{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,25]],"date-time":"2025-11-25T15:37:36Z","timestamp":1764085056818,"version":"3.37.3"},"reference-count":46,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2023,8,26]],"date-time":"2023-08-26T00:00:00Z","timestamp":1693008000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,8,26]],"date-time":"2023-08-26T00:00:00Z","timestamp":1693008000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Iran J Comput Sci"],"published-print":{"date-parts":[[2024,3]]},"DOI":"10.1007\/s42044-023-00156-7","type":"journal-article","created":{"date-parts":[[2023,8,26]],"date-time":"2023-08-26T09:02:46Z","timestamp":1693040566000},"page":"25-40","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["A study of synergy between programming practices evolution and information disclosure-causing vulnerabilities"],"prefix":"10.1007","volume":"7","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0732-5399","authenticated-orcid":false,"given":"Gatha","family":"Varma","sequence":"first","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,8,26]]},"reference":[{"key":"156_CR1","volume-title":"The internet of things: mapping the value beyond the hype","author":"J Manyika","year":"2015","unstructured":"Manyika, J., Chui, M., Bisson, P., Woetzel, J., Dobbs, R., Bughin, J., Aharon, D.: The internet of things: mapping the value beyond the hype. McKinsey Global Institute, NY, USA (2015)"},{"issue":"2","key":"156_CR2","doi-asserted-by":"publisher","first-page":"72","DOI":"10.1504\/ijcsyse.2019.100027","volume":"5","author":"VY Reddy","year":"2019","unstructured":"Reddy, V.Y., Krishna, B.H., Bhooshanam, E.N.: Automation of home and its management using IoT. Int. J. Comput. Syst. Eng. 5(2), 72 (2019). https:\/\/doi.org\/10.1504\/ijcsyse.2019.100027","journal-title":"Int. J. Comput. Syst. Eng."},{"doi-asserted-by":"crossref","unstructured":"Gatha, Chauhan R, Singh D (2020) Ensuring Privacy-Aware Data Release: An Analysis of Applicability of Privacy Enhancing Techniques to Real-world Datasets. In: ICRITO 2020 - IEEE 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions)","key":"156_CR3","DOI":"10.1109\/ICRITO48877.2020.9197989"},{"unstructured":"Wei W (2018) Casino Gets Hacked Through Its Internet-Connected Fish Tank Thermometer. https:\/\/thehackernews.com\/2018\/04\/iot-hacking-thermometer.html. Accessed 16 July 2023.","key":"156_CR4"},{"issue":"7","key":"156_CR5","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1109\/MC.2018.3011046","volume":"51","author":"N Vlajic","year":"2018","unstructured":"Vlajic, N., Zhou, D.: IoT as a land of opportunity for DDoS hackers. Computer 51(7), 26\u201334 (2018). https:\/\/doi.org\/10.1109\/MC.2018.3011046","journal-title":"Computer"},{"key":"156_CR6","doi-asserted-by":"publisher","DOI":"10.1109\/IMCOM56909.2023.10035583","author":"G Varma","year":"2023","unstructured":"Varma, G.: Local hashing and fake data for privacy-aware frequency estimation. Int. Conf. Ubiquitous Inf. Manag. Commun. (2023). https:\/\/doi.org\/10.1109\/IMCOM56909.2023.10035583","journal-title":"Int. Conf. Ubiquitous Inf. Manag. Commun."},{"key":"156_CR7","doi-asserted-by":"publisher","DOI":"10.2139\/SSRN.3565901","author":"G Tanwar","year":"2020","unstructured":"Tanwar, G., Chauhan, R., Singh, D.: User privacy in smart systems: recent findings and countermeasures. SSRN Electron J. (2020). https:\/\/doi.org\/10.2139\/SSRN.3565901","journal-title":"SSRN Electron J."},{"issue":"1","key":"156_CR8","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/S42400-022-00129-6","volume":"5","author":"G Varma","year":"2022","unstructured":"Varma, G., Chauhan, R., Singh, D.: Sarve synthetic data and local differential privacy for private frequency estimation. Cybersecurity 5(1), 1\u201320 (2022). https:\/\/doi.org\/10.1186\/S42400-022-00129-6","journal-title":"Cybersecurity"},{"key":"156_CR9","doi-asserted-by":"publisher","DOI":"10.1109\/IMCOM53663.2022.9721721","author":"G Varma","year":"2022","unstructured":"Varma, G., Chauhan, R.: Cybercriminals strike where it hurts most: SARS-Cov-2 pandemic and its influence on critical infrastructure ransomware attacks. Int. Conf. Ubiquitous Inf. Manag. Commun. (2022). https:\/\/doi.org\/10.1109\/IMCOM53663.2022.9721721","journal-title":"Int. Conf. Ubiquitous Inf. Manag. Commun."