":"Liming","family":"Zhu","sequence":"additional","affiliation":[{"name":"CSIRO's Data61, Sydney, Australia"},{"name":"University of New South Wales, Sydney, Australia"}]}],"member":"320","published-online":{"date-parts":[[2024,8,26]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"2018 IEEE International Conference on Engineering, Technology and Innovation (ICE\/ITMC). IEEE, 1--6.","author":"Arenas Rodelio","year":"2018","unstructured":"Rodelio Arenas and Proceso Fernandez. 2018. CredenceLedger: a permissioned blockchain for verifiable academic credentials. In 2018 IEEE International Conference on Engineering, Technology and Innovation (ICE\/ITMC). IEEE, 1--6."},{"key":"e_1_3_2_1_2_1","volume-title":"2020 the 3rd International Conference on Blockchain Technology and Applications. 61--66","author":"Brunner Clemens","year":"2020","unstructured":"Clemens Brunner, Ulrich Gallersd\u00f6rfer, Fabian Knirsch, Dominik Engel, and Florian Matthes. 2020. Did and vc: Untangling decentralized identifiers and verifiable credentials for the web of trust. In 2020 the 3rd International Conference on Blockchain Technology and Applications. 61--66."},{"key":"e_1_3_2_1_3_1","volume-title":"Machine Learning Bill of Materials (ML-BOM). https:\/\/cyclonedx.org\/capabilities\/mlbom\/. [Online","author":"DX.","year":"2023","unstructured":"CycloneDX. 2023. Machine Learning Bill of Materials (ML-BOM). https:\/\/cyclonedx.org\/capabilities\/mlbom\/. [Online; accessed 30-Aug-2023]."},{"key":"e_1_3_2_1_4_1","volume-title":"Hanna Wallach, Hal Daum\u00e9 Iii, and Kate Crawford.","author":"Gebru Timnit","year":"2021","unstructured":"Timnit Gebru, Jamie Morgenstern, Briana Vecchione, Jennifer Wortman Vaughan, Hanna Wallach, Hal Daum\u00e9 Iii, and Kate Crawford. 2021. Datasheets for datasets. Commun. ACM (2021), 86--92."},{"key":"e_1_3_2_1_5_1","volume-title":"A survey on blockchain technology and its security","author":"Guo Huaqun","year":"2022","unstructured":"Huaqun Guo and Xingjie Yu. 2022. A survey on blockchain technology and its security. Blockchain: Research and Applications (Jun 2022), 100067."},{"key":"e_1_3_2_1_6_1","volume-title":"Security Threats, and Solution Architectures","author":"Hassija Vikas","year":"2021","unstructured":"Vikas Hassija, Vinay Chamola, Vatsal Gupta, Sarthak Jain, and Nadra Guizani. 2021. A Survey on Supply Chain Security: Application Areas, Security Threats, and Solution Architectures. IEEE Internet of Things Journal (2021), 6222--6246."},{"key":"e_1_3_2_1_7_1","volume-title":"Proceedings of the conference on fairness, accountability, and transparency. 220--229","author":"Mitchell Margaret","year":"2019","unstructured":"Margaret Mitchell, Simone Wu, Andrew Zaldivar, Parker Barnes, Lucy Vasserman, Ben Hutchinson, Elena Spitzer, Inioluwa Deborah Raji, and Timnit Gebru. 2019. Model cards for model reporting. In Proceedings of the conference on fairness, accountability, and transparency. 220--229."},{"key":"e_1_3_2_1_8_1","volume-title":"Blockchain-Based Verifiable Credential Sharing with Selective Disclosure. In 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE","author":"Mukta Rahma","unstructured":"Rahma Mukta, James Martens, Hye-young Paik, Qinghua Lu, and Salil S. Kanhere. 2020. Blockchain-Based Verifiable Credential Sharing with Selective Disclosure. In 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, Guangzhou, China, 959--966."},{"key":"e_1_3_2_1_9_1","volume-title":"2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications. IEEE, 946--957","author":"Schanzenbach Martin","year":"2018","unstructured":"Martin Schanzenbach, Georg Bramm, and Julian Sch\u00fctte. 