{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2018:G3NXLB7Z2RO3L74KAI4NXIBSWM","short_pith_number":"pith:G3NXLB7Z","canonical_record":{"source":{"id":"1806.10906","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-06-28T12:07:12Z","cross_cats_sorted":["cs.CY","cs.NI"],"title_canon_sha256":"2c2d69bbc5912ef405b0803831fb57b24835804e241c83c59665dde7c63e433a","abstract_canon_sha256":"62d471d3d0cd8ef52ea1f9322b3d9e41fa5a6c710dd260bd2e4a889a49a65cb9"},"schema_version":"1.0"},"canonical_sha256":"36db7587f9d45db5ff8a0238dba032b32b0ee0dfa5363526cf7b1698402be583","source":{"kind":"arxiv","id":"1806.10906","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1806.10906","created_at":"2026-05-18T00:12:07Z"},{"alias_kind":"arxiv_version","alias_value":"1806.10906v1","created_at":"2026-05-18T00:12:07Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1806.10906","created_at":"2026-05-18T00:12:07Z"},{"alias_kind":"pith_short_12","alias_value":"G3NXLB7Z2RO3","created_at":"2026-05-18T12:32:25Z"},{"alias_kind":"pith_short_16","alias_value":"G3NXLB7Z2RO3L74K","created_at":"2026-05-18T12:32:25Z"},{"alias_kind":"pith_short_8","alias_value":"G3NXLB7Z","created_at":"2026-05-18T12:32:25Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2018:G3NXLB7Z2RO3L74KAI4NXIBSWM","target":"record","payload":{"canonical_record":{"source":{"id":"1806.10906","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-06-28T12:07:12Z","cross_cats_sorted":["cs.CY","cs.NI"],"title_canon_sha256":"2c2d69bbc5912ef405b0803831fb57b24835804e241c83c59665dde7c63e433a","abstract_canon_sha256":"62d471d3d0cd8ef52ea1f9322b3d9e41fa5a6c710dd260bd2e4a889a49a65cb9"},"schema_version":"1.0"},"canonical_sha256":"36db7587f9d45db5ff8a0238dba032b32b0ee0dfa5363526cf7b1698402be583","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:12:07.641029Z","signature_b64":"gskWvgLVGCj2e0KK8hhIv/kGsCi75UVxWK51Tz7U5vn3J+MLwod51PkqpmR21vH4laTLcEAjPDIjVPGtikHDDg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"36db7587f9d45db5ff8a0238dba032b32b0ee0dfa5363526cf7b1698402be583","last_reissued_at":"2026-05-18T00:12:07.640403Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:12:07.640403Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1806.10906","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:12:07Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"e/Vzmwz/4RsP3yG+lq7HG8+hG7xld1T3jGUjm7jWf7gWEYZAyUgx5nuYHLsn4a6KOqK7KCcIOdNjG/er/pTEDg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-03T08:51:10.503225Z"},"content_sha256":"a94bd5bae33c165f480d07a3ed24ae41c35175e67fe16933e6ac5639ca2f0302","schema_version":"1.0","event_id":"sha256:a94bd5bae33c165f480d07a3ed24ae41c35175e67fe16933e6ac5639ca2f0302"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2018:G3NXLB7Z2RO3L74KAI4NXIBSWM","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"If you can't understand it, you can't properly assess it! The reality of assessing security risks in Internet of Things systems","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.CY","cs.NI"],"primary_cat":"cs.CR","authors_text":"David de Roure, Jason R.C. Nurse, Petar Radanliev, Sadie Creese","submitted_at":"2018-06-28T12:07:12Z","abstract_excerpt":"Security risk assessment methods have served us well over the last two decades. As the complexity, pervasiveness and automation of technology systems increases, particularly with the Internet of Things (IoT), there is a convincing argument that we will need new approaches to assess risk and build system trust. In this article, we report on a series of scoping workshops and interviews with industry professionals (experts in enterprise systems, IoT and risk) conducted to investigate the validity of this argument. Additionally, our research aims to consult with these professionals to understand t"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1806.10906","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:12:07Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"3TvxRg/PO1E4nTD4Cme5v907GZ21mYgvhQW5/MEglj5+Tb8ZZIEtVoa53GdFbTNn/cLZ9zKnDgCyqZhrmz5/DA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-03T08:51:10.503627Z"},"content_sha256":"cfdf1abb2bc4917c06d368ca1791fe47741b0424a5d94a480aa8d6b0132395f2","schema_version":"1.0","event_id":"sha256:cfdf1abb2bc4917c06d368ca1791fe47741b0424a5d94a480aa8d6b0132395f2"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/G3NXLB7Z2RO3L74KAI4NXIBSWM/bundle.json","state_url":"https://pith.science/pith/G3NXLB7