{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2023:QOAMDX4HXTV456QVSTTMLH5FBJ","short_pith_number":"pith:QOAMDX4H","canonical_record":{"source":{"id":"2307.15642","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by-nc-sa/4.0/","primary_cat":"cs.CR","submitted_at":"2023-07-28T16:01:30Z","cross_cats_sorted":[],"title_canon_sha256":"da66233ef8e107cc52fe34fbc59013ad9bf5e4c2a9145d8cedc738dc7b4aea85","abstract_canon_sha256":"ee61dc2af75e60365457d3cbde69078b9c02922eb380e44cace1df7755f75d5f"},"schema_version":"1.0"},"canonical_sha256":"8380c1df87bcebcefa1594e6c59fa50a7678d09f5d2b7d6658ada3a340625274","source":{"kind":"arxiv","id":"2307.15642","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2307.15642","created_at":"2026-07-05T06:35:37Z"},{"alias_kind":"arxiv_version","alias_value":"2307.15642v1","created_at":"2026-07-05T06:35:37Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2307.15642","created_at":"2026-07-05T06:35:37Z"},{"alias_kind":"pith_short_12","alias_value":"QOAMDX4HXTV4","created_at":"2026-07-05T06:35:37Z"},{"alias_kind":"pith_short_16","alias_value":"QOAMDX4HXTV456QV","created_at":"2026-07-05T06:35:37Z"},{"alias_kind":"pith_short_8","alias_value":"QOAMDX4H","created_at":"2026-07-05T06:35:37Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2023:QOAMDX4HXTV456QVSTTMLH5FBJ","target":"record","payload":{"canonical_record":{"source":{"id":"2307.15642","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by-nc-sa/4.0/","primary_cat":"cs.CR","submitted_at":"2023-07-28T16:01:30Z","cross_cats_sorted":[],"title_canon_sha256":"da66233ef8e107cc52fe34fbc59013ad9bf5e4c2a9145d8cedc738dc7b4aea85","abstract_canon_sha256":"ee61dc2af75e60365457d3cbde69078b9c02922eb380e44cace1df7755f75d5f"},"schema_version":"1.0"},"canonical_sha256":"8380c1df87bcebcefa1594e6c59fa50a7678d09f5d2b7d6658ada3a340625274","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-07-05T06:35:37.743195Z","signature_b64":"tUawKrqy9Ti/6zJFPen+WzXeVEHaq41TBdwQeSYoAn79XwnEuwK7Fw+GRCc5PV70npTuBrNlUz+flZoKcLXhAg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"8380c1df87bcebcefa1594e6c59fa50a7678d09f5d2b7d6658ada3a340625274","last_reissued_at":"2026-07-05T06:35:37.742731Z","signature_status":"signed_v1","first_computed_at":"2026-07-05T06:35:37.742731Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2307.15642","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-07-05T06:35:37Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"Qbz2U1xPhiLF43lzmOvkjB+F2iEG6Gmizm+sGEMAZuobgx5YppELmFlBOALED86z9xMK9Mfrx/uVeJjv4UInDQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-15T20:30:06.880523Z"},"content_sha256":"ab94c842f4e84413ed5363e174e4fa26dcb12d4c1e11ccfacecd28a25d4f0117","schema_version":"1.0","event_id":"sha256:ab94c842f4e84413ed5363e174e4fa26dcb12d4c1e11ccfacecd28a25d4f0117"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2023:QOAMDX4HXTV456QVSTTMLH5FBJ","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"S3C2 Summit 2202-09: Industry Secure Suppy Chain Summit","license":"http://creativecommons.org/licenses/by-nc-sa/4.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Alexandros Kapravelos, Christian Kastner, Laurie Williams, Michel Cucker, Mindy Tran, William Enck, Yasemin Acar","submitted_at":"2023-07-28T16:01:30Z","abstract_excerpt":"Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing fatal damage to businesses and organizations. Past well-known examples of software supply chain attacks are the SolarWinds or log4j incidents that have affected thousands of customers and businesses. The US government and industry are equally interested in enhancing software supply chain security. We conducted six panel discussions with a diverse set of 19 practitioners from industry. We asked them open-ended questions regarding SBOMs, vulnerable dependencies, malicious commi"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2307.15642","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2307.15642/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-07-05T06:35:37Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"JMreUYiK6zB412hxYoRcHuviSfcoOq091oTSasVDpg8W2RBja4EOoVx/FD4iWnh1iFNK1oolH84l+aQYrfpvDA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-15T20:30:06.880902Z"},"content_sha256":"aac9de9d437170ec0e647c5f44e747f741ea0042310ca207e729572c82bfd63e","schema_version":"1.0","event_id":"sha256:aac9de9d437170ec0e647c5f44e747f741ea0042310ca207e729572c82bfd63e"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/QOAMDX4HXTV456QVSTTMLH5FBJ/bundle.json","state_url":"https://pith