{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2018:GKFUE5PVZS5YXLPSPAOPK5ZXLH","short_pith_number":"pith:GKFUE5PV","canonical_record":{"source":{"id":"1801.05764","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-01-17T17:32:00Z","cross_cats_sorted":[],"title_canon_sha256":"16ba5eb72f078e0fd7861083ff3d70eb550062cecc0f89a1186841881d44ceeb","abstract_canon_sha256":"59cfad14ba5ef8a7da9f98ca2bbfae5501112ebde3e5756dea725fa3314ce706"},"schema_version":"1.0"},"canonical_sha256":"328b4275f5ccbb8badf2781cf5773759e14e7037ee48a7ac5120063b758255a1","source":{"kind":"arxiv","id":"1801.05764","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1801.05764","created_at":"2026-05-18T00:25:40Z"},{"alias_kind":"arxiv_version","alias_value":"1801.05764v1","created_at":"2026-05-18T00:25:40Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1801.05764","created_at":"2026-05-18T00:25:40Z"},{"alias_kind":"pith_short_12","alias_value":"GKFUE5PVZS5Y","created_at":"2026-05-18T12:32:25Z"},{"alias_kind":"pith_short_16","alias_value":"GKFUE5PVZS5YXLPS","created_at":"2026-05-18T12:32:25Z"},{"alias_kind":"pith_short_8","alias_value":"GKFUE5PV","created_at":"2026-05-18T12:32:25Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2018:GKFUE5PVZS5YXLPSPAOPK5ZXLH","target":"record","payload":{"canonical_record":{"source":{"id":"1801.05764","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-01-17T17:32:00Z","cross_cats_sorted":[],"title_canon_sha256":"16ba5eb72f078e0fd7861083ff3d70eb550062cecc0f89a1186841881d44ceeb","abstract_canon_sha256":"59cfad14ba5ef8a7da9f98ca2bbfae5501112ebde3e5756dea725fa3314ce706"},"schema_version":"1.0"},"canonical_sha256":"328b4275f5ccbb8badf2781cf5773759e14e7037ee48a7ac5120063b758255a1","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:25:40.258112Z","signature_b64":"oqmtmI4NcWOhqL/KGqwxJW4SgFEH18FRF8b/TMB/LVDgGV8VnINcCkIvcEH0QrQnt1HrhDDBq9zZpaNKM4rPDw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"328b4275f5ccbb8badf2781cf5773759e14e7037ee48a7ac5120063b758255a1","last_reissued_at":"2026-05-18T00:25:40.257474Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:25:40.257474Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1801.05764","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:25:40Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"pI+MPktR8Q+l6+pJflmKUn1ENQVVNjiLG2k4ovB+yWqQwB7ZlFUzIeyk+UW3K2w3ItLyo7JKXcL+QcFx9kd7Ag==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-11T18:53:10.927264Z"},"content_sha256":"33df697993cae84629ce4083e262bca5f7c0e6b1c1632414615f03ed79e26f19","schema_version":"1.0","event_id":"sha256:33df697993cae84629ce4083e262bca5f7c0e6b1c1632414615f03ed79e26f19"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2018:GKFUE5PVZS5YXLPSPAOPK5ZXLH","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"M-STAR: A Modular, Evidence-based Software Trustworthiness Framework","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Max M\\\"uhlh\\\"auser, Nikolaos Alexopoulos, Sheikh Mahbub Habib, Steffen Schulz","submitted_at":"2018-01-17T17:32:00Z","abstract_excerpt":"Despite years of intensive research in the field of software vulnerabilities discovery, exploits are becoming ever more common. Consequently, it is more necessary than ever to choose software configurations that minimize systems' exposure surface to these threats. In order to support users in assessing the security risks induced by their software configurations and in making informed decisions, we introduce M-STAR, a Modular Software Trustworthiness ARchitecture and framework for probabilistically assessing the trustworthiness of software systems, based on evidence, such as their vulnerability"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1801.05764","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:25:40Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"VZn2W4kMBKHr6jP/i+CPhJsTsTKw6JVgD8nh54AAjP3xD0nX2NmvPw/5rsJoK5eiae1L8XyXGnhn6cHW8h+2BQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-11T18:53:10.928070Z"},"content_sha256":"816366c03b1fe5b903f787bf93b73de1b39b562dfd259ad6a4b04de40a29c89f","schema_version":"1.0","event_id":"sha256:816366c03b1fe5b903f787bf93b73de1b39b562dfd259ad6a4b04de40a29c89f"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/GKFUE5PVZS5YXLPSPAOPK5ZXLH/bundle.json","state_url":"https://pith.science/pith