{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2023:5FCHO7AIBJ7DP2HZE3JYGOAT2B","short_pith_number":"pith:5FCHO7AI","canonical_record":{"source":{"id":"2307.08206","kind":"arxiv","version":3},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2023-07-17T02:54:07Z","cross_cats_sorted":["cs.SE"],"title_canon_sha256":"5cc0322772f5a31203d4b9900c6f263474c955c7c25631d28f7cae06b646ce8b","abstract_canon_sha256":"6a1ff91ea69316f231a6f82d3703ba82cc4eb1ed0e70ea59127d9dbd8ba9aa19"},"schema_version":"1.0"},"canonical_sha256":"e944777c080a7e37e8f926d3833813d07d5e798e95796b02e6637d7c1abb9724","source":{"kind":"arxiv","id":"2307.08206","version":3},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2307.08206","created_at":"2026-07-05T07:13:43Z"},{"alias_kind":"arxiv_version","alias_value":"2307.08206v3","created_at":"2026-07-05T07:13:43Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2307.08206","created_at":"2026-07-05T07:13:43Z"},{"alias_kind":"pith_short_12","alias_value":"5FCHO7AIBJ7D","created_at":"2026-07-05T07:13:43Z"},{"alias_kind":"pith_short_16","alias_value":"5FCHO7AIBJ7DP2HZ","created_at":"2026-07-05T07:13:43Z"},{"alias_kind":"pith_short_8","alias_value":"5FCHO7AI","created_at":"2026-07-05T07:13:43Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2023:5FCHO7AIBJ7DP2HZE3JYGOAT2B","target":"record","payload":{"canonical_record":{"source":{"id":"2307.08206","kind":"arxiv","version":3},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2023-07-17T02:54:07Z","cross_cats_sorted":["cs.SE"],"title_canon_sha256":"5cc0322772f5a31203d4b9900c6f263474c955c7c25631d28f7cae06b646ce8b","abstract_canon_sha256":"6a1ff91ea69316f231a6f82d3703ba82cc4eb1ed0e70ea59127d9dbd8ba9aa19"},"schema_version":"1.0"},"canonical_sha256":"e944777c080a7e37e8f926d3833813d07d5e798e95796b02e6637d7c1abb9724","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-07-05T07:13:43.428657Z","signature_b64":"Gx7DWZKqNHNq8PlZU9+3yUpJTAdo+tUfSRhm8GITqbp0rYNE572yCJyV/6JMDeXFX1Ti1A3hRlWvakC5rWURDA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"e944777c080a7e37e8f926d3833813d07d5e798e95796b02e6637d7c1abb9724","last_reissued_at":"2026-07-05T07:13:43.428108Z","signature_status":"signed_v1","first_computed_at":"2026-07-05T07:13:43.428108Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2307.08206","source_version":3,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-07-05T07:13:43Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"hjJzWV+Ez+fUM5P6yScl6BuCoMOwUHRCIoweSslmDbz443WVBbB+64hw5XH8Z6BUYRxR6G/kwfd4iSRxXXVCBQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-06T10:42:27.271761Z"},"content_sha256":"60085c331cda83abf1e22c42e9c7bf03b264e7fe4950be80bbfdca5db1ed7495","schema_version":"1.0","event_id":"sha256:60085c331cda83abf1e22c42e9c7bf03b264e7fe4950be80bbfdca5db1ed7495"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2023:5FCHO7AIBJ7DP2HZE3JYGOAT2B","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Identifying Vulnerable Third-Party Java Libraries from Textual Descriptions of Vulnerabilities and Libraries","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.SE"],"primary_cat":"cs.CR","authors_text":"Bingjie Shan, Ding Li, Guangtai Liang, Lin Li, Qianxiang Wang, Tao Xie, Tianyu Chen","submitted_at":"2023-07-17T02:54:07Z","abstract_excerpt":"To address security vulnerabilities arising from third-party libraries, security researchers maintain databases monitoring and curating vulnerability reports. Application developers can identify vulnerable libraries by directly querying the databases with their used libraries. However, the querying results of vulnerable libraries are not reliable due to the incompleteness of vulnerability reports. Thus, current approaches model the task of identifying vulnerable libraries as a named-entity-recognition (NER) task or an extreme multi-label learning (XML) task. These approaches suffer from highly"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2307.08206","kind":"arxiv","version":3},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2307.08206/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-07-05T07:13:43Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"AI3/U1bJ4UPU72/v4F47qeedThIHAXqpjFPAE5GTFHalWZdyacysCL2464OXltjbT3CwQVIo6jPX0LL4wqvoDw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-06T10:42:27.272137Z"},"content_sha256":"1ca59774f9c3ef11216f27b7c4418522526baba3a182f7a9790f347b5e25e0cf","schema_version":"1.0","event_id":"sha256:1ca59774f9c3ef11216f27b7c4418522526baba3a182f7a9790f347b5e25e0cf"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/5FCHO7AIBJ7DP2HZE3JYGOAT2B/bundle.json","state_url":"https://pith.science