},{"unstructured":"MITRE (2022) Common Vulnerabilities and Exposures https:\/\/cve.mitre.org\/. Accessed 16 July 2023","key":"156_CR10"},{"unstructured":"Mann DE, Christey SM (1999) Towards a Common Enumeration of Vulnerabilities. 2nd Workshop on Research with Security Vulnerability Databases, 1999.","key":"156_CR11"},{"unstructured":"Martin RA (2007) Common Weakness Enumeration","key":"156_CR12"},{"key":"156_CR13","first-page":"59","volume-title":"Vulnerability analysis of software piracy and reverse engineering: based on software C","author":"J Lee","year":"2022","unstructured":"Lee, J., Yim, K., Lee, K.: Vulnerability analysis of software piracy and reverse engineering: based on software C, pp. 59\u201366. Springer, Cham (2022)"},{"doi-asserted-by":"crossref","unstructured":"Chang YY, Zavarsky P, Ruhl R, Lindskog D (2011) Trend analysis of the CVE for software vulnerability management. In: Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT\/SocialCom 2011. pp 1290\u20131293.","key":"156_CR14","DOI":"10.1109\/PASSAT\/SocialCom.2011.184"},{"key":"156_CR15","first-page":"657","volume-title":"Lecture notes on data engineering and communications technologies","author":"S Na","year":"2017","unstructured":"Na, S., Kim, T., Kim, H.: A study on the classification of common vulnerabilities and exposures using na\u00efve bayes. In: Barolli, L., Xhafa, F., Yim, K. (eds.) Lecture notes on data engineering and communications technologies, pp. 657\u2013662. Springer International Publishing, Cham (2017)"},{"doi-asserted-by":"crossref","unstructured":"Han Z, Li X, Xing Z, Liu H, Feng Z (2017) Learning to predict severity of software vulnerability using only vulnerability description. In: Proceedings - 2017 IEEE International Conference on Software Maintenance and Evolution, ICSME 2017. Institute of Electrical and Electronics Engineers Inc., pp 125\u2013136.","key":"156_CR16","DOI":"10.1109\/ICSME.2017.52"},{"doi-asserted-by":"crossref","unstructured":"Li X, Chen J, Lin Z, Zhang L, Wang Z, Zhou M, Xie W (2017) A Mining Approach to Obtain the Software Vulnerability Characteristics. In: Proceedings - 5th International Conference on Advanced Cloud and Big Data, CBD 2017. Institute of Electrical and Electronics Engineers Inc., pp 296\u2013301.","key":"156_CR17","DOI":"10.1109\/CBD.2017.58"},{"doi-asserted-by":"crossref","unstructured":"Wang W, Gupta A, Niu N (2018) Mining security requirements from common vulnerabilities and exposures for agile projects. In: Proceedings - 2018 1st International Workshop on Quality Requirements in Agile Projects, QuaRAP 2018. Institute of Electrical and Electronics Engineers Inc., pp 6\u20139.","key":"156_CR18","DOI":"10.1109\/QuaRAP.2018.00007"},{"doi-asserted-by":"crossref","unstructured":"Chen Q, Bao L, Li L, Xia X, Cai L (2018) Categorizing and Predicting Invalid Vulnerabilities on Common Vulnerabilities and Exposures. In: Proceedings - Asia-Pacific Software Engineering Conference, APSEC. IEEE Computer Society, pp 345\u2013354.","key":"156_CR19","DOI":"10.1109\/APSEC.2018.00049"},{"doi-asserted-by":"crossref","unstructured":"Pham V, Dang T (2019) CVExplorer: Multidimensional Visualization for Common Vulnerabilities and Exposures. In: Proceedings - 2018 IEEE International Conference on Big Data, Big Data 2018. Institute of Electrical and Electronics Engineers Inc., pp 1296\u20131301.","key":"156_CR20","DOI":"10.1109\/BigData.2018.8622092"},{"doi-asserted-by":"crossref","unstructured":"Schiappa