{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T21:31:31Z","timestamp":1780435891306,"version":"3.54.1"},"reference-count":49,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"Ministry of Innovation and Technology of Hungary from the National Research, Development, and Innovation Fund","award":["TKP2021-NVA-29"],"award-info":[{"award-number":["TKP2021-NVA-29"]}]},{"name":"Ministry of Innovation and Technology of Hungary from the National Research, Development, and Innovation Fund","award":["TKP2021-NVA"],"award-info":[{"award-number":["TKP2021-NVA"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2024]]},"DOI":"10.1109\/access.2024.3389955","type":"journal-article","created":{"date-parts":[[2024,4,16]],"date-time":"2024-04-16T17:26:01Z","timestamp":1713288361000},"page":"55824-55842","source":"Crossref","is-referenced-by-count":18,"title":["Comprehensive Evaluation of Static Analysis Tools for Their Performance in Finding Vulnerabilities in Java Code"],"prefix":"10.1109","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9881-5854","authenticated-orcid":false,"given":"Midya","family":"Alqaradaghi","sequence":"first","affiliation":[{"name":"Department of Programming Languages and Compilers, Eötvös Loránd University (ELTE), Budapest, Hungary"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tam\u00e1s","family":"Kozsik","sequence":"additional","affiliation":[{"name":"Department of Programming Languages and Compilers, Eötvös Loránd University (ELTE), Budapest, Hungary"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure","year":"2009"},{"key":"ref2","author":"Morgan","year":"2025","journal-title":"Cybercrime to Cost The World $10.5 Trillion Annually by 2025"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/access.2023.3262411"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.6028\/nist.sp.500-268"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/tse.2006.38"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2012.11.007"},{"key":"ref7","first-page":"35","volume-title":"Secure Programming in Static Analysis","author":"Chess","year":"2007"},{"key":"ref8","volume-title":"Static Analysis Tool","year":"2023"},{"key":"ref9","volume-title":"Code Quality and Code Security","year":"2023"},{"key":"ref10","volume-title":"Find Bugs in Java Programs","year":"2023"},{"key":"ref11","volume-title":"The SpotBugs Plugin for Security Audits of Java Web Applications","year":"2023"},{"key":"ref12","volume-title":"An Extensible Cross-language Static Code Analyzer","year":"2023"},{"key":"ref13","volume-title":"Artificial Test Suite","year":"2023"},{"key":"ref14","volume-title":"The Common Weakness Enumeration Initiative.","year":"2023"},{"key":"ref15","year":"2024","journal-title":"TIOBE Index for February 2024"},{"key":"ref16","article-title":"Static analysis evaluation experiment data","author":"Alqaradaghi","year":"2024","journal-title":"Zenodo"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/ares.2009.163"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1002\/spe.2109"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2015.08.002"},{"key":"ref20","first-page":"18","article-title":"Comparing four static analysis tools for Java concurrency bugs","volume-title":"Proc. 3rd Swedish Workshop Multi-Core Comput. (MCC)","author":"Al Mamun"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1556\/606.2021.00454"},{"key":"ref22","article-title":"Challenges of using sound and complete static code analysis tools in industrial software","author":"Stikkelorum","year":"2016"},{"key":"ref23","volume-title":"Deprecated CWEs","year":"2023"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/icse.2013.6606613"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.6028\/nist.sp.500-297"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/access.2022.3176865"},{"key":"ref27","first-page":"1","article-title":"Inferring the best static analysis tool for null pointer dereference in Java source code","volume-title":"Proc. 9thWorkshop Softw. Quality Anal., Monitoring, Improvement Appl. (SQAMIA)","volume":"3237","author":"Alqaradaghi"},{"key":"ref28","author":"Karlsen","year":"2023","journal-title":"Random Chance of Detection for Some Files in Juliet 1.3 CWE89 SQL Injection"},{"key":"ref29","article-title":"Implementation analysis of open-source static analysis tools for detecting security vulnerabilities","author":"Beba","year":"2019"},{"key":"ref30","volume-title":"Vulnerabilities","year":"2023"},{"issue":"4","key":"ref31","first-page":"695","article-title":"Comprehensive empirical study of static code analysis tools for C language","volume":"10","author":"Desai","year":"2022","journal-title":"Int. J. Intell. Syst. Appl. Eng."},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534380"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/issrew.2017.21"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/3395363.3397385"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.25046\/aj0602105"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2020.04.217"},{"key":"ref37","article-title":"Evaluation of static analysis tools for finding vulnerabilities in Java and C\/C++ source code","author":"Mahmood","year":"2018","journal-title":"arXiv:1805.09040"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2013.02.005"},{"key":"ref39","article-title":"A critical comparison on six static analysis tools: Detection, agreement, and precision","author":"Lenarduzzi","year":"2021","journal-title":"arXiv:2101.08832"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1002\/spe.3181"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/isci50694.2020.00021"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-91602-6_6"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/issrew.2012.28"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1007\/11430230_4"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/issre.2004.1"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/3319008.3319011"},{"key":"ref47","article-title":"JBMC: A bounded model checking tool for Java bytecode","author":"Brenguier","year":"2023","journal-title":"arXiv:2302.02381"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-019-09749-y"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.6028\/nist.tn.1995"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/10380310\/10500698.pdf?arnumber=10500698","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,5,3]],"date-time":"2024-05-03T19:11:05Z","timestamp":1714763465000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10500698\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"references-count":49,"URL":"https:\/\/doi.org\/10.1109\/access.2024.3389955","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]}}}