{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2025:VXWYIGDPMN7AJKNOVFPH6EB6VM","short_pith_number":"pith:VXWYIGDP","schema_version":"1.0","canonical_sha256":"aded84186f637e04a9aea95e7f103eab2b5f4355ff3240aa75321cdebf08159a","source":{"kind":"arxiv","id":"2502.07395","version":2},"attestation_state":"computed","paper":{"title":"On Categorizing Open Source Software Security Vulnerability Reporting Mechanisms on GitHub","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":[],"primary_cat":"cs.SE","authors_text":"Brittany Reid, Chaiyong Ragkhitwetsagul, Chanikarn Jongyingyos, Morakot Choetkiertikul, Raula Gaikovina Kula, Sushawapak Kancharoendee, Thanat Phichitphanphong, Thanwadee Sunetnanta","submitted_at":"2025-02-11T09:23:24Z","abstract_excerpt":"Open-source projects are essential to software development, but publicly disclosing vulnerabilities without fixes increases the risk of exploitation. The Open Source Security Foundation (OpenSSF) addresses this issue by promoting robust security policies to enhance project security. Current research reveals that many projects perform poorly on OpenSSF criteria, indicating a need for stronger security practices and underscoring the value of SECURITY$.$md files for structured vulnerability reporting. This study aims to provide recommendations for improving security policies. By examining 679 ope"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2502.07395","kind":"arxiv","version":2},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.SE","submitted_at":"2025-02-11T09:23:24Z","cross_cats_sorted":[],"title_canon_sha256":"ef69e72c6a5f22c6d00c1075f1523a17256f18368b78f7a0df213368c9f67122","abstract_canon_sha256":"2e9ff2e57a7705574a43605af1a9ffed36704cfe1b1b0fdfab5ec028649f06ad"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-07-05T10:13:09.531771Z","signature_b64":"PKqPXNDtN/m9a96DQwWj/VLq3VnMy7V2GhCuOzYFLIYdhuvDNT4q5XTC++dW3eWCajwKfoNL/O5OfmDdYJifAQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"aded84186f637e04a9aea95e7f103eab2b5f4355ff3240aa75321cdebf08159a","last_reissued_at":"2026-07-05T10:13:09.531239Z","signature_status":"signed_v1","first_computed_at":"2026-07-05T10:13:09.531239Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"On Categorizing Open Source Software Security Vulnerability Reporting Mechanisms on GitHub","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":[],"primary_cat":"cs.SE","authors_text":"Brittany Reid, Chaiyong Ragkhitwetsagul, Chanikarn Jongyingyos, Morakot Choetkiertikul, Raula Gaikovina Kula, Sushawapak Kancharoendee, Thanat Phichitphanphong, Thanwadee Sunetnanta","submitted_at":"2025-02-11T09:23:24Z","abstract_excerpt":"Open-source projects are essential to software development, but publicly disclosing vulnerabilities without fixes increases the risk of exploitation. The Open Source Security Foundation (OpenSSF) addresses this issue by promoting robust security policies to enhance project security. Current research reveals that many projects perform poorly on OpenSSF criteria, indicating a need for stronger security practices and underscoring the value of SECURITY$.$md files for structured vulnerability reporting. This study aims to provide recommendations for improving security policies. By examining 679 ope"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2502.07395","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2502.07395/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2502.07395","created_at":"2026-07-05T10:13:09.531300+00:00"},{"alias_kind":"arxiv_version","alias_value":"2502.07395v2","created_at":"2026-07-05T10:13:09.531300+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2502.07395","created_at":"2026-07-05T10:13:09.531300+00:00"},{"alias_kind":"pith_short_12","alias_value":"VXWYIGDPMN7A","created_at":"2026-07-05T10:13:09.531300+00:00"},{"alias_kind":"pith_short_16","alias_value":"VXWYIGDPMN7AJKNO","created_at":"2026-07-05T10:13:09.531300+00:00"},{"alias_kind":"pith_short_8","alias_value":"VXWYIGDP","created_at":"2026-07-05T10:13:09.531300+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/VXWYIGDPMN7AJKNOVFPH6EB6VM","json":"https://pith.science/pith/VXWYIGDPMN7AJKNOVFPH6EB6VM.json","graph_json":"https://pith.science/api/pith-number/VXWYIGDPMN7AJKNOVFPH6EB6VM/graph.json","events_json":"https://pith.science/api/pith-number/VXWYIGDPMN7AJKNOVFPH6EB6VM/events.json","paper":"https://pith.science/paper/VXWYIGDP"},"agent_actions":{"view_html":"https://pith.science/pith/VXWYIGDPMN7AJKNOVFPH6EB6VM","download_json":"https://pith.science/pith/VXWYIGDPMN7AJKNOVFPH6EB6VM.json","view_paper":"https://pith.science/paper/VXWYIGDP","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2502.07395&json=true","fetch_graph":"https://pith.science/api/pith-number/VXWYIGDPMN7AJKNOVFPH6EB6VM/graph.json","fetch_events":"https://pith.science/api/pith-number/VXWYIGDPMN7AJKNOVFPH6EB6VM/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/VXWYIGDPMN7AJKNOVFPH6EB6VM/action/timestamp_anchor","attest_storage":"https://pith.science/pith/VXWYIGDPMN7AJKNOVFPH6EB6VM/action/storage_attestation","attest_author":"https://pith.science/pith/VXWYIGDPMN7AJKNOVFPH6EB6VM/action/author_attestation","sign_citation":"https://pith.science/pith/VXWYIGDPMN7AJKNOVFPH6EB6VM/action/citation_signature","submit_replication":"https://pith.science/pith/VXWYIGDPMN7AJKNOVFPH6EB6VM/action/replication_record"}},"created_at":"2026-07-05T10:13:09.531300+00:00","updated_at":"2026-07-05T10:13:09.531300+00:00"}