{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T20:51:17Z","timestamp":1760043077806,"version":"3.37.3"},"reference-count":56,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"Portuguese Foundation for Science and Technology","award":["2020.04503.BD"],"award-info":[{"award-number":["2020.04503.BD"]}]},{"DOI":"10.13039\/501100001871","name":"Project METRICS through FCT","doi-asserted-by":"publisher","award":["POCI-01-0145-FEDER-032504"],"award-info":[{"award-number":["POCI-01-0145-FEDER-032504"]}],"id":[{"id":"10.13039\/501100001871","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001871","name":"Project \u201cAIDA\u2014Adaptive, Intelligent and Distributed Assurance Platform\u201d co-financed by the European Regional Development Fund (ERDF) and COMPETE 2020","doi-asserted-by":"publisher","award":["POCI-01-0247-FEDER-045907"],"award-info":[{"award-number":["POCI-01-0247-FEDER-045907"]}],"id":[{"id":"10.13039\/501100001871","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100008047","name":"FCT under Carnegie Mellon University (CMU) Portugal","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100008047","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2021]]},"DOI":"10.1109\/access.2021.3120349","type":"journal-article","created":{"date-parts":[[2021,10,15]],"date-time":"2021-10-15T23:44:30Z","timestamp":1634341470000},"page":"142879-142892","source":"Crossref","is-referenced-by-count":15,"title":["Characterizing Buffer Overflow Vulnerabilities in Large C\/C++ Projects"],"prefix":"10.1109","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0717-3396","authenticated-orcid":false,"given":"Jose D'Abruzzo","family":"Pereira","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8376-6711","authenticated-orcid":false,"given":"Naghmeh","family":"Ivaki","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5103-8541","authenticated-orcid":false,"given":"Marco","family":"Vieira","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23158"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2006.38"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/ISSREW.2015.7392027"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/SYNASC.2017.00035"},{"article-title":"Structured testing: A testing methodology using the cyclomatic complexity metric","year":"1996","author":"watson","key":"ref31"},{"key":"ref30","doi-asserted-by":"crossref","first-page":"581","DOI":"10.1007\/978-81-322-2268-2_59","article-title":"Static analysis: A survey of techniques and tools","author":"gosain","year":"2015","journal-title":"Intelligent Computing and Applications"},{"journal-title":"Threat Modeling Designing for Security","year":"2014","author":"shostack","key":"ref37"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9541-1"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/EDCC.2016.34"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2021.106614"},{"journal-title":"Coverity static application security testing","year":"2021","key":"ref28"},{"journal-title":"SonarQube in Action","year":"2013","author":"campbell","key":"ref27"},{"key":"ref29","first-page":"1","article-title":"Software vulnerabilities, prevention and detection methods: A review","author":"freitez","year":"2009","journal-title":"SEC-MDA Security in Model Driven Architecture"},{"journal-title":"COVID-19 Accounts For Most 2020 Cyberattacks","year":"2020","author":"jaffee","key":"ref2"},{"journal-title":"Information Technology&#x2014;Security Techniques&#x2014;Information Security Management Systems&#x2014;Overview and Vocabulary","year":"2018","key":"ref1"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/MINES.2012.202"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.111"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.23"},{"article-title":"FxCop and code analysis: Writing your own custom rules","year":"2008","author":"kresowaty","key":"ref24"},{"journal-title":"SpotBugs","year":"2021","key":"ref23"},{"journal-title":"Parasoft CPPTest&#x2014;C\/C++ Static Code Analysis","year":"2021","key":"ref26"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.29"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2018.00120"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1007\/s11859-019-1380-z"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2019.09.009"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-011-9190-8"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1981.231113"},{"journal-title":"OWASP Top 10&#x2013;2017&#x2013;The Ten Most Critical Web Application Security Risks","year":"2017","author":"van der stock","key":"ref53"},{"key":"ref52","doi-asserted-by":"crossref","first-page":"2329","DOI":"10.3390\/s21072329","article-title":"The presence, trends, and causes of security vulnerabilities in operating systems of IoT&#x2019;s low-end devices","volume":"21","author":"al-boghdady","year":"2021","journal-title":"SENSORS"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.81"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/LADC.2016.32"},{"journal-title":"National Vulnerability Database","year":"2005","key":"ref40"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2017.11"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2013.6606613"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3041181"},{"key":"ref15","first-page":"19","article-title":"Using a diagnostic corpus of C programs to evaluate buffer overflow detection by static analysis tools","author":"kratkiewicz","year":"2005","journal-title":"Proc Workshop Eval Softw Defect Detection Tools"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/1370788.1370793"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2006.72"},{"journal-title":"CWE-119 Improper Restriction of Operations With in the Bounds of a Memory Buffer","year":"2006","key":"ref18"},{"journal-title":"Common Weakness Enumeration","year":"2021","key":"ref19"},{"journal-title":"What are the Most Secure Programming Languages?","year":"2021","key":"ref4"},{"journal-title":"Security Spending Will Top 40% in Most 2021 IT Budgets","year":"2021","author":"zurier","key":"ref3"},{"journal-title":"The SEI CERT C++ Coding Standard","year":"2021","key":"ref6"},{"journal-title":"OWASP Secure Coding Practices&#x2014;Quick Reference Guide-OWASP","year":"2010","author":"turpin","key":"ref5"},{"journal-title":"Secure Programming with Static Analysis","year":"2007","author":"chess","key":"ref8"},{"journal-title":"Software Engineering Economics","year":"1981","author":"boehm","key":"ref7"},{"journal-title":"Flawfinder 2001","year":"2019","author":"wheeler","key":"ref49"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2014.32"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1177\/001316446002000104"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/32.177364"},{"journal-title":"Cppcheck&#x2014;A Tool for Static C\/C++ Code Analysis 2007","year":"2019","author":"marjam\u00e4ki","key":"ref48"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.2307\/2529310"},{"key":"ref42","first-page":"49","article-title":"Dowsing for overflows: A guided fuzzer to find buffer boundary violations","author":"haller","year":"2013","journal-title":"Proc 22nd USENIX Secur Symp (USENIX Secur )"},{"key":"ref41","first-page":"989","article-title":"Towards efficient heap overflow discovery","author":"jia","year":"2017","journal-title":"Proc 26th USENIX Secur Symp (USENIX Secur )"},{"journal-title":"SciTools Understand&#x2014;Metrics","year":"2011","key":"ref44"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380923"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/9312710\/09576064.pdf?arnumber=9576064","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,2,21]],"date-time":"2022-02-21T22:17:46Z","timestamp":1645481866000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9576064\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"references-count":56,"URL":"https:\/\/doi.org\/10.1109\/access.2021.3120349","relation":{},"ISSN":["2169-3536"],"issn-type":[{"type":"electronic","value":"2169-3536"}],"subject":[],"published":{"date-parts":[[2021]]}}}