{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T15:21:59Z","timestamp":1773156119654,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":31,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,3,31]],"date-time":"2025-03-31T00:00:00Z","timestamp":1743379200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,3,31]]},"DOI":"10.1145\/3672608.3707940","type":"proceedings-article","created":{"date-parts":[[2025,5,14]],"date-time":"2025-05-14T18:30:17Z","timestamp":1747247417000},"page":"1712-1720","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Claim vs. Capability: A Comparative Analysis of the SBOM Generation Tools for Rust Projects"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3815-8925","authenticated-orcid":false,"given":"Md Fazle","family":"Rabbi","sequence":"first","affiliation":[{"name":"Idaho State University, Pocatello, ID, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-2126-6251","authenticated-orcid":false,"given":"Arifa Islam","family":"Champa","sequence":"additional","affiliation":[{"name":"Idaho State University, Pocatello, ID, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-5353-5030","authenticated-orcid":false,"given":"Minhaz Fahim","family":"Zibran","sequence":"additional","affiliation":[{"name":"Idaho State University, Pocatello, ID, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,5,14]]},"reference":[{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2023.3302956"},{"key":"e_1_3_2_1_3_1","volume-title":"Rust: The programming language for safety and performance. arXiv preprint arXiv:2206.05503","author":"Bugden William","year":"2022","unstructured":"William Bugden and Ayman Alahmar. 2022. Rust: The programming language for safety and performance. arXiv preprint arXiv:2206.05503 (2022)."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"crossref","unstructured":"S. Carmody A. Coravos G. Fahs A. Hatch J. Medina B. Woods and J. Corman. 2021. Building resilient medical technology supply chains with a software bill of materials. npj Digital Medicine 4 1 (2021) 1\u20136.","DOI":"10.1038\/s41746-021-00403-w"},{"key":"e_1_3_2_1_5_1","volume-title":"An Empirical Study on the Privacy and Security Awareness of Smartphone Sensors. In 21st IEEE International Conference on Software Engineering, Management and Applications (SERA). 1\u20138.","author":"Champa Arifa I.","unstructured":"Arifa I. Champa, Md Fazle Rabbi, Farjana Z. Eishita, and Minhaz F. Zibran. 2023. Are We Aware? An Empirical Study on the Privacy and Security Awareness of Smartphone Sensors. In 21st IEEE International Conference on Software Engineering, Management and Applications (SERA). 1\u20138."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3643991.3645077"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR59073.2023.00055"},{"key":"e_1_3_2_1_8_1","volume-title":"SBOM Generation Tools in the Python Ecosystem: an In-Detail Analysis. arXiv preprint arXiv:2409.01214","author":"Cofano Serena","year":"2024","unstructured":"Serena Cofano, Giacomo Benedetti, and Matteo Dell'Amico. 2024. SBOM Generation Tools in the Python Ecosystem: an In-Detail Analysis. arXiv preprint arXiv:2409.01214 (2024)."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3347446"},{"key":"e_1_3_2_1_10_1","volume-title":"Baleigh Rae Morgan, Ethan S Bauer, and Drew Christensen.","author":"Eggers Shannon Leigh","year":"2022","unstructured":"Shannon Leigh Eggers, Tori Brooke Simon, Baleigh Rae Morgan, Ethan S Bauer, and Drew Christensen. 2022. Towards software bill of materials in the nuclear industry. Technical Report. Idaho National Laboratory (INL), US."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2020.110653"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3664476.3670926"},{"key":"e_1_3_2_1_13_1","first-page":"27","article-title":"Bill of manufacture","volume":"33","author":"Hastings Nicholas AJ","year":"1992","unstructured":"Nicholas AJ Hastings and Chung-Hsing Yeh. 1992. Bill of manufacture. Production and Inventory Management Journal 33, 4 (1992), 27.","journal-title":"Production and Inventory Management Journal"},{"key":"e_1_3_2_1_14_1","volume-title":"https:\/\/accelerationeconomy.com\/cybersecurity\/solarwinds-breach-cybersecurity-executive-order-propel-sbom\/ Accessed","author":"Hughes Chris","year":"2024","unstructured":"Chris Hughes. 