{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T18:13:50Z","timestamp":1775067230190,"version":"3.50.1"},"reference-count":60,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014,5]]},"DOI":"10.1109\/mipro.2014.6859783","type":"proceedings-article","created":{"date-parts":[[2014,7,30]],"date-time":"2014-07-30T16:19:16Z","timestamp":1406737156000},"page":"1381-1386","source":"Crossref","is-referenced-by-count":12,"title":["A survey of static code analysis methods for security vulnerabilities detection"],"prefix":"10.1109","author":[{"given":"Melina","family":"Kulenovic","sequence":"first","affiliation":[]},{"given":"Dzenana","family":"Donko","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"35","doi-asserted-by":"publisher","DOI":"10.1109\/CSFW.1999.779776"},{"key":"36","article-title":"Dynamic taint analysis for automatic detection, analysis, signature genetarion of exploits on commodity software","author":"newsome","year":"2005","journal-title":"Proceedings of the 12th Annual Network and Distributed System Security Symposium"},{"key":"33","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2007.98"},{"key":"34","doi-asserted-by":"publisher","DOI":"10.1145\/1146238.1146253"},{"key":"39","article-title":"Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software","author":"newsome","year":"2005","journal-title":"Proceedings of the 12th Annual Network and Distributed System Security Symposium"},{"key":"37","doi-asserted-by":"crossref","first-page":"167","DOI":"10.3233\/JCS-1996-42-304","article-title":"A sound type system for secure flow analysis","volume":"4","author":"volpano","year":"1996","journal-title":"Journal of Computer Security"},{"key":"38","first-page":"201","article-title":"Detecting format string vulnerabilities with type qualifiers","author":"shankar","year":"2001","journal-title":"Proceedings of the 10th USENIX Security Symposium"},{"key":"43","doi-asserted-by":"publisher","DOI":"10.1109\/SP.1982.10014"},{"key":"42","article-title":"Finding security vulnerabilities in java applications with static analysis","author":"livshits","year":"2005","journal-title":"USENIX Security Symposium"},{"key":"41","doi-asserted-by":"publisher","DOI":"10.1145\/1178625.1178628"},{"key":"40","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2002.1004368"},{"key":"22","doi-asserted-by":"crossref","first-page":"126","DOI":"10.1007\/3-540-36579-6_10","article-title":"Dimensions of precision in reference analysis of object-oriented programming languages","author":"ryder","year":"2003","journal-title":"Compiler Construction"},{"key":"23","author":"pistoia","year":"2005","journal-title":"A Unified Mathematical Model for Stack and Role Based Authorization Systems"},{"key":"24","article-title":"Interprocedural analysis for privileged code placement and tainted variable detection","author":"pistoia","year":"2005","journal-title":"Proceedings of the 9th European Conference on Object-Oriented Programming"},{"key":"25","article-title":"Role based access control (RBAC): Features and motivations","author":"ferraiolo","year":"0","journal-title":"National Institute of Standards and Technology U S Department of Commerce Gaithersburg MD 20899"},{"key":"26","article-title":"Role based access control consistency validation","author":"paolinacentonze","year":"0","journal-title":"ISSTA'06"},{"key":"27","doi-asserted-by":"publisher","DOI":"10.1145\/507712.507714"},{"key":"28","doi-asserted-by":"publisher","DOI":"10.1145\/505586.505590"},{"key":"29","first-page":"87","article-title":"XML document security based on provisional authorization","author":"kudo","year":"2000","journal-title":"Proceedings of the 7th ACM Conference on Computer and Communications Security Athens"},{"key":"3","article-title":"Open software assurance maturity model","year":"0","journal-title":"Software Assurance Maturity Model"},{"key":"2","author":"christey","year":"2011","journal-title":"2011 CWE\/SANS Top 25 Most Dangerous Software Errors"},{"key":"1","year":"0","journal-title":"Software Quality Basics"},{"key":"7","year":"0","journal-title":"Common Weakness Risk Analysis Framework"},{"key":"30","doi-asserted-by":"publisher","DOI":"10.1145\/948121.948122"},{"key":"6","year":"2013","journal-title":"Application Vulnerability Trends Report"},{"key":"5","article-title":"Security development lifecycle","year":"0","journal-title":"What Is the Security Development Lifecycle"},{"key":"32","doi-asserted-by":"publisher","DOI":"10.1145\/949338.949339"},{"key":"4","article-title":"The building security in maturity model","year":"0","journal-title":"The Software Security Framework"},{"key":"31","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2001.919078"},{"key":"9","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.3"},{"key":"8","year":"0","journal-title":"Common Weakness Scoring System"},{"key":"59","doi-asserted-by":"publisher","DOI":"10.1145\/512529.512540"},{"key":"58","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44898-5_25"},{"key":"57","doi-asserted-by":"publisher","DOI":"10.1145\/1146238.1146254"},{"key":"56","doi-asserted-by":"publisher","DOI":"10.1145\/1007512.1007515"},{"key":"19","doi-asserted-by":"publisher","DOI":"10.1016\/S1571-0661(04)00236-1"},{"key":"55","doi-asserted-by":"publisher","DOI":"10.1145\/543552.512538"},{"key":"17","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1007\/3-540-45309-1_3","article-title":"A systematic approach to static access control","author":"pottier","year":"2001","journal-title":"Proceedings of the 10th European Symposium on Programming Languages and Systems"},{"key":"18","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1999.766902"},{"key":"15","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.10"},{"key":"16","doi-asserted-by":"publisher","DOI":"10.1145\/363516.363520"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.1147\/sj.462.0265"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"11","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.4"},{"key":"12","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.30"},{"key":"21","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2000.848461"},{"key":"20","article-title":"A simple semantics and static analysis for java security","author":"banerjee","year":"2001","journal-title":"Stevens Institute of Technology"},{"key":"60","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44898-5_27"},{"key":"49","doi-asserted-by":"publisher","DOI":"10.1145\/512557.512558"},{"key":"48","doi-asserted-by":"publisher","DOI":"10.1145\/512529.512531"},{"key":"45","doi-asserted-by":"publisher","DOI":"10.1109\/32.232013"},{"key":"44","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1986.6312929"},{"key":"47","first-page":"13","article-title":"Adoption and focus: Practical linear types for imperative programming","author":"deline","year":"2002","journal-title":"Proc ACM Conf Programming Language Design and Implementation"},{"key":"46","doi-asserted-by":"publisher","DOI":"10.1145\/378795.378811"},{"key":"10","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.1"},{"key":"51","doi-asserted-by":"publisher","DOI":"10.1145\/780822.781146"},{"key":"52","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2000.870434"},{"key":"53","first-page":"103","article-title":"Automatically validating temporal safety properties of interfaces","volume":"2057","author":"ball","year":"2001","journal-title":"Proceedings of 8th International SPin Workshop of Model Checking of Software (SPin 2001) in Lecture Notes in Computer Science"},{"key":"54","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2002.1004368"},{"key":"50","doi-asserted-by":"publisher","DOI":"10.1145\/503272.503276"}],"event":{"name":"2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO)","location":"Opatija, Croatia","start":{"date-parts":[[2014,5,26]]},"end":{"date-parts":[[2014,5,30]]}},"container-title":["2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6849597\/6859515\/06859783.pdf?arnumber=6859783","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,13]],"date-time":"2019-08-13T10:49:16Z","timestamp":1565693356000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/6859783\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,5]]},"references-count":60,"URL":"https:\/\/doi.org\/10.1109\/mipro.2014.6859783","relation":{},"subject":[],"published":{"date-parts":[[2014,5]]}}}