{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,4]],"date-time":"2025-07-04T05:17:57Z","timestamp":1751606277958,"version":"3.40.3"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030870065"},{"type":"electronic","value":"9783030870072"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-87007-2_21","type":"book-chapter","created":{"date-parts":[[2021,9,10]],"date-time":"2021-09-10T17:02:22Z","timestamp":1631293342000},"page":"289-305","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["A Self-adaptive Approach for Assessing the Criticality of Security-Related Static Analysis Alerts"],"prefix":"10.1007","author":[{"given":"Miltiadis","family":"Siavvas","sequence":"first","affiliation":[]},{"given":"Ilias","family":"Kalouptsoglou","sequence":"additional","affiliation":[]},{"given":"Dimitrios","family":"Tsoukalas","sequence":"additional","affiliation":[]},{"given":"Dionysios","family":"Kehagias","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,9,11]]},"reference":[{"issue":"1","key":"21_CR1","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1016\/S1353-4858(18)30005-9","volume":"2018","author":"J Luszcz","year":"2018","unstructured":"Luszcz, J.: Apache struts 2: how technical and development gaps caused the equifax breach. Netw. Secur. 2018(1), 5\u20138 (2018)","journal-title":"Netw. Secur."},{"key":"21_CR2","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"142","DOI":"10.1007\/978-3-319-95189-8_13","volume-title":"Security in Computer and Information Sciences","author":"M Siavvas","year":"2018","unstructured":"Siavvas, M., Gelenbe, E., Kehagias, D., Tzovaras, D.: Static analysis-based approaches for secure software development. In: Gelenbe, E., et al. (eds.) Euro-CYBERSEC 2018. CCIS, vol. 821, pp. 142\u2013157. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-95189-8_13"},{"key":"21_CR3","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1016\/j.csi.2016.10.001","volume":"50","author":"NM Mohammed","year":"2016","unstructured":"Mohammed, N.M., Niazi, M., Alshayeb, M., Mahmood, S.: Exploring software security approaches in software development lifecycle: a systematic mapping study. Comp. Stand. Interf. 50, 107\u2013115 (2016)","journal-title":"Comp. Stand. Interf."},{"key":"21_CR4","doi-asserted-by":"crossref","unstructured":"Baca, D.: Identifying security relevant warnings from static code analysis tools through code tainting. In: 2010 International Conference on Availability, Reliability and Security, pp. 386\u2013390. IEEE (2010)","DOI":"10.1109\/ARES.2010.108"},{"key":"21_CR5","unstructured":"Yang, J., Ryu, D., Baik, J.: Improving vulnerability prediction accuracy with secure coding standard violation measures. In: 2016 International Conference on Big Data and Smart Computing (BigComp), pp. 115\u2013122. IEEE (2016)"},{"key":"21_CR6","doi-asserted-by":"crossref","unstructured":"McGraw, G.: Software security. Datenschutz und Datensicherheit - DuD (2012)","DOI":"10.1007\/s11623-012-0222-3"},{"key":"21_CR7","unstructured":"Howard, M., Lipner, S.: The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software. Microsoft Press (2006)"},{"key":"21_CR8","doi-asserted-by":"crossref","unstructured":"Johnson, B., Song, Y., Murphy-Hill, E., Bowdidge, R.: Why don\u2019t software developers use static analysis tools to find bugs? In: 2013 35th International Conference on Software Engineering (ICSE), pp. 672\u2013681. IEEE (2013)","DOI":"10.1109\/ICSE.2013.6606613"},{"issue":"2","key":"21_CR9","doi-asserted-by":"publisher","first-page":"1419","DOI":"10.1007\/s10664-019-09750-5","volume":"25","author":"C Vassallo","year":"2019","unstructured":"Vassallo, C., Panichella, S., Palomba, F., Proksch, S., Gall, H.C., Zaidman, A.: How developers engage with static analysis tools in different contexts. Empirical Softw. Eng. 25(2), 1419\u20131457 (2019). https:\/\/doi.org\/10.1007\/s10664-019-09750-5","journal-title":"Empirical Softw. Eng."},{"key":"21_CR10","doi-asserted-by":"crossref","unstructured":"Muske, T., Serebrenik, A.: Survey of approaches for handling static analysis alarms. In: 2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM). pp. 157\u2013166. IEEE (2016)","DOI":"10.1109\/SCAM.2016.25"},{"key":"21_CR11","doi-asserted-by":"crossref","unstructured":"Heckman, S., Williams, L.: A systematic literature review of actionable alert identification techniques for automated static code analysis. Inf. and Soft, Tech (2011)","DOI":"10.1016\/j.infsof.2010.12.007"},{"key":"21_CR12","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/s10664-021-09948-6","volume":"26","author":"X Yang","year":"2021","unstructured":"Yang, X., Chen, J., Yedida, R., Yu, Z., Menzies, T.: Learning to recognize actionable static code warnings. Empirical Softw. Eng. 26, 56 (2021). https:\/\/doi.org\/10.1007\/s10664-021-09948-6","journal-title":"Empirical Softw. Eng."