{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,4]],"date-time":"2025-12-04T08:27:20Z","timestamp":1764836840288,"version":"3.46.0"},"reference-count":74,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,8,26]],"date-time":"2025-08-26T00:00:00Z","timestamp":1756166400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,8,26]],"date-time":"2025-08-26T00:00:00Z","timestamp":1756166400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,8,26]]},"DOI":"10.1109\/pst65910.2025.11268853","type":"proceedings-article","created":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T18:40:04Z","timestamp":1764787204000},"page":"1-10","source":"Crossref","is-referenced-by-count":0,"title":["A Static Analysis of Popular C Packages in Linux"],"prefix":"10.1109","author":[{"given":"Jukka","family":"Ruohonen","sequence":"first","affiliation":[{"name":"University of Southern,Denmark"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mubashrah","family":"Saddiqa","sequence":"additional","affiliation":[{"name":"University of Southern,Denmark"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Krzysztof","family":"Sierszecki","sequence":"additional","affiliation":[{"name":"University of Southern,Denmark"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2008.131"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3406112"},{"volume-title":"MSTAR: A Modular, Evidence-Based Software Trustworthiness Framework. Archived manuscript","year":"2024","author":"Alexopoulos","key":"ref3"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2017.77"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3125270"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2008.130"},{"key":"ref7","first-page":"23","article-title":"Static Analysis Toolset with Clang","volume-title":"Proceedings of the 10th International Conference on Applied Informatics","author":"Babati"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1002\/spe.2109"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2016.105"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1007\/11767077_5"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-016-9461-5"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/SANER50967.2021.00043"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/3650212.3680313"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2007.1019"},{"key":"ref15","article-title":"Fun With NULL Pointers, Part 1","author":"Corbet","year":"2024","journal-title":"Linux Weekly News (LWN), available online in"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3475716.3475781"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/MSR52588.2021.00026"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2008.06.039"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM.2013.6648192"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2025.3548168"},{"journal-title":"GCC Online Documentation, the Free Software Foundation (FSF), Inc. Available online in","article-title":"FSF. Options That Control Static Analysis","year":"2024","key":"ref21"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427257"},{"volume-title":"Evaluation of Open Source Static Analysis Security Testing (SAST) Tools for C. German Aerospace Center","year":"2024","author":"Gentsch","key":"ref23"},{"key":"ref24","article-title":"I Wasn\u2019t Sure If This Is Indeed a Security Risk","volume-title":"Data-Driven Understanding of Security Issue Reporting in GitHub Repositories of Open Source npm Packages. Archived manuscript","author":"Ghosh","year":"2025"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2015.08.002"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2023.3329667"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/MSR59073.2023.00018"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME58846.2023.00060"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2011.34"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-42504-3_22"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.3390\/su132212848"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-022-00455-w"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.2307\/2280779"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/3168365.3170425"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-023-10403-x"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-022-10173-y"},{"volume-title":"Static Analysis in GCC 10. Red Hat Developer Blog. Available online in","year":"2024","author":"Malcolm","key":"ref37"},{"article-title":"Improvements to Static Analysis in the GCC 13 Compiler. Red Hat Developer Blog","year":"2024","author":"Malcolm","key":"ref38"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/3422392.3422409"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23183"},{"volume-title":"Common Weakness Enumeration: A CommunityDeveloped List of SW & HW Weaknesses That Can Become Vulnerabilities","year":"2024","author":"MITRE","key":"ref41"},{"key":"ref42","article-title":"CWE VIEW: Weaknesses Addressed by the SEI CERT C Coding Standard","author":"MITRE","year":"2024","journal-title":"Available online in July"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/SEAA64295.2024.00068"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/asew49067.2019"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102470"},{"year":"2024","key":"ref46","article-title":"NIST. Juliet C\/C++ 1.3. National Institute of Standards and Technology (NIST)"},{"journal-title":"Open Source Security Foundation (OpenSSF). Available online in July","article-title":"OpenSSF. Compiler Options Hardening Guide for C and C++","year":"2024","key":"ref47"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-91602-6_6"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1046\/j.1365-2575.2002.00118.x"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/csr57506.2023"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2020.106488"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/3319008.3319029"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/pst52912.2021.9647791"},{"key":"ref54","article-title":"The Popularity Hypothesis in Software Security: A Large-Scale Replication with PHP Packages","author":"Ruohonen","year":"2025","journal-title":"Archived manuscript"},{"article-title":"Tracing Vulnerability Propagation Across Open Source Software Ecosystems. Archived manuscript","year":"2025","author":"Ruohonen","key":"ref55"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2018.06.005"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/ISSREW.2019.00084"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00140"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623122"},{"article-title":"A Large-Scale Study of IoT Security Weaknesses and Vulnerabilities in the Wild. Archived manuscript","year":"2024","author":"Selvaraj","key":"ref60"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2012.38"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2009.02.058"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2911732"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1145\/3664476.3670871"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1145\/3487019.3487021"},{"key":"ref66","article-title":"How Are Software Repositories Mined? A Systematic Literature Review of Workflows","author":"Tutko","year":"2024","journal-title":"Methodologies, Reproducibility, and Tools. Archived manuscript. Available online in"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-019-09750-5"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2018.8330195"},{"key":"ref69","article-title":"Secure Programming with Static Analysis","author":"West","year":"2008","journal-title":"In OWASPDay II"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1109\/AIBThings63359.2024.10863638"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.2"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2019.8668013"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2019.8667997"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1145\/1029894.1029911"}],"event":{"name":"2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)","start":{"date-parts":[[2025,8,26]]},"location":"Fredericton, NB, Canada","end":{"date-parts":[[2025,8,28]]}},"container-title":["2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11268482\/11268814\/11268853.pdf?arnumber=11268853","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,4]],"date-time":"2025-12-04T08:22:21Z","timestamp":1764836541000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11268853\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,26]]},"references-count":74,"URL":"https:\/\/doi.org\/10.1109\/pst65910.2025.11268853","relation":{},"subject":[],"published":{"date-parts":[[2025,8,26]]}}}