{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,3]],"date-time":"2025-05-03T04:14:38Z","timestamp":1746245678339,"version":"3.40.4"},"publisher-location":"New York, NY, USA","reference-count":4,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,15]]},"DOI":"10.1145\/3576915.3624031","type":"proceedings-article","created":{"date-parts":[[2023,11,21]],"date-time":"2023-11-21T17:35:13Z","timestamp":1700588113000},"page":"3671-3672","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["SCORED '23: Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3055-404X","authenticated-orcid":false,"given":"Marcela","family":"Melara","sequence":"first","affiliation":[{"name":"Intel Corporation, Hillsboro, OR, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9283-3557","authenticated-orcid":false,"given":"Santiago","family":"Torres-Arias","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7893-547X","authenticated-orcid":false,"given":"Laurent","family":"Simon","sequence":"additional","affiliation":[{"name":"Google, Inc., Mountain View, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"2021","volume":"202","unstructured":"Apache Software Foundation. 2021. CVE-2021-44832. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44832","journal-title":"Apache Software Foundation."},{"unstructured":"FireEye. 2020. Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor. FireEye Blogs - Threat Research. https:\/\/www.fireeye.com\/blog\/threat-research\/2020\/12\/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html","key":"e_1_3_2_1_2_1"},{"unstructured":"National Institute of Standards and Technology. 2021. Enhancing Software Supply Chain Security: Workshop and Call for Position Papers on Standards and Guidelines. https:\/\/www.nist.gov\/news-events\/events\/2021\/06\/enhancing-software-supply-chain-security-workshop-and-call-position","key":"e_1_3_2_1_3_1"},{"unstructured":"Isaac Z. Schlueter. 2016. kik left-pad and npm. The npm Blog. https:\/\/blog.npmjs.org\/post\/141577284765\/kik-left-pad-and-npm","key":"e_1_3_2_1_4_1"}],"event":{"sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"acronym":"CCS '23","name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","location":"Copenhagen Denmark"},"container-title":["Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3576915.3624031","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,3]],"date-time":"2025-05-03T02:27:25Z","timestamp":1746239245000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3624031"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,15]]},"references-count":4,"alternative-id":["10.1145\/3576915.3624031","10.1145\/3576915"],"URL":"https:\/\/doi.org\/10.1145\/3576915.3624031","relation":{},"subject":[],"published":{"date-parts":[[2023,11,15]]},"assertion":[{"value":"2023-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}