{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T20:21:58Z","timestamp":1760300518660,"version":"3.40.3"},"publisher-location":"Cham","reference-count":46,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030657444"},{"type":"electronic","value":"9783030657451"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-65745-1_13","type":"book-chapter","created":{"date-parts":[[2020,12,18]],"date-time":"2020-12-18T08:03:25Z","timestamp":1608278605000},"page":"224-244","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Fixing Vulnerabilities Automatically with Linters"],"prefix":"10.1007","author":[{"given":"Willard","family":"Rafnsson","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rosario","family":"Giustolisi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mark","family":"Kragerup","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mathias","family":"H\u00f8yrup","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,12,19]]},"reference":[{"key":"13_CR1","unstructured":"Cpplint (2009). https:\/\/github.com\/cpplint\/cpplint\/"},{"key":"13_CR2","unstructured":"Spotbugs (2017). https:\/\/spotbugs.github.io\/"},{"key":"13_CR3","unstructured":"Gosec - golang security checker (2018). https:\/\/github.com\/securego\/gosec"},{"key":"13_CR4","unstructured":"Bandit (2019). https:\/\/github.com\/PyCQA\/bandit"},{"key":"13_CR5","unstructured":"Arteau, P.: Find security bugs (2012). https:\/\/find-sec-bugs.github.io"},{"issue":"5","key":"13_CR6","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1109\/MS.2008.130","volume":"25","author":"N Ayewah","year":"2008","unstructured":"Ayewah, N., Hovemeyer, D., Morgenthaler, J.D., Penix, J., Pugh, W.: Using static analysis to find bugs. IEEE Softw. 25(5), 22\u201329 (2008)","journal-title":"IEEE Softw."},{"key":"13_CR7","doi-asserted-by":"crossref","unstructured":"Ball, T., et al.: Thorough static analysis of device drivers. In: Proceedings of the 2006 EuroSys Conference, Leuven, Belgium, 18\u201321 April 2006, pp. 73\u201385. ACM (2006)","DOI":"10.1145\/1217935.1217943"},{"issue":"2","key":"13_CR8","doi-asserted-by":"publisher","first-page":"66","DOI":"10.1145\/1646353.1646374","volume":"53","author":"A Bessey","year":"2010","unstructured":"Bessey, A., et al.: A few billion lines of code later: using static analysis to find bugs in the real world. Commun. ACM 53(2), 66\u201375 (2010)","journal-title":"Commun. ACM"},{"key":"13_CR9","unstructured":"Brat, G., Klemm, R.: Static analysis of the mars exploration rover flight software. In: Proceedings of the First International Space Mission Challenges for Information Technology, pp. 321\u2013326 (2003)"},{"key":"13_CR10","doi-asserted-by":"crossref","unstructured":"Calcagno, C., Distefano, D., O\u2019Hearn, P.W., Yang, H.: Compositional shape analysis by means of bi-abduction. In: Proceedings of the 36th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2009, Savannah, GA, USA, 21\u201323 January 2009, pp. 289\u2013300. ACM (2009)","DOI":"10.1145\/1480881.1480917"},{"issue":"6","key":"13_CR11","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1109\/MSP.2004.111","volume":"2","author":"B Chess","year":"2004","unstructured":"Chess, B., McGraw, G.: Static analysis for security. IEEE Secur. Priv. 2(6), 76\u201379 (2004)","journal-title":"IEEE Secur. Priv."},{"key":"13_CR12","unstructured":"Crockford, D.: Jslint (2002). https:\/\/www.jslint.com\/"},{"key":"13_CR13","doi-asserted-by":"crossref","unstructured":"Ernst, M.D.: Invited talk: static and dynamic analysis: synergy and duality. In: Proceedings of the 2004 ACM SIGPLAN-SIGSOFT Workshop on Program Analysis For Software Tools and Engineering, PASTE 2004, Washington, DC, USA, 7\u20138 June 2004, p. 35. ACM (2004)","DOI":"10.1145\/996821.996823"},{"issue":"1","key":"13_CR14","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1109\/52.976940","volume":"19","author":"D Evans","year":"2002","unstructured":"Evans, D., Larochelle, D.: Improving security using extensible lightweight static analysis. IEEE Softw. 19(1), 42\u201351 (2002)","journal-title":"IEEE Softw."