{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2025:QKOTIMBDJOM4USUEZXPHMNYVRQ","short_pith_number":"pith:QKOTIMBD","canonical_record":{"source":{"id":"2510.21452","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2025-10-24T13:30:10Z","cross_cats_sorted":["cs.CR","cs.SI"],"title_canon_sha256":"d296496a2d764f7774d5aa170c76538d894b63624c6ee439d954379a03c75ba7","abstract_canon_sha256":"c861105e536425de552d79794b4800965b24e4f41eb6fe0344db834c036c9d08"},"schema_version":"1.0"},"canonical_sha256":"829d3430234b99ca4a84cdde7637158c3e07e107f7689cbab86b9b69b4409135","source":{"kind":"arxiv","id":"2510.21452","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2510.21452","created_at":"2026-06-04T01:08:34Z"},{"alias_kind":"arxiv_version","alias_value":"2510.21452v1","created_at":"2026-06-04T01:08:34Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2510.21452","created_at":"2026-06-04T01:08:34Z"},{"alias_kind":"pith_short_12","alias_value":"QKOTIMBDJOM4","created_at":"2026-06-04T01:08:34Z"},{"alias_kind":"pith_short_16","alias_value":"QKOTIMBDJOM4USUE","created_at":"2026-06-04T01:08:34Z"},{"alias_kind":"pith_short_8","alias_value":"QKOTIMBD","created_at":"2026-06-04T01:08:34Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2025:QKOTIMBDJOM4USUEZXPHMNYVRQ","target":"record","payload":{"canonical_record":{"source":{"id":"2510.21452","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2025-10-24T13:30:10Z","cross_cats_sorted":["cs.CR","cs.SI"],"title_canon_sha256":"d296496a2d764f7774d5aa170c76538d894b63624c6ee439d954379a03c75ba7","abstract_canon_sha256":"c861105e536425de552d79794b4800965b24e4f41eb6fe0344db834c036c9d08"},"schema_version":"1.0"},"canonical_sha256":"829d3430234b99ca4a84cdde7637158c3e07e107f7689cbab86b9b69b4409135","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-04T01:08:34.441216Z","signature_b64":"DrRJk2aagwLaU4MiBsqE9T0KztbeAr6MliOamwEWhX7osaMCYh9SJc8MctkbIMKGJRPdc25Z6dSN/jcL4BIrBg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"829d3430234b99ca4a84cdde7637158c3e07e107f7689cbab86b9b69b4409135","last_reissued_at":"2026-06-04T01:08:34.440284Z","signature_status":"signed_v1","first_computed_at":"2026-06-04T01:08:34.440284Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2510.21452","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-04T01:08:34Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"1WDGeSsXH2l7gIgY7NPnIj+VKZI2jHVg66oF5lxAldHbTEqKEAM5zRWA+psFveO20Slks8wyzqHv5ViwNHiGAg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-01T21:19:41.914886Z"},"content_sha256":"e86ece693e959c94458af9aea6ccbd5d0ccf5b80d9a35dcd87dcef20b587a8fd","schema_version":"1.0","event_id":"sha256:e86ece693e959c94458af9aea6ccbd5d0ccf5b80d9a35dcd87dcef20b587a8fd"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2025:QKOTIMBDJOM4USUEZXPHMNYVRQ","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Towards Socio-Technical Topology-Aware Adaptive Threat Detection in Software Supply Chains","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.CR","cs.SI"],"primary_cat":"cs.SE","authors_text":"Brynj\\'olfur Stef\\'ansson, Helmut Neukirchen, Krist\\'ofer Finnsson, Thomas Welsh","submitted_at":"2025-10-24T13:30:10Z","abstract_excerpt":"Software supply chains (SSCs) are complex systems composed of dynamic, heterogeneous technical and social components which collectively achieve the production and maintenance of software artefacts. Attacks on SSCs are increasing, yet pervasive vulnerability analysis is challenging due to their complexity. Therefore, threat detection must be targeted, to account for the large and dynamic structure, and adaptive, to account for its change and diversity. While current work focuses on technical approaches for monitoring supply chain dependencies and establishing component controls, approaches whic"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2510.21452","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2510.21452/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-04T01:08:34Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"HwmVjPLxKjj7bbnz/a3g1OHXu5osvCqbjBRXYy3WxHAfCUAZdY7JlMDHePpnBrYsFws35/BvbONBu67Z+/wvCw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-01T21:19:41.915270Z"},"content_sha256":"e0d67186077580c02aba2eed59fb1000a600f1c2cf59afe2ea45cee209a65e52","schema_version":"1.0","event_id":"sha256:e0d67186077580c02aba2eed59fb1000a600f1c2cf59afe2ea45cee209a65e52"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/QKOTIMBDJOM4USUEZXPHMNYVRQ/bundle.json","state_url":"https://pith.science/pith