},{"issue":"3","key":"21_CR13","doi-asserted-by":"publisher","first-page":"1305","DOI":"10.1007\/s10664-016-9447-3","volume":"22","author":"N Munaiah","year":"2017","unstructured":"Munaiah, N., Camilo, F., Wigham, W., Meneely, A., Nagappan, M.: Do bugs foreshadow vulnerabilities? An in-depth study of the chromium project. Empirical Softw. Eng. 22(3), 1305\u20131347 (2017)","journal-title":"Empirical Softw. Eng."},{"key":"21_CR14","doi-asserted-by":"crossref","unstructured":"Heckman, S., Williams, L.: A comparative evaluation of static analysis actionable alert identification techniques. In: Proceedings of the 9th International Conference on Predictive Models in Software Engineering, pp. 1\u201310 (2013)","DOI":"10.1145\/2499393.2499399"},{"key":"21_CR15","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"727","DOI":"10.1007\/978-3-030-69143-1_55","volume-title":"Information and Communication Technology and Applications","author":"S Misra","year":"2021","unstructured":"Misra, S.: A step by step guide for choosing project topics and writing research papers in ICT related disciplines. In: ICTA 2020. CCIS, vol. 1350, pp. 727\u2013744. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-69143-1_55"},{"key":"21_CR16","doi-asserted-by":"crossref","unstructured":"Heckman, S., Williams, L.: A model building process for identifying actionable static analysis alerts. In: 2009 International Conference on Software Testing Verification and Validation, pp. 161\u2013170 (2009)","DOI":"10.1109\/ICST.2009.45"},{"key":"21_CR17","doi-asserted-by":"crossref","unstructured":"Heckman, S.S.: Adaptively ranking alerts generated from automated static analysis. XRDS: Crossroads. ACM Mag. Stud. 14(1), 1\u201311 (2007)","DOI":"10.1145\/1349332.1349339"},{"key":"21_CR18","doi-asserted-by":"crossref","unstructured":"Ruthruff, J.R., Penix, J., Morgenthaler, J.D., Elbaum, S., Rothermel, G.: Predicting accurate and actionable static analysis warnings: an experimental approach. In: Proceedings of the 30th International Conference on Software Engineering. ICSE 2008. Association for Computing Machinery, New York, pp. 341\u2013350 (2008)","DOI":"10.1145\/1368088.1368135"},{"key":"21_CR19","doi-asserted-by":"crossref","unstructured":"Kremenek, T., Ashcraft, K., Yang, J., Engler, D.: Correlation exploitation in error ranking. In: Proceedings of the 12th ACM SIGSOFT Twelfth International Symposium on Foundations of Software Engineering. SIGSOFT 2004\/FSE-12. Association for Computing Machinery, New York, pp. 83\u201393 (2004)","DOI":"10.1145\/1029894.1029909"},{"key":"21_CR20","doi-asserted-by":"crossref","unstructured":"Tripp, O., Guarnieri, S., Pistoia, M., Aravkin, A.: ALETHEIA: improving the usability of static security analysis. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014)","DOI":"10.1145\/2660267.2660339"},{"key":"21_CR21","doi-asserted-by":"crossref","unstructured":"Heckman, S., Williams, L.: On establishing a benchmark for evaluating static analysis alert prioritization and classification techniques. In: 2nd International Symposium on Empirical Software Engineering and Measurement (2008)","DOI":"10.1145\/1414004.1414013"},{"key":"21_CR22","doi-asserted-by":"crossref","unstructured":"Younis, A.A., Malaiya, Y.K., Ray, I.: Using attack surface entry points and reachability analysis to assess the risk of software vulnerability exploitability. In: 15th International Symposium on High-Assurance Systems Engineering (2014)","DOI":"10.1109\/HASE.2014.10"},{"key":"21_CR23","doi-asserted-by":"crossref","unstructured":"Younis, A.A., Malaiya, Y.K.: Using software structure to predict vulnerability exploitation potential. In: 8th International Conference on Software Security and Reliability-Companion, pp. 13\u201318 (2014)","DOI":"10.1109\/SERE-C.2014.17"},{"issue":"2","key":"21_CR24","doi-asserted-by":"publisher","first-page":"431","DOI":"10.1007\/s11219-021-09555-0","volume":"29","author":"M Siavvas","year":"2021","unstructured":"Siavvas, M., Kehagias, D., Tzovaras, D., Gelenbe, E.: A hierarchical model for quantifying software security based on static analysis alerts and software metrics. Softw. Qual. J. 29(2), 431\u2013507 (2021). https:\/\/doi.org\/10.1007\/s11219-021-09555-0","journal-title":"Softw. Qual. J."