},{"key":"13_CR15","unstructured":"Feldman, M.B.: Who\u2019s using ADA? real-world projects powered by the ADA programming language, November 2014 (2014). https:\/\/www2.seas.gwu.edu\/~mfeldman\/ada-project-summary.html"},{"key":"13_CR16","unstructured":"Guarnieri, S., Livshits, V.B.: GATEKEEPER: mostly static enforcement of security and reliability policies for JavaScript code. In: 18th USENIX Security Symposium, Montreal, Canada, 10\u201314 August 2009, Proceedings, pp. 151\u2013168. USENIX Association (2009)"},{"key":"13_CR17","doi-asserted-by":"crossref","unstructured":"Guarnieri, S., Pistoia, M., Tripp, O., Dolby, J., Teilhet, S., Berg, R.: Saving the world wide web from vulnerable JavaScript. In: Proceedings of the 20th International Symposium on Software Testing and Analysis, ISSTA 2011, Toronto, ON, Canada, 17\u201321 July 2011, pp. 177\u2013187. ACM (2011)","DOI":"10.1145\/2001420.2001442"},{"key":"13_CR18","doi-asserted-by":"publisher","unstructured":"Guha, A., Saftoiu, C., Krishnamurthi, S.: The essence of JavaScript. In: D\u2019Hondt T. (ed.) ECOOP 2010 - Object-Oriented Programming, 24th European Conference, Maribor, Slovenia, 21\u201325 June 2010. Proceedings. LNCS, vol. 6183, pp. 126\u2013150. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14107-2_7","DOI":"10.1007\/978-3-642-14107-2_7"},{"key":"13_CR19","unstructured":"Hahn, E.: Helmet (2012). https:\/\/helmetjs.github.io\/"},{"key":"13_CR20","unstructured":"Henry, J.: Typescript eslint parser (2019). https:\/\/www.npmjs.com\/package\/@typescript-eslint\/parser"},{"key":"13_CR21","unstructured":"Inc., F.: React (2013). https:\/\/reactjs.org\/"},{"key":"13_CR22","doi-asserted-by":"crossref","unstructured":"Johnson, B., Song, Y., Murphy-Hill, E.R., Bowdidge, R.W.: Why don\u2019t software developers use static analysis tools to find bugs? In: 35th International Conference on Software Engineering, ICSE 2013, San Francisco, CA, USA, 18\u201326 May 2013, pp. 672\u2013681. IEEE Computer Society (2013)","DOI":"10.1109\/ICSE.2013.6606613"},{"key":"13_CR23","unstructured":"Johnson, P.: 11 software bugs that took way too long to meet their maker (2015). CSO, From IDG Communications. https:\/\/www.csoonline.com\/article\/3404334\/11-software-bugs-that-took-way-too-long-to-meet-their-maker.html"},{"key":"13_CR24","volume-title":"Lint, A C Program Checker","author":"SC Johnson","year":"1977","unstructured":"Johnson, S.C.: Lint, A C Program Checker. Bell Telephone Laboratories, New Providence (1977)"},{"key":"13_CR25","doi-asserted-by":"publisher","first-page":"2023","DOI":"10.1016\/j.procs.2020.04.217","volume":"171","author":"A Kaur","year":"2020","unstructured":"Kaur, A., Nayyar, R.: A comparative study of static code analysis tools for vulnerability detection in C\/C++ and Java source code. Proc. Comput. Sci. 171, 2023\u20132029 (2020)","journal-title":"Proc. Comput. Sci."},{"key":"13_CR26","unstructured":"Kein\u00e4nen, M.: Creation of a web service using the MERN stack (2018)"},{"key":"13_CR27","unstructured":"Kovalyov, A.: Jshint (2011). https:\/\/www.jshint.com\/. Accessed 25 Jun 2020"},{"key":"13_CR28","doi-asserted-by":"crossref","unstructured":"Meyerovich, L.A., Livshits, V.B.: Conscript: specifying and enforcing fine-grained security policies for JavaScript in the browser. In: 31st IEEE Symposium on Security and Privacy, S&P 2010, 16\u201319 May 2010, Berleley\/Oakland, California, USA, pp. 481\u2013496. IEEE Computer Society (2010)","DOI":"10.1109\/SP.2010.36"},{"key":"13_CR29","doi-asserted-by":"crossref","unstructured":"Mitchell, J.C.: Programming language methods in computer security. In: Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2001, London, UK, 17\u201319 January 2001. ACM (2001)","DOI":"10.1145\/360204.360205"},{"key":"13_CR30","unstructured":"OWASP Foundation: OWASP Top Ten (2017)"},{"key":"13_CR31","unstructured":"OWASP Foundation: source code analysis tools (2020). https:\/\/owasp.org\/www-community\/Source_Code_Analysis_Tools"},{"issue":"2","key":"13_CR32","doi-asserted-by":"publisher","first-page":"358","DOI":"10.1090\/S0002-9947-1953-0053041-6","volume":"74","author":"HG Rice","year":"1953","unstructured":"Rice, H.G.: Classes of recursively enumerable sets and their decision problems. Trans. Am. Math. Soc. 74(2), 358\u2013366 (1953)","journal-title":"Trans. Am. Math. Soc."