2021. SolarWinds Breach & Cybersecurity Executive Order Propel SBOM. https:\/\/accelerationeconomy.com\/cybersecurity\/solarwinds-breach-cybersecurity-executive-order-propel-sbom\/ Accessed: Oct 2024."},{"key":"e_1_3_2_1_15_1","first-page":"20","article-title":"Security Vulnerabilities in Categories of Clones and Non-Cloned Code: An Empirical Study. In 11th ACM\/IEEE Intl. Symp. on Empirical","author":"Islam Md Rakibul","year":"2017","unstructured":"Md Rakibul Islam, Minhaz Zibran, and A. Nagpal. 2017. Security Vulnerabilities in Categories of Clones and Non-Cloned Code: An Empirical Study. In 11th ACM\/IEEE Intl. Symp. on Empirical Soft. Eng. and Measurement. 20\u201329.","journal-title":"Soft. Eng. and Measurement."},{"key":"e_1_3_2_1_16_1","volume-title":"25th IEEE International Conference on Software Analysis, Evolution and Reengineering. 487\u2013491","author":"Islam Md Rakibul","unstructured":"Md Rakibul Islam and Minhaz F. Zibran. 2018. A Comparison of Software Engineering Domain Specific Sentiment Analysis Tools. In 25th IEEE International Conference on Software Analysis, Evolution and Reengineering. 487\u2013491."},{"key":"e_1_3_2_1_17_1","volume-title":"Quantifying Complexity: The Challenges of Supply Chain Security. EE Times. https:\/\/www.eetimes.com\/quantifying-complexity-the-challenges-of-supply-chain-security\/ Accessed","author":"Jamieson Andrew","year":"2020","unstructured":"Andrew Jamieson. 2020. Quantifying Complexity: The Challenges of Supply Chain Security. EE Times. https:\/\/www.eetimes.com\/quantifying-complexity-the-challenges-of-supply-chain-security\/ Accessed: Oct 2024."},{"key":"e_1_3_2_1_18_1","volume-title":"Pros and Cons of Using Third-Party Software in Your App Development. https:\/\/www.thedroidsonroids.com\/blog\/third-party-software-pros-and-cons Accessed","author":"Janus Jakub","year":"2024","unstructured":"Jakub Janus, Marcin Chojnacki, and Wojciech Szwajkiewicz. 2020. Pros and Cons of Using Third-Party Software in Your App Development. https:\/\/www.thedroidsonroids.com\/blog\/third-party-software-pros-and-cons Accessed: Oct 2024."},{"key":"e_1_3_2_1_19_1","volume-title":"Choosing the Weapon: A Comparative Study of Security Analyzers for Android Applications. In Intl. Conference on Software Engineering, Management and Applications. 51\u201357","author":"Joseph Ryan","year":"2021","unstructured":"Ryan Joseph, Minhaz Zibran, and Farjana Eishita. 2021. Choosing the Weapon: A Comparative Study of Security Analyzers for Android Applications. In Intl. Conference on Software Engineering, Management and Applications. 51\u201357."},{"key":"e_1_3_2_1_20_1","volume-title":"Extremely Critical Log4J Vulnerability Leaves Much of the Internet at Risk. The Hacker News. https:\/\/thehackernews.com\/2021\/12\/extremely-critical-log4j-vulnerability.html Accessed","author":"Lakshmanan Ravie","year":"2024","unstructured":"Ravie Lakshmanan. 2021. Extremely Critical Log4J Vulnerability Leaves Much of the Internet at Risk. The Hacker News. https:\/\/thehackernews.com\/2021\/12\/extremely-critical-log4j-vulnerability.html Accessed: Oct 2024."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.70828\/KHEH5209"},{"key":"e_1_3_2_1_22_1","volume-title":"Improving the Nation's Cybersecurity. https:\/\/www.nist.gov\/itl\/executive-order-14028-improving-nations-cybersecurity Accessed","author":"NIST.","year":"2024","unstructured":"NIST. 2021. Executive Order 14028, Improving the Nation's Cybersecurity. https:\/\/www.nist.gov\/itl\/executive-order-14028-improving-nations-cybersecurity Accessed: Oct 2024."