2018. reclaimID: Secure, self-sovereign identities using name systems and attribute-based encryption. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications. IEEE, 946--957."},{"key":"e_1_3_2_1_10_1","volume-title":"8th Annual State of the Software Supply Chain Report. https:\/\/www.sonatype.com\/state-of-the-software-supply-chain\/open-source-supply-demand-security. [Online","year":"2023","unstructured":"Sonatype. 2023. 8th Annual State of the Software Supply Chain Report. https:\/\/www.sonatype.com\/state-of-the-software-supply-chain\/open-source-supply-demand-security. [Online; accessed 30-May-2023]."},{"key":"e_1_3_2_1_11_1","volume-title":"https:\/\/github.com\/spdx\/spdx-3-model\/blob\/main\/model\/AI\/AI.md. [Online","author":"Profile SPDX.","year":"2023","unstructured":"SPDX. 2023. AI Profile. https:\/\/github.com\/spdx\/spdx-3-model\/blob\/main\/model\/AI\/AI.md. [Online; accessed 30-Aug-2023]."},{"key":"e_1_3_2_1_12_1","unstructured":"DE LUCA Stefano. 2023. New Product Liability Directive. (2023)."},{"key":"e_1_3_2_1_13_1","volume-title":"Eurocrypt","author":"Szydlo Michael","unstructured":"Michael Szydlo. 2004. Merkle tree traversal in log space and time. In Eurocrypt. Springer, 541--554."},{"key":"e_1_3_2_1_14_1","volume-title":"White Paper: eDATA Verifiable Credentials for Cross Border Trade. https:\/\/unece.org\/sites\/default\/files\/2022-07\/WhitePaper_VerifiableCredentials-CBT.pdf. [Online","author":"The United Nations Centre for Trade Facilitation and Electronic Business (UN\/CEFACT). 2022.","year":"2023","unstructured":"The United Nations Centre for Trade Facilitation and Electronic Business (UN\/CEFACT). 2022. White Paper: eDATA Verifiable Credentials for Cross Border Trade. https:\/\/unece.org\/sites\/default\/files\/2022-07\/WhitePaper_VerifiableCredentials-CBT.pdf. [Online; accessed 30-May-2023]."},{"key":"e_1_3_2_1_15_1","volume-title":"Cybersecurity and Infrastructure Security Agency (CISA)","author":"The","year":"2023","unstructured":"The U.S. Cybersecurity and Infrastructure Security Agency (CISA). 2023. Software Must Be Secure by Design, and Artificial Intelligence Is No Exception. https:\/\/www.cisa.gov\/news-events\/news\/software-must-be-secure-design-and-artificial-intelligence-no-exception."},{"key":"e_1_3_2_1_16_1","volume-title":"Energy Security, and Emergency Response (CESER).","author":"The","year":"2023","unstructured":"The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Energy's Office of Cybersecurity, Energy Security, and Emergency Response (CESER). 2023. Software Bill of Materials (SBOM) Sharing Lifecycle Report. https:\/\/www.cisa.gov\/sites\/default\/files\/2023-04\/sbom-sharing-lifecycle-report_508.pdf. [Online; accessed 30-May-2023]."},{"key":"e_1_3_2_1_17_1","volume-title":"National Telecommunications and Information Administration (NIST)","author":"The","year":"2021","unstructured":"The U.S. National Telecommunications and Information Administration (NIST). 2021. The Minimum Elements For a Software Bill of Materials (SBOM). https:\/\/www.ntia.doc.gov\/files\/ntia\/publications\/sbom_minimum_elements_report.pdf. [Online; accessed 30-May-2023]."},{"key":"e_1_3_2_1_18_1","unstructured":"The White House. 