{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,5]],"date-time":"2025-05-05T04:07:29Z","timestamp":1746418049758,"version":"3.28.0"},"reference-count":28,"publisher":"IEEE Comput. Soc","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1109\/icsm.2003.1235429","type":"proceedings-article","created":{"date-parts":[[2004,3,1]],"date-time":"2004-03-01T21:26:50Z","timestamp":1078176410000},"page":"266-274","source":"Crossref","is-referenced-by-count":15,"title":["Characterizing the 'security vulnerability likelihood' of software functions"],"prefix":"10.1109","author":[{"given":"D.","family":"DaCosta","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"C.","family":"Dahn","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"S.","family":"Mancoridis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"V.","family":"Prevelakis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"19","article-title":"Source code scanners for better code","author":"nazario","year":"2002","journal-title":"Linux Journal"},{"key":"17","article-title":"Statically Detecting Likely Buffer Overflow Vulnerabilites","author":"larochelle","year":"2001","journal-title":"Proceedings of the 10th USENIX Security Symposium"},{"key":"18","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2001.957826"},{"journal-title":"Computer Vulnerability Analysis Thesis Proposal","year":"1997","author":"krsul","key":"15"},{"journal-title":"Software Vulnerability Analysis","year":"1998","author":"krsul","key":"16"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.1137\/0213024"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.1999.806970"},{"key":"11","article-title":"Automatic Detection and Prevention of Buffer-Overflow Attacks","author":"cowan","year":"1998","journal-title":"Proceedings of the 7th USENIX Security Symposium"},{"journal-title":"GCC XML Code Introspector","year":"0","key":"12"},{"key":"21","doi-asserted-by":"publisher","DOI":"10.1145\/175290.175295"},{"journal-title":"Format String Attacks","year":"2000","author":"newsham","key":"20"},{"key":"22","first-page":"49","article-title":"Smashing The Stack For Fun and Profit","volume":"7","author":"one","year":"1996","journal-title":"Phrack Magazine"},{"journal-title":"OpenBSD Homepage","year":"0","key":"23"},{"key":"24","article-title":"Preventing privilege escalation","volume":"2","author":"provos","year":"2002","journal-title":"Technical Report"},{"key":"25","first-page":"119","article-title":"Representing semantically analyzed c++ code with reprise","author":"rosenblum","year":"1991","journal-title":"Usenix C++ Conference Proceedings"},{"year":"0","key":"26"},{"key":"27","article-title":"Detecting Format String Vulnerabilities with Type Qualifiers","author":"shankar","year":"2001","journal-title":"Proceedings of the 10th USENIX Security Symposium"},{"journal-title":"Flawfinder","year":"0","author":"wheeler","key":"28"},{"year":"0","key":"3"},{"journal-title":"A Taxonomy of Security Faults in the UNIX operating system","year":"1995","author":"aslam","key":"2"},{"key":"10","article-title":"FormatGuard: Automatic Protection From printf Format String Vulnerabilities","author":"cowan","year":"2001","journal-title":"Proceedings of the 10th USENIX Security Symposium"},{"journal-title":"OpenSSH Website","year":"0","key":"1"},{"key":"7","article-title":"A C++ Data Model Supporting Reachability Analysis and Dead Code Detection","author":"chen","year":"1997","journal-title":"Proceedings of the European Conference on Software Engineering\/Foundations of Software Engineering"},{"key":"6","doi-asserted-by":"publisher","DOI":"10.1145\/586139.586142"},{"key":"5","article-title":"A Taxonomy of UNIX System and Network Vulnerabilities","author":"bishop","year":"1995","journal-title":"Technical Report"},{"journal-title":"Software Testing Techniques","year":"1990","author":"beizer","key":"4"},{"journal-title":"CoSAK Case Studies Page","year":"0","key":"9"},{"year":"0","key":"8"}],"event":{"name":"International Conference on Software Maintenance","acronym":"ICSM-03","location":"Amsterdam, Netherlands"},"container-title":["International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings."],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx5\/8742\/27696\/01235429.pdf?arnumber=1235429","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,3,13]],"date-time":"2017-03-13T20:59:24Z","timestamp":1489438764000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/1235429\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"references-count":28,"URL":"https:\/\/doi.org\/10.1109\/icsm.2003.1235429","relation":{},"subject":[]}}