.science/pith/QOAMDX4HXTV456QVSTTMLH5FBJ/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/QOAMDX4HXTV456QVSTTMLH5FBJ/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-07-15T20:30:06Z","links":{"resolver":"https://pith.science/pith/QOAMDX4HXTV456QVSTTMLH5FBJ","bundle":"https://pith.science/pith/QOAMDX4HXTV456QVSTTMLH5FBJ/bundle.json","state":"https://pith.science/pith/QOAMDX4HXTV456QVSTTMLH5FBJ/state.json","well_known_bundle":"https://pith.science/.well-known/pith/QOAMDX4HXTV456QVSTTMLH5FBJ/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2023:QOAMDX4HXTV456QVSTTMLH5FBJ","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"ee61dc2af75e60365457d3cbde69078b9c02922eb380e44cace1df7755f75d5f","cross_cats_sorted":[],"license":"http://creativecommons.org/licenses/by-nc-sa/4.0/","primary_cat":"cs.CR","submitted_at":"2023-07-28T16:01:30Z","title_canon_sha256":"da66233ef8e107cc52fe34fbc59013ad9bf5e4c2a9145d8cedc738dc7b4aea85"},"schema_version":"1.0","source":{"id":"2307.15642","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2307.15642","created_at":"2026-07-05T06:35:37Z"},{"alias_kind":"arxiv_version","alias_value":"2307.15642v1","created_at":"2026-07-05T06:35:37Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2307.15642","created_at":"2026-07-05T06:35:37Z"},{"alias_kind":"pith_short_12","alias_value":"QOAMDX4HXTV4","created_at":"2026-07-05T06:35:37Z"},{"alias_kind":"pith_short_16","alias_value":"QOAMDX4HXTV456QV","created_at":"2026-07-05T06:35:37Z"},{"alias_kind":"pith_short_8","alias_value":"QOAMDX4H","created_at":"2026-07-05T06:35:37Z"}],"graph_snapshots":[{"event_id":"sha256:aac9de9d437170ec0e647c5f44e747f741ea0042310ca207e729572c82bfd63e","target":"graph","created_at":"2026-07-05T06:35:37Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2307.15642/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing fatal damage to businesses and organizations. Past well-known examples of software supply chain attacks are the SolarWinds or log4j incidents that have affected thousands of customers and businesses. The US government and industry are equally interested in enhancing software supply chain security. We conducted six panel discussions with a diverse set of 19 practitioners from industry. We asked them open-ended questions regarding SBOMs, vulnerable dependencies, malicious commi","authors_text":"Alexandros Kapravelos, Christian Kastner, Laurie Williams, Michel Cucker, Mindy Tran, William Enck, Yasemin Acar","cross_cats":[],"headline":"","license":"http://creativecommons.org/licenses/by-nc-sa/4.0/","primary_cat":"cs.CR","submitted_at":"2023-07-28T16:01:30Z","title":"S3C2 Summit 2202-09: Industry Secure Suppy Chain Summit"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2307.15642","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:ab94c842f4e84413ed5363e174e4fa26dcb12d4c1e11ccfacecd28a25d4f0117","target":"record","created_at":"2026-07-05T06:35:37Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"ee61dc2af75e60365457d3cbde69078b9c02922eb380e44cace1df7755f75d5f","cross_cats_sorted":[],"license":"http://creativecommons.org/licenses/by-nc-sa/4.0/","primary_cat":"cs.CR","submitted_at":"2023-07-28T16:01:30Z","title_canon_sha256":"da66233ef8e107cc52fe34fbc59013ad9bf5e4c2a9145d8cedc738dc7b4aea85"},"schema_version":"1.0","source":{"id":"2307.15642","kind":"arxiv","version":1}},"canonical_sha256":"8380c1df87bcebcefa1594e6c59fa50a7678d09f5d2b7d6658ada3a340625274","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"8380c1df87bcebcefa1594e6c59fa50a7678d09f5d2b7d6658ada3a340625274","first_computed_at":"2026-07-05T06:35:37.742731Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-07-05T06:35:37.742731Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"tUawKrqy9Ti/6zJFPen+WzXeVEHaq41TBdwQeSYoAn79XwnEuwK7Fw+GRCc5PV70npTuBrNlUz+flZoKcLXhAg==","signature_status":"signed_v1","signed_at":"2026-07-05T06:35:37.743195Z","signed_message":"canonical_sha256_bytes"},"source_id":"2307.15642","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:ab94c842f4e84413ed5363e174e4fa26dcb12d4c1e11ccfacecd28a25d4f0117","sha256:aac9de9d437170ec0e647c5f44e747f741ea0042310ca207e729572c82bfd63e"],"state_sha256":"1a48a4c66f5d3e9aad4df50a3a406f13e61d2c67011a6eed3631f471e69ab750"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"J8V2e1KwbHNmhL8dksw1F6G+llUqJ003UPNUYgN8CWpbQpNWqwhtcyiEP71ZxPzfnodBrOLErqeKDSagrXaZCQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-07-15T20:30:06.883105Z","bundle_sha256":"ce47b82aaead8dd5e614743c6f7bb32ea7e4490bd89a49814703d9099bf8c1eb"}}