/GKFUE5PVZS5YXLPSPAOPK5ZXLH/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/GKFUE5PVZS5YXLPSPAOPK5ZXLH/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-11T18:53:10Z","links":{"resolver":"https://pith.science/pith/GKFUE5PVZS5YXLPSPAOPK5ZXLH","bundle":"https://pith.science/pith/GKFUE5PVZS5YXLPSPAOPK5ZXLH/bundle.json","state":"https://pith.science/pith/GKFUE5PVZS5YXLPSPAOPK5ZXLH/state.json","well_known_bundle":"https://pith.science/.well-known/pith/GKFUE5PVZS5YXLPSPAOPK5ZXLH/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2018:GKFUE5PVZS5YXLPSPAOPK5ZXLH","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"59cfad14ba5ef8a7da9f98ca2bbfae5501112ebde3e5756dea725fa3314ce706","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-01-17T17:32:00Z","title_canon_sha256":"16ba5eb72f078e0fd7861083ff3d70eb550062cecc0f89a1186841881d44ceeb"},"schema_version":"1.0","source":{"id":"1801.05764","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1801.05764","created_at":"2026-05-18T00:25:40Z"},{"alias_kind":"arxiv_version","alias_value":"1801.05764v1","created_at":"2026-05-18T00:25:40Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1801.05764","created_at":"2026-05-18T00:25:40Z"},{"alias_kind":"pith_short_12","alias_value":"GKFUE5PVZS5Y","created_at":"2026-05-18T12:32:25Z"},{"alias_kind":"pith_short_16","alias_value":"GKFUE5PVZS5YXLPS","created_at":"2026-05-18T12:32:25Z"},{"alias_kind":"pith_short_8","alias_value":"GKFUE5PV","created_at":"2026-05-18T12:32:25Z"}],"graph_snapshots":[{"event_id":"sha256:816366c03b1fe5b903f787bf93b73de1b39b562dfd259ad6a4b04de40a29c89f","target":"graph","created_at":"2026-05-18T00:25:40Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Despite years of intensive research in the field of software vulnerabilities discovery, exploits are becoming ever more common. Consequently, it is more necessary than ever to choose software configurations that minimize systems' exposure surface to these threats. In order to support users in assessing the security risks induced by their software configurations and in making informed decisions, we introduce M-STAR, a Modular Software Trustworthiness ARchitecture and framework for probabilistically assessing the trustworthiness of software systems, based on evidence, such as their vulnerability","authors_text":"Max M\\\"uhlh\\\"auser, Nikolaos Alexopoulos, Sheikh Mahbub Habib, Steffen Schulz","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-01-17T17:32:00Z","title":"M-STAR: A Modular, Evidence-based Software Trustworthiness Framework"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1801.05764","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:33df697993cae84629ce4083e262bca5f7c0e6b1c1632414615f03ed79e26f19","target":"record","created_at":"2026-05-18T00:25:40Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"59cfad14ba5ef8a7da9f98ca2bbfae5501112ebde3e5756dea725fa3314ce706","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-01-17T17:32:00Z","title_canon_sha256":"16ba5eb72f078e0fd7861083ff3d70eb550062cecc0f89a1186841881d44ceeb"},"schema_version":"1.0","source":{"id":"1801.05764","kind":"arxiv","version":1}},"canonical_sha256":"328b4275f5ccbb8badf2781cf5773759e14e7037ee48a7ac5120063b758255a1","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"328b4275f5ccbb8badf2781cf5773759e14e7037ee48a7ac5120063b758255a1","first_computed_at":"2026-05-18T00:25:40.257474Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T00:25:40.257474Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"oqmtmI4NcWOhqL/KGqwxJW4SgFEH18FRF8b/TMB/LVDgGV8VnINcCkIvcEH0QrQnt1HrhDDBq9zZpaNKM4rPDw==","signature_status":"signed_v1","signed_at":"2026-05-18T00:25:40.258112Z","signed_message":"canonical_sha256_bytes"},"source_id":"1801.05764","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:33df697993cae84629ce4083e262bca5f7c0e6b1c1632414615f03ed79e26f19","sha256:816366c03b1fe5b903f787bf93b73de1b39b562dfd259ad6a4b04de40a29c89f"],"state_sha256":"677aee9a566eb5f17a841bfb78fe64654c7864c4f06b84f1addb0ae10f3070dc"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"dLanmVAKhtFhnc6GdgkTTAeqXBoip/bmKocJhZG7iIJdaj6q/7KpbIPu+CPZw7FhQ5Q+a/utd8PDI/BZeGSVDw==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-11T18:53:10.932184Z","bundle_sha256":"7cf6940218a47f90092244d2c86ce7c15f493f4c18e01b7dffc46b4746b88177"}}