{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T07:10:20Z","timestamp":1764573020927,"version":"3.46.0"},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2025,11,4]],"date-time":"2025-11-04T00:00:00Z","timestamp":1762214400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,11,4]],"date-time":"2025-11-04T00:00:00Z","timestamp":1762214400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100003710","name":"Korea Health Industry Development Institute","doi-asserted-by":"publisher","award":["HI23C0733"],"award-info":[{"award-number":["HI23C0733"]}],"id":[{"id":"10.13039\/501100003710","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,12]]},"DOI":"10.1007\/s10207-025-01148-3","type":"journal-article","created":{"date-parts":[[2025,11,4]],"date-time":"2025-11-04T16:36:08Z","timestamp":1762274168000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A cross-language and cross-binary type approach to binary-source software composition analysis using BM25"],"prefix":"10.1007","volume":"24","author":[{"given":"Jong-Wouk","family":"Kim","sequence":"first","affiliation":[]},{"given":"Mi-Jung","family":"Choi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,11,4]]},"reference":[{"doi-asserted-by":"crossref","unstructured":"Dong, C., Li, S., Yang, S., Xiao, Y., Wang, Y., Li, H., Li, Z., Sun, L.: LibcDiff: library version detection difference guided OSS version identification in binaries. In: Proc. of the 46th IEEE\/ACM International Conference on Software Engineering, pp. 1\u201312. Lisbon, Portugal (2024)","key":"1148_CR1","DOI":"10.1145\/3597503.3623336"},{"unstructured":"Forrester, [Online] Available: https:\/\/www.forrester.com\/report\/the-forrester-wave-tm-software-composition-analysis-software-q4-2024\/RES181655 (2024). Accessed on Dec 2024","key":"1148_CR2"},{"unstructured":"Gartner, [Online] Available: https:\/\/www.gartner.com\/en\/documents\/3989235 (2024). Accessed on Dec 2024","key":"1148_CR3"},{"unstructured":"OpenLogic, [Online] Available: https:\/\/www.openlogic.com\/sites\/default\/files\/pdfs\/report-ol-state-of-oss-2024.pdf (2024). Accessed on Dec 2024","key":"1148_CR4"},{"unstructured":"Statista, [Online] Available: https:\/\/www.statista.com\/statistics\/1245670\/worldwide-open-source-software-vulnerabilities (2024). Accessed on Dec 2024","key":"1148_CR5"},{"unstructured":"Woo, S., Lee, D., Park, S., Lee, H.: V0Findere: discovering the correct origin of publicly reported software vulnerabilities. In: Proc. of the 30th USENIX Security Symposium, pp. 3041\u20133058. Vancouver, Canada (2021)","key":"1148_CR6"},{"issue":"2","key":"1148_CR7","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3625294","volume":"33","author":"S Li","year":"2023","unstructured":"Li, S., Wang, Y., Dong, C., Yang, S., Li, H., Sun, H., Lang, Z., Chen, Z., Wang, W., Zhu, H., Sun, L.: LibAM: an area matching framework for detecting third-party libraries in binaries. ACM Trans. Softw. Eng. Methodol. 33(2), 1\u201335 (2023)","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"doi-asserted-by":"crossref","unstructured":"Liu, C., Chen, S., Fan, L., Chen, B., Liu, Y., Peng, X.: Demystifying the vulnerability propagation and its evolution via dependency trees in the NPM ecosystem. In: Proc. of the 2022 IEEE\/ACM 44th International Conference on Software Engineering, pp. 672\u2013684. Pittsburgh, USA (2022)","key":"1148_CR8","DOI":"10.1145\/3510003.3510142"},{"doi-asserted-by":"crossref","unstructured":"Jiang, L., An, J., Huang, H., Tang, Q., Nie, S., Wu, S., Zhang, Y.: BinaryAI: binary software composition analysis via intelligent binary source code matching. In: Proc. of the 2024 IEEE\/ACM 46th International Conference on Software Engineering, pp. 2771\u20132783. Lisbon, Portugal (2024)","key":"1148_CR9","DOI":"10.1145\/3597503.3639100"},{"doi-asserted-by":"crossref","unstructured":"Bhandari, G., Naseer, A., Moonen, L.: CVEfixes: automated collection of vulnerabilities and their fixes from open-source software. In: Proc. of the 17th International Conference on Predictive Models and Data Analytics in Software Engineering, pp. 30\u201339. Athens, Greece (2021)","key":"1148_CR10","DOI":"10.1145\/3475960.3475985"},{"doi-asserted-by":"crossref","unstructured":"Wu, J., Xu, Z., Tang, W., Zhang, L., Wu, Y., Liu, C.: