{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,26]],"date-time":"2026-01-26T19:30:20Z","timestamp":1769455820465,"version":"3.49.0"},"reference-count":58,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2022,6,1]],"date-time":"2022-06-01T00:00:00Z","timestamp":1654041600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2022,6,1]],"date-time":"2022-06-01T00:00:00Z","timestamp":1654041600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2022,6,1]],"date-time":"2022-06-01T00:00:00Z","timestamp":1654041600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"FCT","award":["PTDC\/CCI-INF\/29058\/2017"],"award-info":[{"award-number":["PTDC\/CCI-INF\/29058\/2017"]}]},{"name":"LASIGE","award":["UIDB\/00408\/2020"],"award-info":[{"award-number":["UIDB\/00408\/2020"]}]},{"name":"LASIGE","award":["UIDP\/00408\/2020"],"award-info":[{"award-number":["UIDP\/00408\/2020"]}]},{"name":"INESC-ID","award":["UIDB\/50021\/2020"],"award-info":[{"award-number":["UIDB\/50021\/2020"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Rel."],"published-print":{"date-parts":[[2022,6]]},"DOI":"10.1109\/tr.2021.3137314","type":"journal-article","created":{"date-parts":[[2022,1,11]],"date-time":"2022-01-11T20:35:51Z","timestamp":1641933351000},"page":"1033-1056","source":"Crossref","is-referenced-by-count":10,"title":["Statically Detecting Vulnerabilities by Processing Programming Languages as Natural Languages"],"prefix":"10.1109","volume":"71","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4478-8680","authenticated-orcid":false,"given":"Iberia","family":"Medeiros","sequence":"first","affiliation":[{"name":"LASIGE, Faculdade de Ciências, Universidade de Lisboa – Portugal, Lisboa, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0411-4542","authenticated-orcid":false,"given":"Nuno","family":"Neves","sequence":"additional","affiliation":[{"name":"LASIGE, Faculdade de Ciências, Universidade de Lisboa – Portugal, Lisboa, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7873-5531","authenticated-orcid":false,"given":"Miguel","family":"Correia","sequence":"additional","affiliation":[{"name":"INESC-ID, Instituto Superior Técnico, Universidade de Lisboa – Portugal, Lisboa, Portugal"}]}],"member":"263","reference":[{"key":"ref1","article-title":"OWASP top 10 2017 - The ten most critical web application security risks","author":"Gigler","year":"2017"},{"key":"ref2","article-title":"The state of web application vulnerabilities in 2019","author":"Bekerman","year":"2020"},{"key":"ref3","article-title":"Millions of websites hit by Drupal hack attack","volume-title":"BBC Technology","year":"2014"},{"key":"ref4","article-title":"Wordpress plugin used by 300,000 sites found vulnerable to SQL injection attack","author":"News","year":"2017"},{"key":"ref5","article-title":"Million-plus wordpress sites exposed by vulnerable plugin","year":"2017"},{"key":"ref6","article-title":"Its 3 billion! yes, every single yahoo account was hacked in 2013 data breach","author":"News","year":"2017"},{"key":"ref7","article-title":"Hacker breached 60 units, govt agencies via SQL injection","year":"2017"},{"key":"ref8","article-title":"XSS attacks: The next wave","year":"2017"},{"key":"ref9","article-title":"The state of web application vulnerabilities in 2017","author":"Elul","year":"2017"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23262"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2014.20"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/1134744.1134751"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2015.2457411"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/2771783.2771787"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2021.103009"},{"key":"ref16","article-title":"SAMATE - software assurance metrics and tool evaluation"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0225196"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/ICSTW50294.2020.00083"},{"key":"ref19","article-title":"A hybrid graph neural network approach for detecting PHP vulnerabilities","volume-title":"ArXiv","volume":"abs\/2012.08835","author":"Rabheru","year":"2020"},{"key":"ref20","article-title":"VulDeePecker: A deep learning-based system for vulnerability detection","volume-title":"Proc. Annu. Netw. Distrib. Syst. Secur. Symp.","author":"Rabheru","year":"2018"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.3390\/app10144740"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2012.6227096"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2351676.2351733"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/5.18626"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931041"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2016.63"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1214\/aoms\/1177699147"},{"key":"ref29","volume-title":"Speech and Language Processing","author":"Jurafsky","year":"2009"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-02143-5"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1967.1054010"},{"key":"ref32","first-page":"1","article-title":"Statistical comparisons of classifiers over multiple data sets","volume":"7","author":"Demar","year":"2006","journal-title":"J. Mach. Learn. Res."},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1147\/rd.32.0114"},{"key":"ref35","article-title":"CVE"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.16"},{"key":"ref37","first-page":"10197","article-title":"Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks","volume-title":"Proc. 33rd Conf. Adv. Neural Inf. Process. Syst.","author":"Zhou","year":"2019"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516665"},{"key":"ref39","volume-title":"Data Mining: Practical Machine Learning Tools and Techniques","author":"Witten","year":"2011"},{"key":"ref40","article-title":"Apache tinkerpop. The gremlin graph traversal machine and language","author":"Apache"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2017.14"},{"key":"ref43","first-page":"377","article-title":"NAVEX: Precise and scalable exploit generation for dynamic web applications","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Alhuzali","year":"2018"},{"key":"ref45","volume-title":"Quasi-Experimentation: Design and Analysis Issues for Field Settings","author":"Cook","year":"1979"},{"key":"ref46","first-page":"201","article-title":"Detecting format-string vulnerabilities with type qualifiers","volume-title":"Proc. 10th USENIX Secur. Symp.","author":"Shankar","year":"2001"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/2166956.2166964"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/52.976940"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.44"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.54"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2009.06.055"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2008.35"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315311"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2009.5314215"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813604"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2013.6606610"},{"key":"ref57","first-page":"625","article-title":"Automatically detecting vulnerable websites before they turn malicious","volume-title":"Proc. 23rd USENIX Secur. Symp.","author":"Soska","year":"2014"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2014.2340398"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23039"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/2857705.2857720"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2018.00120"},{"key":"ref62","article-title":"Opening the black box of deep neural networks via information","author":"Shwartz-Ziv","year":"2017"}],"container-title":["IEEE Transactions on Reliability"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/24\/9787285\/09678105.pdf?arnumber=9678105","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,13]],"date-time":"2024-01-13T22:37:00Z","timestamp":1705185420000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9678105\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,6]]},"references-count":58,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/tr.2021.3137314","relation":{},"ISSN":["0018-9529","1558-1721"],"issn-type":[{"value":"0018-9529","type":"print"},{"value":"1558-1721","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,6]]}}}