M, Chantry G, Garibay I (2019) Cyber Security in a Complex Community: A Social Media Analysis on Common Vulnerabilities and Exposures. In: 2019 6th International Conference on Social Networks Analysis, Management and Security, SNAMS 2019. Institute of Electrical and Electronics Engineers Inc., pp 13\u201320.","key":"156_CR21","DOI":"10.1109\/SNAMS.2019.8931883"},{"issue":"1","key":"156_CR22","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1504\/ijcsyse.2020.109110","volume":"6","author":"D Sharma","year":"2020","unstructured":"Sharma, D., Chandra, P.: Towards recent developments in the methods, metrics and datasets of software fault prediction. Int. J. Comput. Syst. Eng. 6(1), 14 (2020). https:\/\/doi.org\/10.1504\/ijcsyse.2020.109110","journal-title":"Int. J. Comput. Syst. Eng."},{"issue":"2","key":"156_CR23","doi-asserted-by":"publisher","first-page":"122","DOI":"10.2174\/2210327911666210203222153","volume":"12","author":"G Varma","year":"2021","unstructured":"Varma, G., Chauhan, R., Singh, D.: A pill to find them all: IoT device behavior fingerprinting using capsule networks. Int. J. Sensors Wirel. Commun. Control 12(2), 122\u2013131 (2021). https:\/\/doi.org\/10.2174\/2210327911666210203222153","journal-title":"Int. J. Sensors Wirel. Commun. Control"},{"key":"156_CR24","doi-asserted-by":"publisher","first-page":"102914","DOI":"10.1016\/J.COSE.2022.102914","volume":"123","author":"AO Bang","year":"2022","unstructured":"Bang, A.O., Rao, U.P., Visconti, A., Brighente, A., Conti, M.: An IoT inventory before deployment: a survey on IoT protocols, communication technologies, vulnerabilities, attacks, and future res directions. Comput. Secur. 123, 102914 (2022). https:\/\/doi.org\/10.1016\/J.COSE.2022.102914","journal-title":"Comput. Secur."},{"doi-asserted-by":"crossref","unstructured":"Pranathi K, Kranthi S, Srisaila A, Madhavilatha P (2018) Attacks on Web Application Caused by Cross Site Scripting. In: Proceedings of the 2nd International Conference on Electronics, Communication and Aerospace Technology, ICECA 2018. Institute of Electrical and Electronics Engineers Inc., pp 1754\u20131759.","key":"156_CR25","DOI":"10.1109\/ICECA.2018.8474765"},{"doi-asserted-by":"publisher","unstructured":"Mohammadi M, Chu B, Richter Lipford H (2019) Automated repair of cross-site scripting vulnerabilities through unit testing. In: Proceedings - 2019 IEEE 30th International Symposium on Software Reliability Engineering Workshops, ISSREW 2019. Institute of Electrical and Electronics Engineers Inc., pp 370\u2013377 https:\/\/doi.org\/10.1109\/ISSREW.2019.00098.","key":"156_CR26","DOI":"10.1109\/ISSREW.2019.00098"},{"key":"156_CR27","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1109\/MC.2011.261","volume":"45","author":"LK Shar","year":"2012","unstructured":"Shar, L.K., Tan, H.B.K.: Defending against cross-site scripting attacks. Computer 45, 55\u201362 (2012)","journal-title":"Computer"},{"key":"156_CR28","first-page":"238","volume-title":"Communications in computer and information science","author":"Y Bai","year":"2015","unstructured":"Bai, Y., Chen, Z.: Analysis and exploit of directory traversal vulnerability on VMware. In: Niu, W., Li, G., Liu, J., Tan, J., Guo, L., Han, Z., Batten, L. (eds.) Communications in computer and information science, pp. 238\u2013244. Springer Verlag, Berlin, Heidelberg (2015)"},{"doi-asserted-by":"publisher","unstructured":"Shinde PS, Ardhapurkar SB (2016) Cyber security analysis using vulnerability assessment and penetration testing. IEEE WCTFTR 2016 - Proc 2016 World Conf Futur Trends Res Innov Soc Welf. https:\/\/doi.org\/10.1109\/STARTUP.2016.7583912.","key":"156_CR29","DOI":"10.1109\/STARTUP.2016.7583912"},{"key":"156_CR30","doi-asserted-by":"publisher","DOI":"10.1109\/ICSENG.2018.8638176","author":"B Mburano","year":"2019","unstructured":"Mburano, B., Si, W.: Evaluation of web vulnerability scanners based on OWASP benchmark. Int. Conf. Syst. Eng. ICSEng. Proc. (2019). https:\/\/doi.org\/10.1109\/ICSENG.2018.8638176","journal-title":"Int. Conf. Syst. Eng. ICSEng. Proc."