/pith/5FCHO7AIBJ7DP2HZE3JYGOAT2B/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/5FCHO7AIBJ7DP2HZE3JYGOAT2B/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-07-06T10:42:27Z","links":{"resolver":"https://pith.science/pith/5FCHO7AIBJ7DP2HZE3JYGOAT2B","bundle":"https://pith.science/pith/5FCHO7AIBJ7DP2HZE3JYGOAT2B/bundle.json","state":"https://pith.science/pith/5FCHO7AIBJ7DP2HZE3JYGOAT2B/state.json","well_known_bundle":"https://pith.science/.well-known/pith/5FCHO7AIBJ7DP2HZE3JYGOAT2B/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2023:5FCHO7AIBJ7DP2HZE3JYGOAT2B","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"6a1ff91ea69316f231a6f82d3703ba82cc4eb1ed0e70ea59127d9dbd8ba9aa19","cross_cats_sorted":["cs.SE"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2023-07-17T02:54:07Z","title_canon_sha256":"5cc0322772f5a31203d4b9900c6f263474c955c7c25631d28f7cae06b646ce8b"},"schema_version":"1.0","source":{"id":"2307.08206","kind":"arxiv","version":3}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2307.08206","created_at":"2026-07-05T07:13:43Z"},{"alias_kind":"arxiv_version","alias_value":"2307.08206v3","created_at":"2026-07-05T07:13:43Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2307.08206","created_at":"2026-07-05T07:13:43Z"},{"alias_kind":"pith_short_12","alias_value":"5FCHO7AIBJ7D","created_at":"2026-07-05T07:13:43Z"},{"alias_kind":"pith_short_16","alias_value":"5FCHO7AIBJ7DP2HZ","created_at":"2026-07-05T07:13:43Z"},{"alias_kind":"pith_short_8","alias_value":"5FCHO7AI","created_at":"2026-07-05T07:13:43Z"}],"graph_snapshots":[{"event_id":"sha256:1ca59774f9c3ef11216f27b7c4418522526baba3a182f7a9790f347b5e25e0cf","target":"graph","created_at":"2026-07-05T07:13:43Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2307.08206/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"To address security vulnerabilities arising from third-party libraries, security researchers maintain databases monitoring and curating vulnerability reports. Application developers can identify vulnerable libraries by directly querying the databases with their used libraries. However, the querying results of vulnerable libraries are not reliable due to the incompleteness of vulnerability reports. Thus, current approaches model the task of identifying vulnerable libraries as a named-entity-recognition (NER) task or an extreme multi-label learning (XML) task. These approaches suffer from highly","authors_text":"Bingjie Shan, Ding Li, Guangtai Liang, Lin Li, Qianxiang Wang, Tao Xie, Tianyu Chen","cross_cats":["cs.SE"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2023-07-17T02:54:07Z","title":"Identifying Vulnerable Third-Party Java Libraries from Textual Descriptions of Vulnerabilities and Libraries"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2307.08206","kind":"arxiv","version":3},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:60085c331cda83abf1e22c42e9c7bf03b264e7fe4950be80bbfdca5db1ed7495","target":"record","created_at":"2026-07-05T07:13:43Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"6a1ff91ea69316f231a6f82d3703ba82cc4eb1ed0e70ea59127d9dbd8ba9aa19","cross_cats_sorted":["cs.SE"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2023-07-17T02:54:07Z","title_canon_sha256":"5cc0322772f5a31203d4b9900c6f263474c955c7c25631d28f7cae06b646ce8b"},"schema_version":"1.0","source":{"id":"2307.08206","kind":"arxiv","version":3}},"canonical_sha256":"e944777c080a7e37e8f926d3833813d07d5e798e95796b02e6637d7c1abb9724","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"e944777c080a7e37e8f926d3833813d07d5e798e95796b02e6637d7c1abb9724","first_computed_at":"2026-07-05T07:13:43.428108Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-07-05T07:13:43.428108Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"Gx7DWZKqNHNq8PlZU9+3yUpJTAdo+tUfSRhm8GITqbp0rYNE572yCJyV/6JMDeXFX1Ti1A3hRlWvakC5rWURDA==","signature_status":"signed_v1","signed_at":"2026-07-05T07:13:43.428657Z","signed_message":"canonical_sha256_bytes"},"source_id":"2307.08206","source_kind":"arxiv","source_version":3}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:60085c331cda83abf1e22c42e9c7bf03b264e7fe4950be80bbfdca5db1ed7495","sha256:1ca59774f9c3ef11216f27b7c4418522526baba3a182f7a9790f347b5e25e0cf"],"state_sha256":"64b706f1bf0d9ede49e6c24e2e5727516c54fe99f9843f6e682d14311a492e06"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"8tACbEvbpTKl3kLTDfJVi6ILFg0GD/yT4bydLcJze8b2nJpcLmBM6acKPk819JCZOlInoFE3cS7u7z32xCO+Ag==","signed_message":"bundle_sha256_bytes","signed_at":"2026-07-06T10:42:27.274285Z","bundle_sha256":"0823baed33f76df9a5939d48604bc58719a6f093ebc5f3b5c36b6df9cc647700"}}