{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:22:40Z","timestamp":1766442160371,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":2,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3767662","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:37:25Z","timestamp":1763854645000},"page":"4898-4899","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["SCORED '25: Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-2452-6786","authenticated-orcid":false,"given":"Aditya Sirish A","family":"Yelgundhalli","sequence":"first","affiliation":[{"name":"New York University, New York, NY, USA and Bloomberg, New York, NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-6639-3056","authenticated-orcid":false,"given":"Behnaz","family":"Hassanshahi","sequence":"additional","affiliation":[{"name":"Oracle Labs, Brisbane, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-3872-633X","authenticated-orcid":false,"given":"Dennis","family":"Roellke","sequence":"additional","affiliation":[{"name":"Bloomberg, New York, NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5096-1446","authenticated-orcid":false,"given":"Drew","family":"Davidson","sequence":"additional","affiliation":[{"name":"University of Kansas, Lawrence, KS, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-3985-3628","authenticated-orcid":false,"given":"Kathleen","family":"Moriarty","sequence":"additional","affiliation":[{"name":"SecurityBiaS, Arlington, MA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0432-3686","authenticated-orcid":false,"given":"Lorenzo","family":"De Carli","sequence":"additional","affiliation":[{"name":"University of Calgary, Calgary, AB, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3055-404X","authenticated-orcid":false,"given":"Marcela S.","family":"Melara","sequence":"additional","affiliation":[{"name":"Intel Corporation, Hillsboro, OR, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9283-3557","authenticated-orcid":false,"given":"Santiago","family":"Torres-Arias","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-9988-3477","authenticated-orcid":false,"given":"Sarah","family":"Evans","sequence":"additional","affiliation":[{"name":"Dell Technologies, Denver, CO, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2346-5789","authenticated-orcid":false,"given":"Yuchen","family":"Zhang","sequence":"additional","affiliation":[{"name":"New York University, New York, NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"FireEye. 2020. Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor. FireEye Blogs - Threat Research. https:\/\/www.fireeye.com\/blog\/threat-research\/2020\/12\/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"},{"key":"e_1_3_2_1_2_1","unstructured":"Red Hat. 2024. Urgent Security Alert for Fedora Linux 40 and Fedora Rawhide Users. https:\/\/www.redhat.com\/en\/blog\/urgent-security-alert-fedora-41-and-rawhide-users."}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Taipei Taiwan","acronym":"CCS '25"},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3767662","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:20:52Z","timestamp":1766442052000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3767662"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":2,"alternative-id":["10.1145\/3719027.3767662","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3767662","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}