{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2019:4OMSDOLFLQVTYS3Z6GCQFRDETJ","short_pith_number":"pith:4OMSDOLF","canonical_record":{"source":{"id":"1906.04424","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2019-06-11T07:58:19Z","cross_cats_sorted":[],"title_canon_sha256":"5dea1894ebe98293d0fe6df446eb465f0b7d9aa1ab25e620fce96d70f8908855","abstract_canon_sha256":"b0636defc06be3353ac6c919e1c830ca1b8a1e2a1ffcc2e25e9245fc49e80940"},"schema_version":"1.0"},"canonical_sha256":"e39921b9655c2b3c4b79f18502c4649a7f96dc798a49f6acf711c40730059b28","source":{"kind":"arxiv","id":"1906.04424","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1906.04424","created_at":"2026-05-17T23:43:39Z"},{"alias_kind":"arxiv_version","alias_value":"1906.04424v1","created_at":"2026-05-17T23:43:39Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1906.04424","created_at":"2026-05-17T23:43:39Z"},{"alias_kind":"pith_short_12","alias_value":"4OMSDOLFLQVT","created_at":"2026-05-18T12:33:10Z"},{"alias_kind":"pith_short_16","alias_value":"4OMSDOLFLQVTYS3Z","created_at":"2026-05-18T12:33:10Z"},{"alias_kind":"pith_short_8","alias_value":"4OMSDOLF","created_at":"2026-05-18T12:33:10Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2019:4OMSDOLFLQVTYS3Z6GCQFRDETJ","target":"record","payload":{"canonical_record":{"source":{"id":"1906.04424","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2019-06-11T07:58:19Z","cross_cats_sorted":[],"title_canon_sha256":"5dea1894ebe98293d0fe6df446eb465f0b7d9aa1ab25e620fce96d70f8908855","abstract_canon_sha256":"b0636defc06be3353ac6c919e1c830ca1b8a1e2a1ffcc2e25e9245fc49e80940"},"schema_version":"1.0"},"canonical_sha256":"e39921b9655c2b3c4b79f18502c4649a7f96dc798a49f6acf711c40730059b28","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:43:39.316883Z","signature_b64":"0y9ts6y4fBFdqs5Gn3M913rL0mJw198cBtbvcypev09CWi+9S3K3BOruoJBG+pEI5a2tlH4aA9hKTI4GqmJ5Aw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"e39921b9655c2b3c4b79f18502c4649a7f96dc798a49f6acf711c40730059b28","last_reissued_at":"2026-05-17T23:43:39.316253Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:43:39.316253Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1906.04424","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:43:39Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"1g79iWChdDUetZEKhRnQtL8l6XWffyHADAP21gmw20u1L4zh677W4D5t7msIMuhT1FbUIcXpMythbGGu/xlbCA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-27T17:14:08.909209Z"},"content_sha256":"ca94cd5cb5d7f1af13277eedf429e7006ff0bbf4c90ca92c7f642bbb477c5796","schema_version":"1.0","event_id":"sha256:ca94cd5cb5d7f1af13277eedf429e7006ff0bbf4c90ca92c7f642bbb477c5796"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2019:4OMSDOLFLQVTYS3Z6GCQFRDETJ","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Sharing of vulnerability information among companies -- a survey of Swedish companies","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.SE","authors_text":"Markus Borg, Martin Hell, Martin H\\\"ost, Thomas Olsson, Ulrik Franke","submitted_at":"2019-06-11T07:58:19Z","abstract_excerpt":"Software products are rarely developed from scratch and vulnerabilities in such products might reside in parts that are either open source software or provided by another organization. Hence, the total cybersecurity of a product often depends on cooperation, explicit or implicit, between several organizations. We study the attitudes and practices of companies in software ecosystems towards sharing vulnerability information. Furthermore, we compare these practices to contemporary cybersecurity recommendations. This is performed through a questionnaire-based qualitative survey. The questionnaire"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1906.04424","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:43:39Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"i1dW+xwjXBDoaKJwn1JxT+qxJq1Y1Tgo/crKGiYQ6F+z8XggtlYl3FDN3yk6l1BNzD4l5tWRhoMJx76wX2QoCg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-27T17:14:08.909907Z"},"content_sha256":"51026ee51a6c08bf76ec41917387fdd91f12732bf3bd3ff390c610cbc7925ed7","schema_version":"1.0","event_id":"sha256:51026ee51a6c08bf76ec41917387fdd91f12732bf3bd3ff390c610cbc7925ed7"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/4OMSDOLFLQVTYS3Z6GCQFRDETJ/bundle.json","state_url":"https://pith.science