},{"key":"e_1_3_2_1_23_1","volume-title":"Roles and Benefits for SBOM Across the Supply Chain. https:\/\/www.ntia.gov\/files\/ntia\/publications\/ntia_sbom_use_cases_roles_benefits-nov2019.pdf Accessed","author":"NTIA.","year":"2024","unstructured":"NTIA. 2019. Roles and Benefits for SBOM Across the Supply Chain. https:\/\/www.ntia.gov\/files\/ntia\/publications\/ntia_sbom_use_cases_roles_benefits-nov2019.pdf Accessed: Oct 2024."},{"key":"e_1_3_2_1_24_1","volume-title":"DIMVA 2020, Lisbon, Portugal, June 24\u201326, 2020, Proceedings 17","author":"Ohm Marc","year":"2020","unstructured":"Marc Ohm, Henrik Plate, Arnold Sykosch, and Michael Meier. 2020. Backstabber's knife collection: A review of open source software supply chain attacks. In Detection of Intrusions and Malware, and Vulnerability Assessment: 17th International Conference, DIMVA 2020, Lisbon, Portugal, June 24\u201326, 2020, Proceedings 17. Springer, 23\u201343."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2021.3051235"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3605098.3635927"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3643991.3645076"},{"key":"e_1_3_2_1_28_1","volume-title":"On the Characteristics of Buggy Code Clones: A Code Quality Perspective. In 12th IEEE Intl. Workshop on Software Clones. 23\u201329","author":"Islam Md","unstructured":"Md rakibul Islam and Minhaz F. Zibran. 2018. On the Characteristics of Buggy Code Clones: A Code Quality Perspective. In 12th IEEE Intl. Workshop on Software Clones. 23\u201329."},{"key":"e_1_3_2_1_29_1","volume-title":"Basic and advanced statistical tests: Writing results sections and creating tables and figures","author":"Ross Amanda","unstructured":"Amanda Ross and Victor L Willson. 2018. Basic and advanced statistical tests: Writing results sections and creating tables and figures. Springer."},{"key":"e_1_3_2_1_30_1","volume-title":"Analytics Global Conference. Springer, 40\u201351","author":"Sehgal Vandana Verma","year":"2023","unstructured":"Vandana Verma Sehgal and PS Ambili. 2023. A Taxonomy and Survey of Software Bill of Materials (SBOM) Generation Approaches. In Analytics Global Conference. Springer, 40\u201351."},{"key":"e_1_3_2_1_31_1","volume-title":"Toward a Resilient Cybersecure Hydropower Fleet: Cybersecurity Landscape and Roadmap","author":"Whyatt Marie V","year":"2021","unstructured":"Marie V Whyatt, Darlene E Thorsen, Mark D Watson, Kenneth D Ham, Perry A Pederson, Archibald D McKinnon, and Kyle R DeSomber. 2023. Toward a Resilient Cybersecure Hydropower Fleet: Cybersecurity Landscape and Roadmap 2021. Technical Report. Pacific Northwest National Laboratory (PNNL), United States."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3466642","article-title":"Memory-safety challenge considered solved? An in-depth study with all Rust CVEs","volume":"31","author":"Xu Hui","year":"2021","unstructured":"Hui Xu, Zhuangbin Chen, Mingshen Sun, Yangfan Zhou, and Michael R Lyu. 2021. Memory-safety challenge considered solved? An in-depth study with all Rust CVEs. ACM Transactions on Software Engineering and Methodology (TOSEM) 31, 1 (2021), 1\u201325.","journal-title":"ACM Transactions on Software Engineering and Methodology (TOSEM)"}],"event":{"name":"SAC '25: 40th ACM\/SIGAPP Symposium on Applied Computing","location":"Catania International Airport Catania Italy","acronym":"SAC '25","sponsor":["SIGAPP ACM Special Interest Group on Applied Computing"]},"container-title":["Proceedings of the 40th ACM\/SIGAPP Symposium on Applied Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3672608.3707940","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3672608.3707940","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:57:36Z","timestamp":1750298256000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3672608.3707940"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,3,31]]},"references-count":31,"alternative-id":["10.1145\/3672608.3707940","10.1145\/3672608"],"URL":"https:\/\/doi.org\/10.1145\/3672608.3707940","relation":{},"subject":[],"published":{"date-parts":[[2025,3,31]]},"assertion":[{"value":"2025-05-14","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}