{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,28]],"date-time":"2025-08-28T12:02:39Z","timestamp":1756382559053,"version":"3.40.3"},"publisher-location":"Cham","reference-count":16,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031575365"},{"type":"electronic","value":"9783031575372"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-57537-2_13","type":"book-chapter","created":{"date-parts":[[2024,4,24]],"date-time":"2024-04-24T19:02:38Z","timestamp":1713985358000},"page":"208-218","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Analysis of\u00a0Cryptographic CVEs: Lessons Learned and\u00a0Perspectives"],"prefix":"10.1007","author":[{"given":"Rapha\u00ebl","family":"Khoury","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"J\u00e9r\u00e9my","family":"Bolduc","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jason","family":"Lafreni\u00e8re-Nickopoulos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abdel-Gany","family":"Odedele","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,4,25]]},"reference":[{"key":"13_CR1","unstructured":"How to ensure javascript code quality. deepscan. https:\/\/deepscan.io\/"},{"key":"13_CR2","unstructured":"Welcome to bandit - bandit documentation. https:\/\/bandit.readthedocs.io\/en\/latest\/"},{"key":"13_CR3","unstructured":"Blessing, J., Specter, M.A., Weitzner, D.J.: You really shouldn\u2019t roll your own crypto: An empirical study of vulnerabilities in cryptographic libraries. arXiv preprint arXiv:2107.04940 (2021)"},{"key":"13_CR4","unstructured":"Blochberger, M., Petersen, T., Federrath, H.: Mitigating cryptographic mistakes by design. Mensch und Computer 2019-Workshopband (2019)"},{"key":"13_CR5","doi-asserted-by":"publisher","unstructured":"Checkoway, S., Maskiewicz, J., Garman, C., Fried, J., Cohney, S., Green, M., Heninger, N., Weinmann, R.P., Rescorla, E., Shacham, H.: A systematic analysis of the juniper dual ec incident. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 468-479. Association for Computing Machinery, New York(2016). https:\/\/doi.org\/10.1145\/2976749.2978395, https:\/\/doi.org\/10.1145\/2976749.2978395","DOI":"10.1145\/2976749.2978395"},{"key":"13_CR6","doi-asserted-by":"crossref","unstructured":"Durumeric, Z., et\u00a0al.: The matter of heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, pp. 475\u2013488 (2014)","DOI":"10.1145\/2663716.2663755"},{"key":"13_CR7","doi-asserted-by":"publisher","unstructured":"Fischer, F., et al.: Stack overflow considered harmful? the impact of copy &paste on android application security. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 121\u2013136 (2017). https:\/\/doi.org\/10.1109\/SP.2017.31","DOI":"10.1109\/SP.2017.31"},{"key":"13_CR8","unstructured":"Honnef, D.: staticcheck-action: Staticcheck\u2019s official github. https:\/\/github.com\/dominikh\/staticcheck-action"},{"key":"13_CR9","doi-asserted-by":"publisher","unstructured":"Jacobs, J., Romanosky, S., Adjerid, I., Baker, W.: Improving vulnerability remediation through better exploit prediction. J. Cybersec. 6(1) (2020). https:\/\/doi.org\/10.1093\/cybsec\/tyaa015","DOI":"10.1093\/cybsec\/tyaa015"},{"key":"13_CR10","doi-asserted-by":"publisher","unstructured":") Khoury, R., Vignau, B., Hall\u00e9, S., Hamou-Lhadj, A., Razgallah, A.: An analysis of the use of CVEs by IoT malware. In: 13th International Symposium -Foundations and Practice of Security, FPS 2020, Montreal, Canada, 1-3 Dec, pp. 47\u201362 (2020). https:\/\/doi.org\/10.1007\/978-3-030-70881-8_4","DOI":"10.1007\/978-3-030-70881-8_4"},{"issue":"11","key":"13_CR11","doi-asserted-by":"publisher","first-page":"2382","DOI":"10.1109\/TSE.2019.2948910","volume":"47","author":"S Kr\u00fcger","year":"2021","unstructured":"Kr\u00fcger, S., Sp\u00e4th, J., Ali, K., Bodden, E., Mezini, M.: Crysl: an extensible approach to validating the correct usage of cryptographic APIs. IEEE Trans. Software Eng. 47(11), 2382\u20132400 (2021). https:\/\/doi.org\/10.1109\/TSE.2019.2948910","journal-title":"IEEE Trans. Software Eng."},{"key":"13_CR12","unstructured":"Nccgroup: Nccgroup\/vcg: Visualcodegrepper - code security scanning tool. https:\/\/github.com\/nccgroup\/VCG"},{"key":"13_CR13","doi-asserted-by":"publisher","unstructured":"Piccolboni, L., Guglielmo, G.D., Carloni, L.P., Sethumadhavan, S.: Crylogger: detecting crypto misuses dynamically. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 1972\u20131989 (2021). https:\/\/doi.org\/10.1109\/SP40001.2021.00010","DOI":"10.1109\/SP40001.2021.00010"},{"key":"13_CR14","doi-asserted-by":"publisher","unstructured":"Rahaman, S., et al.: Cryptoguard: high precision detection of cryptographic vulnerabilities in massive-sized java projects. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, pp. 2455-2472. Association for Computing Machinery, New York (2019). https:\/\/doi.org\/10.1145\/3319535.3345659, https:\/\/doi.org\/10.1145\/3319535.3345659","DOI":"10.1145\/3319535.3345659"},{"issue":"9","key":"13_CR15","doi-asserted-by":"publisher","first-page":"1278","DOI":"10.1109\/PROC.1975.9939","volume":"63","author":"JH Saltzer","year":"1975","unstructured":"Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proc. IEEE 63(9), 1278\u20131308 (1975)","journal-title":"Proc. IEEE"},{"key":"13_CR16","doi-asserted-by":"publisher","unstructured":"Torres, A., et al.: Runtime verification of crypto apis: an empirical study. IEEE Trans. Softw. Eng. 1\u201316 (2023). https:\/\/doi.org\/10.1109\/TSE.2023.3301660","DOI":"10.1109\/TSE.2023.3301660"}],"container-title":["Lecture Notes in Computer Science","Foundations and Practice of Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-57537-2_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,4,24]],"date-time":"2024-04-24T19:04:22Z","timestamp":1713985462000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-57537-2_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031575365","9783031575372"],"references-count":16,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-57537-2_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"25 April 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FPS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Foundations and Practice of Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bordeaux","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 December 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 December 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fps2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.fps-2023.com\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"80","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"34% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}