{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T19:01:21Z","timestamp":1754161281221,"version":"3.41.2"},"publisher-location":"New York, NY, USA","reference-count":12,"publisher":"ACM","funder":[{"name":"National Research Foundation, Prime Minister's Office, Singapore under its Campus for Research Excellence and Technological Enterprise (CREATE) programme"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,6,23]]},"DOI":"10.1145\/3696630.3730568","type":"proceedings-article","created":{"date-parts":[[2025,7,28]],"date-time":"2025-07-28T19:10:43Z","timestamp":1753729843000},"page":"1756-1759","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Automated Environment Extraction for Malicious Package Validation: Leveraging Threat Intelligence"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6655-8179","authenticated-orcid":false,"given":"Wenbo","family":"Guo","sequence":"first","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3810-5994","authenticated-orcid":false,"given":"Limin","family":"Wang","sequence":"additional","affiliation":[{"name":"Nanjing University, NanJing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9366-6076","authenticated-orcid":false,"given":"Yiran","family":"Zhang","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8390-7518","authenticated-orcid":false,"given":"Zhengzi","family":"Xu","sequence":"additional","affiliation":[{"name":"Imperial Global Singapore, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6758-4635","authenticated-orcid":false,"given":"Jiahui","family":"Wu","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,7,28]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"6819002","article-title":"Container performance and vulnerability management for container security using docker engine","volume":"2022","author":"Alyas Tahir","year":"2022","unstructured":"Tahir Alyas, Sikandar Ali, Habib Ullah Khan, Ali Samad, Khalid Alissa, and Muhammad Asif Saleem. 2022. Container performance and vulnerability management for container security using docker engine. Security and Communication Networks 2022, 1 (2022), 6819002.","journal-title":"Security and Communication Networks"},{"key":"e_1_3_2_1_2_1","volume-title":"Ryan Elder, Brendan Saltaformaggio, and Wenke Lee.","author":"Duan Ruian","year":"2020","unstructured":"Ruian Duan, Omar Alrawi, Ranjita Pai Kasturi, Ryan Elder, Brendan Saltaformaggio, and Wenke Lee. 2020. Towards measuring supply chain attacks on package managers for interpreted languages. arXiv preprint arXiv:2002.01139 (2020)."},{"key":"e_1_3_2_1_3_1","volume-title":"2019 IEEE\/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER). IEEE, 13\u201316","author":"Garrett Kalil","year":"2019","unstructured":"Kalil Garrett, Gabriel Ferreira, Limin Jia, Joshua Sunshine, and Christian K\u00e4stner. 2019. Detecting suspicious package updates. In 2019 IEEE\/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER). IEEE, 13\u201316."},{"key":"e_1_3_2_1_4_1","volume-title":"Software supply chain: review of attacks, risk assessment strategies and security controls. arXiv preprint arXiv:2305.14157","author":"Gokkaya Betul","year":"2023","unstructured":"Betul Gokkaya, Leonardo Aniello, and Basel Halak. 2023. Software supply chain: review of attacks, risk assessment strategies and security controls. arXiv preprint arXiv:2305.14157 (2023)."},{"key":"e_1_3_2_1_5_1","volume-title":"PackageIntel: Leveraging Large Language Models for Automated Intelligence Extraction in Package Ecosystems. arXiv preprint arXiv:2409.15049","author":"Guo Wenbo","year":"2024","unstructured":"Wenbo Guo, Chengwei Liu, Limin Wang, Jiahui Wu, Zhengzi Xu, Cheng Huang, Yong Fang, and Yang Liu. 2024. PackageIntel: Leveraging Large Language Models for Automated Intelligence Extraction in Package Ecosystems. arXiv preprint arXiv:2409.15049 (2024)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3695988","article-title":"Large language models for software engineering: A systematic literature review","volume":"33","author":"Hou Xinyi","year":"2024","unstructured":"Xinyi Hou, Yanjie Zhao, Yue Liu, Zhou Yang, Kailong Wang, Li Li, Xiapu Luo, David Lo, John Grundy, and Haoyu Wang. 2024. Large language models for software engineering: A systematic literature review. ACM Transactions on Software Engineering and Methodology 33, 8 (2024), 1\u201379.","journal-title":"ACM Transactions on Software Engineering and Methodology"},{"key":"e_1_3_2_1_7_1","volume-title":"Detecting Active and Stealthy Typosquatting Threats in Package Registries. arXiv preprint arXiv:2502.20528","author":"Jiang Wenxin","year":"2025","unstructured":"Wenxin Jiang, Berk \u00c7akar, Mikola Lysenko, and James C Davis. 2025. Detecting Active and Stealthy Typosquatting Threats in Package Registries. arXiv preprint arXiv:2502.20528 (2025)."},{"key":"e_1_3_2_1_8_1","volume-title":"DIMVA 2020, Lisbon, Portugal, June 24\u201326, 2020, Proceedings 17","author":"Ohm Marc","year":"2020","unstructured":"Marc Ohm, Henrik Plate, Arnold Sykosch, and Michael Meier. 2020. Backstabber's knife collection: A review of open source software supply chain attacks. In Detection of Intrusions and Malware, and Vulnerability Assessment: 17th International Conference, DIMVA 2020, Lisbon, Portugal, June 24\u201326, 2020, Proceedings 17. Springer, 23\u201343."},{"key":"e_1_3_2_1_9_1","unstructured":"Python Package Index. 2024. aiocpa attack analysis. PyPI Blog. https:\/\/blog.pypi.org\/posts\/2024-11-25-aiocpa-attack-analysis\/"},{"key":"e_1_3_2_1_10_1","volume-title":"LLMs in Software Security: A Survey of Vulnerability Detection Techniques and Insights. arXiv e-prints","author":"Sheng Ze","year":"2025","unstructured":"Ze Sheng, Zhicheng Chen, Shuning Gu, Heqing Huang, Guofei Gu, and Jeff Huang. 2025. LLMs in Software Security: A Survey of Vulnerability Detection Techniques and Insights. arXiv e-prints (2025), arXiv\u20132502."},{"key":"e_1_3_2_1_11_1","volume-title":"2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE). IEEE, 499\u2013511","author":"Vu Duc-Ly","year":"2023","unstructured":"Duc-Ly Vu, Zachary Newman, and John Speed Meyers. 2023. Bad snakes: Understanding and improving python package index malware scanning. In 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE). IEEE, 499\u2013511."},{"volume-title":"28th USENIX security symposium (USENIX Security 19). 995\u20131010.","author":"Zimmermann Markus","key":"e_1_3_2_1_12_1","unstructured":"Markus Zimmermann, Cristian-Alexandru Staicu, Cam Tenny, and Michael Pradel. 2019. Small world with high risks: A study of security threats in the npm ecosystem. In 28th USENIX security symposium (USENIX Security 19). 995\u20131010."}],"event":{"name":"FSE Companion '25: 33rd ACM International Conference on the Foundations of Software Engineering","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"],"location":"Clarion Hotel Trondheim Trondheim Norway","acronym":"FSE Companion '25"},"container-title":["Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3696630.3730568","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,28]],"date-time":"2025-07-28T19:11:07Z","timestamp":1753729867000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696630.3730568"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,23]]},"references-count":12,"alternative-id":["10.1145\/3696630.3730568","10.1145\/3696630"],"URL":"https:\/\/doi.org\/10.1145\/3696630.3730568","relation":{},"subject":[],"published":{"date-parts":[[2025,6,23]]},"assertion":[{"value":"2025-07-28","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}