},{"issue":"4","key":"13_CR33","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1145\/3188720","volume":"61","author":"C Sadowski","year":"2018","unstructured":"Sadowski, C., Aftandilian, E., Eagle, A., Miller-Cushon, L., Jaspan, C.: Lessons from building static analysis tools at google. Commun. ACM 61(4), 58\u201366 (2018)","journal-title":"Commun. ACM"},{"key":"13_CR34","unstructured":"Sharipov, I.: Ruleguard: dynamic inspection rules for Go (2020). https:\/\/quasilyte.dev\/blog\/post\/ruleguard\/"},{"key":"13_CR35","unstructured":"SonarSource: Sonarlint (2008). https:\/\/www.sonarlint.org\/"},{"key":"13_CR36","unstructured":"Stack Exchange Inc.: Stack overflow developer survey (2020)"},{"key":"13_CR37","unstructured":"StrongLoop: Express (2010). https:\/\/expressjs.com\/"},{"key":"13_CR38","unstructured":"Team, E.: Espree (2014). https:\/\/github.com\/eslint\/espree"},{"key":"13_CR39","unstructured":"Team, E.: Eslint: contributing new rules (2020). https:\/\/eslint.org\/docs\/developer-guide\/contributing\/new-rules"},{"key":"13_CR40","unstructured":"T\u00f3masd\u00f3ttir, K.F., Aniche, M., Van Deursen, A.: The adoption of JavaScript linters in practice: a case study on ESLint. IEEE Trans. Softw. Eng. 46, 863 - 891 (2018)"},{"key":"13_CR41","unstructured":"VeraCode: State of software security: Open source edition (2020)"},{"key":"13_CR42","unstructured":"Voss, L.: NPM and the future of Javascript (2018). https:\/\/slides.com\/seldo\/npm-and-the-future-of-javascript\/. invited talk at JSConf US 2018"},{"key":"13_CR43","doi-asserted-by":"crossref","unstructured":"Wedyan, F., Alrmuny, D., Bieman, J.M.: The effectiveness of automated static analysis tools for fault detection and refactoring prediction. In: Second International Conference on Software Testing Verification and Validation, ICST 2009, Denver, Colorado, USA, 1\u20134 April 2009, pp. 141\u2013150. IEEE Computer Society (2009)","DOI":"10.1109\/ICST.2009.21"},{"key":"13_CR44","unstructured":"Wheeler, D.: Flawfinder (2001). https:\/\/dwheeler.com\/flawfinder\/"},{"issue":"6","key":"13_CR45","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1109\/MSECP.2003.1253571","volume":"1","author":"JM Wing","year":"2003","unstructured":"Wing, J.M.: A call to action: look beyond the horizon. IEEE Secur. Priv. 1(6), 62\u201367 (2003)","journal-title":"IEEE Secur. Priv."},{"key":"13_CR46","unstructured":"Zakas, N.C.: Eslint (2013). https:\/\/eslint.org\/"}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-65745-1_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,12,18]],"date-time":"2020-12-18T08:44:02Z","timestamp":1608281042000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-65745-1_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030657444","9783030657451"],"references-count":46,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-65745-1_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"19 December 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NSS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Network and System Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Melbourne, VIC","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Australia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 November 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 November 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nss2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/nss2020\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"60","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"17","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4,2","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2,75","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Due to the Corona pandemic the event was held virtually.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}