OSSFP: precise and scalable C\/C++ third-party library deteection using fingerprinting functions. In: Proc. of the 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE), pp. 270\u2013282. Melborune, Austraila (2023)","key":"1148_CR11","DOI":"10.1109\/ICSE48619.2023.00034"},{"issue":"7","key":"1148_CR12","doi-asserted-by":"publisher","first-page":"654","DOI":"10.1109\/TSE.2002.1019480","volume":"28","author":"T Kamiya","year":"2002","unstructured":"Kamiya, T., Kusumoto, S., Inoue, K.: CCfinder: a multilinguistic token-based code clone detection system for large scale source code. IEEE Trans. Softw. Eng. 28(7), 654\u2013670 (2002)","journal-title":"IEEE Trans. Softw. Eng."},{"doi-asserted-by":"crossref","unstructured":"Jiang, L., Misherghi, G., Su, Z., Glondu, S.: Deckard: scalable and accurate tree-based detection of code clones. In Proc. of the 29th International Conference on Software Engineering, pp. 96\u2013105. Minneapolis, USA, (2007)","key":"1148_CR13","DOI":"10.1109\/ICSE.2007.30"},{"doi-asserted-by":"crossref","unstructured":"Yuan, Z., Feng, M., Li, F., Ban, G., Xiao, Y., Wang, S.: B2SFinder: detecting open-source software reuse in COTS software. In: Proc. of the 34th IEEE\/ACM International Conference On Automated Software Engineering, pp. 1038\u20131049. San Diego, CA, USA, (2019)","key":"1148_CR14","DOI":"10.1109\/ASE.2019.00100"},{"doi-asserted-by":"crossref","unstructured":"Zhan, X., Fan, L., Chen, S., Wu, F., Liu, T., Luo, X., Liu, Y.: ATVHunter: reliable version detection of third-party libraries for vulnerability identification in Android applications. In: Proc. of the 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE), pp. 1695\u20131707. Madrid, Spain (2021)","key":"1148_CR15","DOI":"10.1109\/ICSE43902.2021.00150"},{"doi-asserted-by":"crossref","unstructured":"Jiang, L., Yuan, H., Tang, Q., Nie, S., Wu, S., Zhang, Y.: Third-party library dependency for large-scale SCA in the C\/C++ ecosystem: how far are we?. In: Proc. of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, Seattle, pp. 1383\u20131395. WA, USA (2023)","key":"1148_CR16","DOI":"10.1145\/3597926.3598143"},{"key":"1148_CR17","doi-asserted-by":"publisher","first-page":"50418","DOI":"10.1109\/ACCESS.2023.3341224","volume":"12","author":"Y Ning","year":"2023","unstructured":"Ning, Y., Zhang, Y., Ma, C., Guo, Z., Yu, L.: Empirical study of software composition analysis tools for C\/C++ binary programs. IEEE Access 12, 50418\u201350430 (2023)","journal-title":"IEEE Access"},{"doi-asserted-by":"crossref","unstructured":"Woo, S., Park, S., Kim, S., Lee, H., Oh, H.: CENTRIS: a precise and scalable approach for identifying modified open-source software reuse. In: Proc. of the 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE), pp. 860\u2013872. Madrid, Spain (2021)","key":"1148_CR18","DOI":"10.1109\/ICSE43902.2021.00083"},{"doi-asserted-by":"crossref","unstructured":"Wang, H., Liu, Z., Wang, S., Wang, Y., Tang, Q., Nie, S., Wu, S.: Are we there yet? filling the gap between biinary similiatity analysis and binary software composition analysis. In: Proc. of the 2024 IEEE 9th European Symposium on Security and Privay (Euro S&P), pp. 506\u2013523. Vienna, Austria (2024)","key":"1148_CR19","DOI":"10.1109\/EuroSP60621.2024.00034"},{"doi-asserted-by":"publisher","unstructured":"Zeng, J., Zhu, Y., Han, D., Weng, F., Li, R., Zhang, Y.: \u201cOSSDetector: towards a more accurate approach for C\/C++ third-party library detection,\u201d [PREPRINT] Available at research square: https:\/\/doi.org\/10.21203\/rs.3.rs-4366210\/v1 (2024). Accessed on Nov 2024","key":"1148_CR20","DOI":"10.21203\/rs.3.rs-4366210\/v1"},{"doi-asserted-by":"crossref","unstructured":"Hemel, A., Kalleberg, K.T., Vermaas, R., Dolstra, E.: Finding software license violations through binary code clone detection. In: Proc. of the 8th Working Conference on Mining Software Repositories, pp. 63\u201372. Waikiki, USA (2011)","key":"1148_CR21","DOI":"10.1145\/1985441.1985453"},{"doi-asserted-by":"crossref","unstructured":"Duan, R., Bijlani, A., Xu, M., Kim, T., Lee, W.: Identifying open-source license viloation and 1-day security risk at large scale. In: Proc of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 2169\u20132185. Dallas, USA (2017)","key":"1148_CR22","DOI":"10.1145\/3133956.3134048"},{"issue":"21","key":"1148_CR23","first-page":"1","volume":"4","author":"G Ban","year":"2021","unstructured":"Ban, G., Xu, L., Xiao, Y., Li, X., Yuan, Z., Huo, W.: B2SMatcher: fine-grained version identification of open-source software in binary files. Cybersecurity 4(21), 1\u201321 (2021)","journal-title":"Cybersecurity"},{"doi-asserted-by":"crossref","unstructured":"Parr, T.J., Quong, R.W.: ANTLR: a predicated-LL(k) parser generator. Software: Practive and Experience 25(7), 789\u2013810 (1955)","key":"1148_CR24","DOI":"10.1002\/spe.4380250705"},{"unstructured":"IDAPython, [Online ] Available: https:\/\/python.docs.hex-rays.com\/ (2024). Accesssed on Dec 2024","key":"1148_CR25"},{"doi-asserted-by":"crossref","unstructured":"Shirani, P., Wang, L., Debbabi, M.: BinShape: scalable and robust binary library function identification using function shape. In: Proc. of the Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 301\u2013324. Bonn, Germany (2017)","key":"1148_CR26","DOI":"10.1007\/978-3-319-60876-1_14"},{"doi-asserted-by":"crossref","unstructured":"Tang, W., Luo, P., Fu, J., Zhang, D.: LibDX: a cross-platform and accurate system to detect thrid-party libraries in binary code. In: Proc. of the 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 104\u2013115. London, ON, Canada (2020)","key":"1148_CR27","DOI":"10.1109\/SANER48275.2020.9054845"},{"issue":"1","key":"1148_CR28","doi-asserted-by":"publisher","first-page":"1","DOI":"10.3390\/app13010413","volume":"13","author":"X Zhu","year":"2022","unstructured":"Zhu, X., Wang, J., Fang, Z., Yin, X., Liu, S.: Bbdetector: a precise and scalable third-party library detection in binary executables with fine-grained function-level features. Appl. Sci. 13(1), 1\u201315 (2022)","journal-title":"Appl. Sci."},{"doi-asserted-by":"crossref","unstructured":"Tang, W., Wang, Y., Zhang, H., Han, S., Luo, P., Zhang, D.: LibDB: an effective and efficient framework for detecting third-party libraries in binaries. In: Proc. of the 19th International Conference on Mining Software Repositories, pp. 423\u2013434. Pittsburgh, Pennsylvania (2022)","key":"1148_CR29","DOI":"10.1145\/3524842.3528442"},{"issue":"4","key":"1148_CR30","doi-asserted-by":"publisher","first-page":"333","DOI":"10.1561\/1500000019","volume":"3","author":"S Robertson","year":"2009","unstructured":"Robertson, S., Zaragoza, H.: The probabilistic relevance framework: BM25 and beyond. Found. Trens. Inform. Retr. 3(4), 333\u2013389 (2009)","journal-title":"Found. Trens. Inform. Retr."},{"doi-asserted-by":"crossref","unstructured":"Trotman, A., Puurula, A., Burgess, B.: Improvements to BM25 and language models examined. In: Proc. of the 19th Australasian Document Computing Symposium, pp. 58\u201365. Melbouren, Australia (2014)","key":"1148_CR31","DOI":"10.1145\/2682862.2682863"},{"unstructured":"Manning, C.D., Raghavan, P., Sch \u00fctze, H.: (2009). An introdouction to invermation retrieval. Cambridge University Press (2009) https:\/\/nlp.stanford.edu\/IR-book\/pdf\/irbookonlinereading.pdf","key":"1148_CR32"},{"unstructured":"Joyce, R.: Com get your free NSA reverse engineering tool. In: RSA Conference, San Francisco, USA (2019)","key":"1148_CR33"},{"unstructured":"strings, [Online] https:\/\/sourceware.org\/binutils\/docs\/binutils\/strings.html (2024). Accessed on Nov 2024","key":"1148_CR34"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01148-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01148-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01148-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T07:06:11Z","timestamp":1764572771000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01148-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,4]]},"references-count":34,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2025,12]]}},"alternative-id":["1148"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01148-3","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2025,11,4]]},"assertion":[{"value":"17 March 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 October 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 November 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interests"}}],"article-number":"231"}}