{"id":"https://openalex.org/W4404564681","doi":"https://doi.org/10.1109/uemcon62879.2024.10754708","title":"DevPhish: Exploring Social Engineering in Software Supply Chain Attacks on Developers","display_name":"DevPhish: Exploring Social Engineering in Software Supply Chain Attacks on Developers","publication_year":2024,"publication_date":"2024-10-17","ids":{"openalex":"https://openalex.org/W4404564681","doi":"https://doi.org/10.1109/uemcon62879.2024.10754708"},"language":"en","primary_location":{"id":"doi:10.1109/uemcon62879.2024.10754708","is_oa":false,"landing_page_url":"https://doi.org/10.1109/uemcon62879.2024.10754708","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE 15th Annual Ubiquitous Computing, Electronics &amp;amp; Mobile Communication Conference (UEMCON)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5037287342","display_name":"Hossein Siadati","orcid":"https://orcid.org/0000-0002-5293-8450"},"institutions":[{"id":"https://openalex.org/I153901656","display_name":"University of North Carolina Wilmington","ror":"https://ror.org/02t0qr014","country_code":"US","type":"education","lineage":["https://openalex.org/I153901656"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hossein Siadati","raw_affiliation_strings":["UNCW,Computer Science Department,Wilmington,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"UNCW,Computer Science Department,Wilmington,USA","institution_ids":["https://openalex.org/I153901656"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007755477","display_name":"Sima Jafarikhah","orcid":null},"institutions":[{"id":"https://openalex.org/I153901656","display_name":"University of North Carolina Wilmington","ror":"https://ror.org/02t0qr014","country_code":"US","type":"education","lineage":["https://openalex.org/I153901656"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sima Jafarikhah","raw_affiliation_strings":["UNCW,Computer Science Department,Wilmington,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"UNCW,Computer Science Department,Wilmington,USA","institution_ids":["https://openalex.org/I153901656"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114131712","display_name":"E. Sahin","orcid":null},"institutions":[{"id":"https://openalex.org/I153901656","display_name":"University of North Carolina Wilmington","ror":"https://ror.org/02t0qr014","country_code":"US","type":"education","lineage":["https://openalex.org/I153901656"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Elif Sahin","raw_affiliation_strings":["UNCW,Computer Science Department,Wilmington,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"UNCW,Computer Science Department,Wilmington,USA","institution_ids":["https://openalex.org/I153901656"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111169553","display_name":"Terrence Hernandez","orcid":null},"institutions":[{"id":"https://openalex.org/I153901656","display_name":"University of North Carolina Wilmington","ror":"https://ror.org/02t0qr014","country_code":"US","type":"education","lineage":["https://openalex.org/I153901656"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Terrence Hernandez","raw_affiliation_strings":["UNCW,Computer Science Department,Wilmington,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"UNCW,Computer Science Department,Wilmington,USA","institution_ids":["https://openalex.org/I153901656"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5094040022","display_name":"Elijah Lorenzo Tripp","orcid":null},"institutions":[{"id":"https://openalex.org/I153901656","display_name":"University of North Carolina Wilmington","ror":"https://ror.org/02t0qr014","country_code":"US","type":"education","lineage":["https://openalex.org/I153901656"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Elijah Tripp","raw_affiliation_strings":["UNCW,Computer Science Department,Wilmington,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"UNCW,Computer Science Department,Wilmington,USA","institution_ids":["https://openalex.org/I153901656"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048050571","display_name":"Denis Khryashchev","orcid":"https://orcid.org/0000-0003-3755-9804"},"institutions":[{"id":"https://openalex.org/I57206974","display_name":"New York University","ror":"https://ror.org/0190ak572","country_code":"US","type":"education","lineage":["https://openalex.org/I57206974"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Denis Khryashchev","raw_affiliation_strings":["NYU,Computer Science Department,New York,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"NYU,Computer Science Department,New York,USA","institution_ids":["https://openalex.org/I57206974"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5069500419","display_name":"Amin Kharraz","orcid":null},"institutions":[{"id":"https://openalex.org/I19700959","display_name":"Florida International University","ror":"https://ror.org/02gz6gg07","country_code":"US","type":"education","lineage":["https://openalex.org/I19700959"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Amin Kharraz","raw_affiliation_strings":["Florida International University,School of Computing and Information