},{"key":"21_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"877","DOI":"10.1007\/978-3-030-58811-3_62","volume-title":"Computational Science and Its Applications \u2013 ICCSA 2020","author":"I Kalouptsoglou","year":"2020","unstructured":"Kalouptsoglou, I., Siavvas, M., Tsoukalas, D., Kehagias, D.: Cross-project vulnerability prediction based on software metrics and deep learning. In: Gervasi, O., et al. (eds.) ICCSA 2020. LNCS, vol. 12252, pp. 877\u2013893. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-58811-3_62"},{"key":"21_CR26","doi-asserted-by":"crossref","unstructured":"Filus, K., Siavvas, M., Doma\u0144ska, J., Gelenbe, E.: The random neural network as a bonding model for software vulnerability prediction. In: Modelling, Analysis, and Simulation of Computer and Telecommunication Systems (2021)","DOI":"10.1007\/978-3-030-68110-4_7"},{"issue":"4","key":"21_CR27","doi-asserted-by":"publisher","first-page":"1133","DOI":"10.3390\/s21041133","volume":"21","author":"K Filus","year":"2021","unstructured":"Filus, K., Boryszko, P., Doma\u0144ska, J., Siavvas, M., Gelenbe, E.: Efficient feature selection for static analysis vulnerability prediction. Sensors 21(4), 1133 (2021)","journal-title":"Sensors"},{"key":"21_CR28","doi-asserted-by":"publisher","first-page":"350","DOI":"10.1016\/j.eswa.2017.05.060","volume":"86","author":"MG Siavvas","year":"2017","unstructured":"Siavvas, M.G., Chatzidimitriou, K.C., Symeonidis, A.L.: QATCH-an adaptive framework for software product quality assessment. Expert Syst. Appl. 86, 350\u2013366 (2017)","journal-title":"Expert Syst. Appl."},{"key":"21_CR29","doi-asserted-by":"crossref","unstructured":"Siavvas, M., Kehagias, D., Tzovaras, D.: A preliminary study on the relationship among software metrics and specific vulnerability types. In: 2017 International Conference on Computational Science and Computational Intelligence (2017)","DOI":"10.1109\/CSCI.2017.159"},{"key":"21_CR30","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1007\/978-3-319-67642-5_22","volume-title":"Information and Software Technologies","author":"C Mateos","year":"2017","unstructured":"Mateos, C., Zunino, A., Misra, S., Anabalon, D., Flores, A.: Migration from COBOL to SOA: measuring the impact on web services interfaces complexity. In: Dama\u0161evi\u010dius, R., Mika\u0161yt\u0117, V. (eds.) ICIST 2017. CCIS, vol. 756, pp. 266\u2013279. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-67642-5_22"},{"key":"21_CR31","first-page":"71","volume":"48","author":"C Mateos","year":"2019","unstructured":"Mateos, C., Zunino, A., Flores, A., Misra, S.: Cobol systems migration to SOA: assessing antipatterns and complexity. Inf. Technol. Control 48, 71\u201389 (2019)","journal-title":"Inf. Technol. Control"}],"container-title":["Lecture Notes in Computer Science","Computational Science and Its Applications \u2013 ICCSA 2021"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-87007-2_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,9,10]],"date-time":"2021-09-10T17:06:53Z","timestamp":1631293613000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-87007-2_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030870065","9783030870072"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-87007-2_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"11 September 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICCSA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Computational Science and Its Applications","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cagliari","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 September 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 September 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iccsa2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/iccsa.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Customed version of CyberChair 4","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1588","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"466","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"18","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"29% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2,5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}