Z2RO3L74KAI4NXIBSWM/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/G3NXLB7Z2RO3L74KAI4NXIBSWM/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-03T08:51:10Z","links":{"resolver":"https://pith.science/pith/G3NXLB7Z2RO3L74KAI4NXIBSWM","bundle":"https://pith.science/pith/G3NXLB7Z2RO3L74KAI4NXIBSWM/bundle.json","state":"https://pith.science/pith/G3NXLB7Z2RO3L74KAI4NXIBSWM/state.json","well_known_bundle":"https://pith.science/.well-known/pith/G3NXLB7Z2RO3L74KAI4NXIBSWM/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2018:G3NXLB7Z2RO3L74KAI4NXIBSWM","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"62d471d3d0cd8ef52ea1f9322b3d9e41fa5a6c710dd260bd2e4a889a49a65cb9","cross_cats_sorted":["cs.CY","cs.NI"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-06-28T12:07:12Z","title_canon_sha256":"2c2d69bbc5912ef405b0803831fb57b24835804e241c83c59665dde7c63e433a"},"schema_version":"1.0","source":{"id":"1806.10906","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1806.10906","created_at":"2026-05-18T00:12:07Z"},{"alias_kind":"arxiv_version","alias_value":"1806.10906v1","created_at":"2026-05-18T00:12:07Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1806.10906","created_at":"2026-05-18T00:12:07Z"},{"alias_kind":"pith_short_12","alias_value":"G3NXLB7Z2RO3","created_at":"2026-05-18T12:32:25Z"},{"alias_kind":"pith_short_16","alias_value":"G3NXLB7Z2RO3L74K","created_at":"2026-05-18T12:32:25Z"},{"alias_kind":"pith_short_8","alias_value":"G3NXLB7Z","created_at":"2026-05-18T12:32:25Z"}],"graph_snapshots":[{"event_id":"sha256:cfdf1abb2bc4917c06d368ca1791fe47741b0424a5d94a480aa8d6b0132395f2","target":"graph","created_at":"2026-05-18T00:12:07Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Security risk assessment methods have served us well over the last two decades. As the complexity, pervasiveness and automation of technology systems increases, particularly with the Internet of Things (IoT), there is a convincing argument that we will need new approaches to assess risk and build system trust. In this article, we report on a series of scoping workshops and interviews with industry professionals (experts in enterprise systems, IoT and risk) conducted to investigate the validity of this argument. Additionally, our research aims to consult with these professionals to understand t","authors_text":"David de Roure, Jason R.C. Nurse, Petar Radanliev, Sadie Creese","cross_cats":["cs.CY","cs.NI"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-06-28T12:07:12Z","title":"If you can't understand it, you can't properly assess it! The reality of assessing security risks in Internet of Things systems"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1806.10906","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:a94bd5bae33c165f480d07a3ed24ae41c35175e67fe16933e6ac5639ca2f0302","target":"record","created_at":"2026-05-18T00:12:07Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"62d471d3d0cd8ef52ea1f9322b3d9e41fa5a6c710dd260bd2e4a889a49a65cb9","cross_cats_sorted":["cs.CY","cs.NI"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-06-28T12:07:12Z","title_canon_sha256":"2c2d69bbc5912ef405b0803831fb57b24835804e241c83c59665dde7c63e433a"},"schema_version":"1.0","source":{"id":"1806.10906","kind":"arxiv","version":1}},"canonical_sha256":"36db7587f9d45db5ff8a0238dba032b32b0ee0dfa5363526cf7b1698402be583","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"36db7587f9d45db5ff8a0238dba032b32b0ee0dfa5363526cf7b1698402be583","first_computed_at":"2026-05-18T00:12:07.640403Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T00:12:07.640403Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"gskWvgLVGCj2e0KK8hhIv/kGsCi75UVxWK51Tz7U5vn3J+MLwod51PkqpmR21vH4laTLcEAjPDIjVPGtikHDDg==","signature_status":"signed_v1","signed_at":"2026-05-18T00:12:07.641029Z","signed_message":"canonical_sha256_bytes"},"source_id":"1806.10906","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:a94bd5bae33c165f480d07a3ed24ae41c35175e67fe16933e6ac5639ca2f0302","sha256:cfdf1abb2bc4917c06d368ca1791fe47741b0424a5d94a480aa8d6b0132395f2"],"state_sha256":"7779417e099e4b9ee6714f81b539aa58b5193346ca293db760b6dea7aa442600"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"qKSrfL8YgHgXa2/rUHv8WhqhO7F7c53NqdXa/v2litHijzfyjUPc5oYyQPVdLpZUA7jVCvwB/s0JNEPrz+xwCA==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-03T08:51:10.511285Z","bundle_sha256":"b3ce09fb72b8338b31fdc6b51dcbc9362c03188f64f031aed6209c0797ed08cf"}}