},{"key":"156_CR31","doi-asserted-by":"publisher","DOI":"10.1109\/ISCC50000.2020.9219568","author":"M Aota","year":"2020","unstructured":"Aota, M., Kanehara, H., Kubo, M., Murata, N., Sun, B., Takahashi, T.: Automation of vulnerability classification from its description using machine learning. Proc. IEEE Symp. Comput. Commun. (2020). https:\/\/doi.org\/10.1109\/ISCC50000.2020.9219568","journal-title":"Proc. IEEE Symp. Comput. Commun."},{"issue":"10","key":"156_CR32","doi-asserted-by":"publisher","first-page":"1576","DOI":"10.1093\/comjnl\/bxq009","volume":"53","author":"T Giannetsos","year":"2010","unstructured":"Giannetsos, T., Dimitriou, T., Krontiris, I., Prasad, N.R.: Arbitrary code injection through self-propagating worms in von Neumann architecture devices. Comput. J. 53(10), 1576\u20131593 (2010). https:\/\/doi.org\/10.1093\/comjnl\/bxq009","journal-title":"Comput. J."},{"doi-asserted-by":"crossref","unstructured":"Monshizadeh M, Naldurg P, Venkatakrishnan VN (2014) MACE: Detecting privilege escalation vulnerabilities in web applications. In: Proceedings of the ACM Conference on Computer and Communications Security. Association for Computing Machinery, pp 690\u2013701.","key":"156_CR33","DOI":"10.1145\/2660267.2660337"},{"key":"156_CR34","doi-asserted-by":"publisher","first-page":"46584","DOI":"10.1109\/ACCESS.2018.2866498","volume":"6","author":"W Qiang","year":"2018","unstructured":"Qiang, W., Yang, J., Jin, H., Shi, X.: PrivGuard: protecting sensitive kernel data from privilege escalation attacks. IEEE Access 6, 46584\u201346594 (2018). https:\/\/doi.org\/10.1109\/ACCESS.2018.2866498","journal-title":"IEEE Access"},{"issue":"6","key":"156_CR35","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1109\/MSP.2010.190","volume":"8","author":"M Prandini","year":"2010","unstructured":"Prandini, M., Ramilli, M., Cerroni, W., Callegati, F.: Splitting the HTTPS stream to attack secure web connections. IEEE Secur. Priv. 8(6), 80\u201384 (2010). https:\/\/doi.org\/10.1109\/MSP.2010.190","journal-title":"IEEE Secur. Priv."},{"doi-asserted-by":"crossref","unstructured":"Kshirsagar D, Kumar S, Purohit L (2016) Exploring usage of ontology for HTTP response splitting attack. In: Proceedings on 2015 1st International Conference on Next Generation Computing Technologies, NGCT 2015. Institute of Electrical and Electronics Engineers Inc., pp 437\u2013440.","key":"156_CR36","DOI":"10.1109\/NGCT.2015.7375156"},{"doi-asserted-by":"crossref","unstructured":"Zhang B, Wu B, Feng C, Tang C (2015) Memory corruption vulnerabilities detection for Android binary software. In: 2015 IEEE International Conference on Signal Processing, Communications and Computing, ICSPCC 2015. Institute of Electrical and Electronics Engineers Inc.","key":"156_CR37","DOI":"10.1109\/ICSPCC.2015.7338757"},{"doi-asserted-by":"crossref","unstructured":"Jiang C, Wang Y (2019) Survey on memory corruption mitigation. In: Proceedings of 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference, ITNEC 2019. Institute of Electrical and Electronics Engineers Inc., pp 731\u2013738.","key":"156_CR38","DOI":"10.1109\/ITNEC.2019.8728974"},{"doi-asserted-by":"crossref","unstructured":"Gao Y, Chen L, Shi G, Zhang F (2018). A comprehensive detection of memory corruption vulnerabilities for C\/C++ programs. In: 2018 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Ubiquitous Computing & Communications, Big Data & Cloud Computing, Social Computing & Networking, Sustainable Computing & Communications (ISPA\/IUCC\/BDCloud\/SocialCom\/SustainCom) (pp. 354\u2013360).","key":"156_CR39","DOI":"10.1109\/BDCloud.2018.00062"},{"key":"156_CR40","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1007\/978-1-4842-7258-9_14","volume-title":"Certified