2021. Executive Order on Improving the Nation's Cybersecurity. https:\/\/www.whitehouse.gov\/briefing-room\/presidential-actions\/2021\/05\/12\/executive-order-on-improving-the-nations-cybersecurity\/"},{"key":"e_1_3_2_1_19_1","volume-title":"Verifiable Credentials Implementation Guidelines 1.0. https:\/\/www.w3.org\/TR\/vc-imp-guide\/. [Online","author":"C.","year":"2023","unstructured":"W3C. 2019. Verifiable Credentials Implementation Guidelines 1.0. https:\/\/www.w3.org\/TR\/vc-imp-guide\/. [Online; accessed 30-May-2023]."},{"key":"e_1_3_2_1_20_1","volume-title":"Verifiable Credentials Data Model v1.1. https:\/\/www.w3.org\/TR\/vc-data-model\/. [Online","author":"C.","year":"2023","unstructured":"W3C. 2022. Verifiable Credentials Data Model v1.1. https:\/\/www.w3.org\/TR\/vc-data-model\/. [Online; accessed 30-May-2023]."},{"key":"e_1_3_2_1_21_1","volume-title":"Trusting Trust: Humans in the Software Supply Chain Loop","author":"Williams Laurie","year":"2022","unstructured":"Laurie Williams. 2022. Trusting Trust: Humans in the Software Supply Chain Loop. IEEE Security & Privacy (Sep 2022), 7--10."},{"key":"e_1_3_2_1_22_1","unstructured":"Evan D Wolff KM Growley MG Gruden et al. 2021. Navigating the solarwinds supply chain attack. The Procurement Lawyer (2021)."},{"key":"e_1_3_2_1_23_1","volume-title":"An Empirical Study on Software Bill of Materials: Where We Stand and the Road Ahead. In 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE). 2630--2642","author":"Xia Boming","year":"2023","unstructured":"Boming Xia, Tingting Bi, Zhenchang Xing, Qinghua Lu, and Liming Zhu. 2023. An Empirical Study on Software Bill of Materials: Where We Stand and the Road Ahead. In 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE). 2630--2642."},{"key":"e_1_3_2_1_24_1","volume-title":"Xiangping Chen, and Huaimin Wang.","author":"Zheng Zibin","year":"2018","unstructured":"Zibin Zheng, Shaoan Xie, Hong Ning Dai, Xiangping Chen, and Huaimin Wang. 2018. Blockchain challenges and opportunities: a survey. International Journal of Web and Grid Services (2018), 352."},{"key":"e_1_3_2_1_25_1","article-title":"Smart Contract Development: Challenges and Opportunities","author":"Zou Weiqin","year":"2021","unstructured":"Weiqin Zou, David Lo, Pavneet Singh Kochhar, Xuan-Bach Dinh Le, Xin Xia, Yang Feng, Zhenyu Chen, and Baowen Xu. 2021. Smart Contract Development: Challenges and Opportunities. IEEE Transactions on Software Engineering (Oct 2021), 2084--2106.","journal-title":"IEEE Transactions on Software Engineering"}],"event":{"name":"EnCyCriS\/SVM '24: 2024 ACM\/IEEE 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) and 2024 IEEE\/ACM Second International Workshop on Software Vulnerability","location":"Lisbon Portugal","acronym":"EnCyCriS\/SVM '24","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS","Faculty of Engineering of University of Porto"]},"container-title":["Proceedings of the 2024 ACM\/IEEE 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) and 2024 IEEE\/ACM Second International Workshop on Software Vulnerability"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3643662.3643957","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3643662.3643957","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T00:05:32Z","timestamp":1750291532000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3643662.3643957"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,15]]},"references-count":25,"alternative-id":["10.1145\/3643662.3643957","10.1145\/3643662"],"URL":"https:\/\/doi.org\/10.1145\/3643662.3643957","relation":{},"subject":[],"published":{"date-parts":[[2024,4,15]]},"assertion":[{"value":"2024-08-26","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}