/QKOTIMBDJOM4USUEZXPHMNYVRQ/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/QKOTIMBDJOM4USUEZXPHMNYVRQ/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-07-01T21:19:41Z","links":{"resolver":"https://pith.science/pith/QKOTIMBDJOM4USUEZXPHMNYVRQ","bundle":"https://pith.science/pith/QKOTIMBDJOM4USUEZXPHMNYVRQ/bundle.json","state":"https://pith.science/pith/QKOTIMBDJOM4USUEZXPHMNYVRQ/state.json","well_known_bundle":"https://pith.science/.well-known/pith/QKOTIMBDJOM4USUEZXPHMNYVRQ/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2025:QKOTIMBDJOM4USUEZXPHMNYVRQ","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"c861105e536425de552d79794b4800965b24e4f41eb6fe0344db834c036c9d08","cross_cats_sorted":["cs.CR","cs.SI"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2025-10-24T13:30:10Z","title_canon_sha256":"d296496a2d764f7774d5aa170c76538d894b63624c6ee439d954379a03c75ba7"},"schema_version":"1.0","source":{"id":"2510.21452","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2510.21452","created_at":"2026-06-04T01:08:34Z"},{"alias_kind":"arxiv_version","alias_value":"2510.21452v1","created_at":"2026-06-04T01:08:34Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2510.21452","created_at":"2026-06-04T01:08:34Z"},{"alias_kind":"pith_short_12","alias_value":"QKOTIMBDJOM4","created_at":"2026-06-04T01:08:34Z"},{"alias_kind":"pith_short_16","alias_value":"QKOTIMBDJOM4USUE","created_at":"2026-06-04T01:08:34Z"},{"alias_kind":"pith_short_8","alias_value":"QKOTIMBD","created_at":"2026-06-04T01:08:34Z"}],"graph_snapshots":[{"event_id":"sha256:e0d67186077580c02aba2eed59fb1000a600f1c2cf59afe2ea45cee209a65e52","target":"graph","created_at":"2026-06-04T01:08:34Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2510.21452/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Software supply chains (SSCs) are complex systems composed of dynamic, heterogeneous technical and social components which collectively achieve the production and maintenance of software artefacts. Attacks on SSCs are increasing, yet pervasive vulnerability analysis is challenging due to their complexity. Therefore, threat detection must be targeted, to account for the large and dynamic structure, and adaptive, to account for its change and diversity. While current work focuses on technical approaches for monitoring supply chain dependencies and establishing component controls, approaches whic","authors_text":"Brynj\\'olfur Stef\\'ansson, Helmut Neukirchen, Krist\\'ofer Finnsson, Thomas Welsh","cross_cats":["cs.CR","cs.SI"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2025-10-24T13:30:10Z","title":"Towards Socio-Technical Topology-Aware Adaptive Threat Detection in Software Supply Chains"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2510.21452","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:e86ece693e959c94458af9aea6ccbd5d0ccf5b80d9a35dcd87dcef20b587a8fd","target":"record","created_at":"2026-06-04T01:08:34Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"c861105e536425de552d79794b4800965b24e4f41eb6fe0344db834c036c9d08","cross_cats_sorted":["cs.CR","cs.SI"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2025-10-24T13:30:10Z","title_canon_sha256":"d296496a2d764f7774d5aa170c76538d894b63624c6ee439d954379a03c75ba7"},"schema_version":"1.0","source":{"id":"2510.21452","kind":"arxiv","version":1}},"canonical_sha256":"829d3430234b99ca4a84cdde7637158c3e07e107f7689cbab86b9b69b4409135","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"829d3430234b99ca4a84cdde7637158c3e07e107f7689cbab86b9b69b4409135","first_computed_at":"2026-06-04T01:08:34.440284Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-06-04T01:08:34.440284Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"DrRJk2aagwLaU4MiBsqE9T0KztbeAr6MliOamwEWhX7osaMCYh9SJc8MctkbIMKGJRPdc25Z6dSN/jcL4BIrBg==","signature_status":"signed_v1","signed_at":"2026-06-04T01:08:34.441216Z","signed_message":"canonical_sha256_bytes"},"source_id":"2510.21452","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:e86ece693e959c94458af9aea6ccbd5d0ccf5b80d9a35dcd87dcef20b587a8fd","sha256:e0d67186077580c02aba2eed59fb1000a600f1c2cf59afe2ea45cee209a65e52"],"state_sha256":"295d2a9c56e3eac546d0e57f57c060334c6abe97f23bf4f7df476706e3fc1809"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"U+XoVTRxvmLuRoA+n0R65vq5Yl20cekVJgqMVmWuF0iC2QOFu8iE83PTtkuhnnufg786aEpyoSL8zS9cFBkJBg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-07-01T21:19:41.917712Z","bundle_sha256":"78ffbfb89e0e836b95f4fab82ef7f7d8a8352e873d8d33f339bdb31d6e7dcaec"}}