ethical hacker (CEH) preparation guide: lesson-based review of ethical hacking and penetration testing","author":"A Sheikh","year":"2021","unstructured":"Sheikh, A.: Buffer Overflow. In: Sheikh, A. (ed.) Certified ethical hacker (CEH) preparation guide: lesson-based review of ethical hacking and penetration testing, pp. 165\u2013173. Apress, CA (2021)"},{"doi-asserted-by":"crossref","unstructured":"Wang W, Lei Y, Liu D, Kung D, Csallner C, Zhang D, Kacker R, Kuhn R (2011) A combinatorial approach to detecting buffer overflow vulnerabilities. In: Proceedings of the International Conference on Dependable Systems and Networks. pp 269\u2013278.","key":"156_CR41","DOI":"10.1109\/DSN.2011.5958225"},{"key":"156_CR42","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1109\/CERMA.2008.60","volume":"2008","author":"HF Gonz\u00e1lez Robledo","year":"2008","unstructured":"Gonz\u00e1lez Robledo, H.F.: Types of hosts on a remote file inclusion(RFI) botnet. Proc. Electron Robot. Automot. Mech. Conf. CERMA 2008, 105\u2013109 (2008). https:\/\/doi.org\/10.1109\/CERMA.2008.60","journal-title":"Proc. Electron Robot. Automot. Mech. Conf. CERMA"},{"doi-asserted-by":"crossref","unstructured":"Shahriar H, Talukder MAI, Rahman M, Chi H, Ahamed S, Wu F (2019) Hands-on file inclusion vulnerability and proactive control for secure software development. In: Proceedings - International Computer Software and Applications Conference. IEEE Computer Society, pp 604\u2013609.","key":"156_CR43","DOI":"10.1109\/COMPSAC.2019.10274"},{"key":"156_CR44","doi-asserted-by":"publisher","DOI":"10.9734\/AJRCOS\/2021\/V10I330242","author":"FQ Kareem","year":"2021","unstructured":"Kareem, F.Q., Ameen, S.Y., Salih, A.A., Ahmed, D.M., Kak, S.F., Yasin, H.M., Ibrahim, I.M., Ahmed, A.M., Rashid, Z.N., Omar, N.: SQL Injection attacks prevention system technology: review. Asian J. Res. Comput. Sci. (2021). https:\/\/doi.org\/10.9734\/AJRCOS\/2021\/V10I330242","journal-title":"Asian J. Res. Comput. Sci."},{"doi-asserted-by":"crossref","unstructured":"Ma L, Zhao D, Gao Y, Zhao C (2019) Research on SQL Injection Attack and Prevention Technology Based on Web. In: Proceedings - 2nd International Conference on Computer Network, Electronic and Automation, ICCNEA 2019. Institute of Electrical and Electronics Engineers Inc., pp 176\u2013179.","key":"156_CR45","DOI":"10.1109\/ICCNEA.2019.00042"},{"doi-asserted-by":"publisher","unstructured":"Gatha Varma (2023) A study of synergy between programming practices evolution and information disclosure-causing vulnerabilities. https:\/\/doi.org\/10.1007\/s42044-023-00156-7","key":"156_CR46","DOI":"10.1007\/s42044-023-00156-7"}],"container-title":["Iran Journal of Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42044-023-00156-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s42044-023-00156-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42044-023-00156-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,26]],"date-time":"2024-02-26T14:13:51Z","timestamp":1708956831000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s42044-023-00156-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,8,26]]},"references-count":46,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2024,3]]}},"alternative-id":["156"],"URL":"https:\/\/doi.org\/10.1007\/s42044-023-00156-7","relation":{},"ISSN":["2520-8438","2520-8446"],"issn-type":[{"type":"print","value":"2520-8438"},{"type":"electronic","value":"2520-8446"}],"subject":[],"published":{"date-parts":[[2023,8,26]]},"assertion":[{"value":"14 May 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 August 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 August 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The author has no competing interests to declare that are relevant to the content of this article.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}