Sciences,Florida,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Florida International University,School of Computing and Information Sciences,Florida,USA","institution_ids":["https://openalex.org/I19700959"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.7581,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.92481545,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"517","last_page":"523"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9825999736785889,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9825999736785889,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9164999723434448,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.6854277849197388},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6227568984031677},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5061575770378113},{"id":"https://openalex.org/keywords/social-software-engineering","display_name":"Social software engineering","score":0.502601146697998},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.4672897458076477},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.356256365776062},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.2991775870323181},{"id":"https://openalex.org/keywords/software-construction","display_name":"Software construction","score":0.2363910675048828},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.22102966904640198},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.14830854535102844}],"concepts":[{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.6854277849197388},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6227568984031677},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5061575770378113},{"id":"https://openalex.org/C182500959","wikidata":"https://www.wikidata.org/wiki/Q7551380","display_name":"Social software engineering","level":5,"score":0.502601146697998},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4672897458076477},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.356256365776062},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.2991775870323181},{"id":"https://openalex.org/C186846655","wikidata":"https://www.wikidata.org/wiki/Q3398377","display_name":"Software construction","level":4,"score":0.2363910675048828},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.22102966904640198},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.14830854535102844},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/uemcon62879.2024.10754708","is_oa":false,"landing_page_url":"https://doi.org/10.1109/uemcon62879.2024.10754708","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE 15th Annual Ubiquitous Computing, Electronics &amp;amp; Mobile Communication Conference (UEMCON)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5799999833106995,"id":"https://metadata.un.org/sdg/8","display_name":"Decent work and economic growth"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W403164","https://openalex.org/W2155198215","https://openalex.org/W2118172556","https://openalex.org/W2018198946","https://openalex.org/W2164098295","https://openalex.org/W4255517991","https://openalex.org/W2003157902","https://openalex.org/W2382994508","https://openalex.org/W239500853","https://openalex.org/W2276341165"],"abstract_inverted_index":{"The":[0],"Software":[1,45,86],"Supply":[2],"Chain":[3],"(SSC)":[4],"has":[5],"captured":[6],"considerable":[7],"attention":[8],"from":[9],"attackers":[10],"seeking":[11],"to":[12,65,72,84],"infiltrate":[13],"systems":[14],"and":[15,58,77,105,132],"undermine":[16],"organizations.":[17],"There":[18],"is":[19],"evidence":[20],"indicating":[21],"that":[22],"adversaries":[23,83],"utilize":[24],"Social":[25],"Engineering":[26],"(SocE)":[27],"techniques":[28],"specifically":[29],"aimed":[30],"at":[31,40],"software":[32],"developers.":[33],"That":[34],"is,":[35],"they":[36],"interact":[37],"with":[38],"developers":[39],"critical":[41],"steps":[42],"in":[43],"the":[44,75,108,119,122],"Development":[46],"Life":[47],"Cycle":[48],"(SDLC),":[49],"such":[50],"as":[51],"accessing":[52],"Github":[53],"repositories,":[54],"incorporating":[55],"code":[56],"dependencies,":[57],"obtaining":[59],"approval":[60],"for":[61,129],"Pull":[62],"Requests":[63],"(PR)":[64],"introduce":[66],"malicious":[67,91],"code.":[68],"This":[69],"paper":[70,109],"aims":[71],"comprehensively":[73],"explore":[74],"existing":[76],"emerging":[78],"SocE":[79],"tactics":[80],"employed":[81],"by":[82],"trick":[85],"Engineers":[87],"(SWEs)":[88],"into":[89],"delivering":[90],"software.":[92],"By":[93],"analyzing":[94],"a":[95],"diverse":[96],"range":[97],"of":[98,114,121],"resources,":[99],"which":[100],"encompass":[101],"established":[102],"academic":[103],"literature":[104],"real-world":[106],"incidents,":[107],"systematically":[110],"presents":[111],"an":[112],"overview":[113],"these":[115],"manipulative":[116],"strategies":[117],"within":[118],"realm":[120],"SSC.":[123],"Such":[124],"insights":[125],"prove":[126],"highly":[127],"beneficial":[128],"threat":[130],"modeling":[131],"security":[133],"gap":[134],"analysis.":[135]},"counts_by_year":[{"year":2025,"cited_by_count":4}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}