/pith/4OMSDOLFLQVTYS3Z6GCQFRDETJ/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/4OMSDOLFLQVTYS3Z6GCQFRDETJ/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-05-27T17:14:08Z","links":{"resolver":"https://pith.science/pith/4OMSDOLFLQVTYS3Z6GCQFRDETJ","bundle":"https://pith.science/pith/4OMSDOLFLQVTYS3Z6GCQFRDETJ/bundle.json","state":"https://pith.science/pith/4OMSDOLFLQVTYS3Z6GCQFRDETJ/state.json","well_known_bundle":"https://pith.science/.well-known/pith/4OMSDOLFLQVTYS3Z6GCQFRDETJ/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2019:4OMSDOLFLQVTYS3Z6GCQFRDETJ","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"b0636defc06be3353ac6c919e1c830ca1b8a1e2a1ffcc2e25e9245fc49e80940","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2019-06-11T07:58:19Z","title_canon_sha256":"5dea1894ebe98293d0fe6df446eb465f0b7d9aa1ab25e620fce96d70f8908855"},"schema_version":"1.0","source":{"id":"1906.04424","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1906.04424","created_at":"2026-05-17T23:43:39Z"},{"alias_kind":"arxiv_version","alias_value":"1906.04424v1","created_at":"2026-05-17T23:43:39Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1906.04424","created_at":"2026-05-17T23:43:39Z"},{"alias_kind":"pith_short_12","alias_value":"4OMSDOLFLQVT","created_at":"2026-05-18T12:33:10Z"},{"alias_kind":"pith_short_16","alias_value":"4OMSDOLFLQVTYS3Z","created_at":"2026-05-18T12:33:10Z"},{"alias_kind":"pith_short_8","alias_value":"4OMSDOLF","created_at":"2026-05-18T12:33:10Z"}],"graph_snapshots":[{"event_id":"sha256:51026ee51a6c08bf76ec41917387fdd91f12732bf3bd3ff390c610cbc7925ed7","target":"graph","created_at":"2026-05-17T23:43:39Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Software products are rarely developed from scratch and vulnerabilities in such products might reside in parts that are either open source software or provided by another organization. Hence, the total cybersecurity of a product often depends on cooperation, explicit or implicit, between several organizations. We study the attitudes and practices of companies in software ecosystems towards sharing vulnerability information. Furthermore, we compare these practices to contemporary cybersecurity recommendations. This is performed through a questionnaire-based qualitative survey. The questionnaire","authors_text":"Markus Borg, Martin Hell, Martin H\\\"ost, Thomas Olsson, Ulrik Franke","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2019-06-11T07:58:19Z","title":"Sharing of vulnerability information among companies -- a survey of Swedish companies"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1906.04424","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:ca94cd5cb5d7f1af13277eedf429e7006ff0bbf4c90ca92c7f642bbb477c5796","target":"record","created_at":"2026-05-17T23:43:39Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"b0636defc06be3353ac6c919e1c830ca1b8a1e2a1ffcc2e25e9245fc49e80940","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2019-06-11T07:58:19Z","title_canon_sha256":"5dea1894ebe98293d0fe6df446eb465f0b7d9aa1ab25e620fce96d70f8908855"},"schema_version":"1.0","source":{"id":"1906.04424","kind":"arxiv","version":1}},"canonical_sha256":"e39921b9655c2b3c4b79f18502c4649a7f96dc798a49f6acf711c40730059b28","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"e39921b9655c2b3c4b79f18502c4649a7f96dc798a49f6acf711c40730059b28","first_computed_at":"2026-05-17T23:43:39.316253Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:43:39.316253Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"0y9ts6y4fBFdqs5Gn3M913rL0mJw198cBtbvcypev09CWi+9S3K3BOruoJBG+pEI5a2tlH4aA9hKTI4GqmJ5Aw==","signature_status":"signed_v1","signed_at":"2026-05-17T23:43:39.316883Z","signed_message":"canonical_sha256_bytes"},"source_id":"1906.04424","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:ca94cd5cb5d7f1af13277eedf429e7006ff0bbf4c90ca92c7f642bbb477c5796","sha256:51026ee51a6c08bf76ec41917387fdd91f12732bf3bd3ff390c610cbc7925ed7"],"state_sha256":"0240f14dc69d65053c85124429c4a95716fb8586fc8c7ad59fd3c420089750f1"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"duXZ4WT/MyJBOQp7G8UiaqUMKq3i2r85pS/oonxaPRupzRsnm5mypX77NWriRFNMtSMmRC5hYiSWWaaEDdM0AQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-05-27T17:14:08.913601Z","bundle_sha256":"1e5bcc9facdeda09f0be3d9678aaec8d083a124379af73fda3f4a28c0ce8f2d2"}}