{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T18:07:29Z","timestamp":1768414049415,"version":"3.49.0"},"reference-count":76,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/100013322","name":"European Union\/European Federation of Pharmaceutical Industries and Associations (EU\/EFPIA) Innovative Medicines Initiative 2 Joint Undertaking","doi-asserted-by":"publisher","award":["806968"],"award-info":[{"award-number":["806968"]}],"id":[{"id":"10.13039\/100013322","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2023]]},"DOI":"10.1109\/access.2023.3315595","type":"journal-article","created":{"date-parts":[[2023,9,14]],"date-time":"2023-09-14T17:57:19Z","timestamp":1694714239000},"page":"100234-100255","source":"Crossref","is-referenced-by-count":19,"title":["Open Source Solutions for Vulnerability Assessment: A Comparative Analysis"],"prefix":"10.1109","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5687-4888","authenticated-orcid":false,"given":"Dinis Barroqueiro","family":"Cruz","sequence":"first","affiliation":[{"name":"Department of Electronics, Telecommunications and Informatics (DETI), LASI, Institute of Electronics and Informatics Engineering of Aveiro (IEETA), University of Aveiro, Aveiro, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0729-2264","authenticated-orcid":false,"given":"Jo\u00e3o Rafael","family":"Almeida","sequence":"additional","affiliation":[{"name":"Department of Electronics, Telecommunications and Informatics (DETI), LASI, Institute of Electronics and Informatics Engineering of Aveiro (IEETA), University of Aveiro, Aveiro, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6672-6176","authenticated-orcid":false,"given":"Jos\u00e9 Lu\u00eds","family":"Oliveira","sequence":"additional","affiliation":[{"name":"Department of Electronics, Telecommunications and Informatics (DETI), LASI, Institute of Electronics and Informatics Engineering of Aveiro (IEETA), University of Aveiro, Aveiro, Portugal"}]}],"member":"263","reference":[{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.5120\/ijca2017914750"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/IC2E.2019.00026"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/BigDataSecurity.2017.47"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23418"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/TASE.2019.00-18"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2019.8668013"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.32604\/cmc.2020.010885"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-57735-7_17"},{"key":"ref53","year":"2023","journal-title":"OWASP Source code analysis tools"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/2961111.2962587"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2006.108"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2015.48"},{"key":"ref10","year":"2022","journal-title":"Etl2020&#x2014;Web Application Attacks"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/COMSNETS48256.2020.9027350"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/INNOVATIONS.2014.6987569"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.19101\/IJACR.2018.838012"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2018.00144"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2004.1281254"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2022.103460"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.3390\/s22010128"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/INTECH.2015.7173368"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2017.18"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/ACIT57182.2022.9994139"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME52107.2021.00048"},{"key":"ref42","article-title":"Continuous integration","author":"fowler","year":"2006"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/2.796139"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2015.50"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2015.27"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2014.58"},{"key":"ref8","article-title":"Defect prevention: Reducing costs and enhancing quality","author":"soni","year":"2006"},{"key":"ref7","year":"2022","journal-title":"ENISA Threat Landscape 2022"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.103"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3173836"},{"key":"ref3","year":"2019","journal-title":"Quadro nacional de refer&#x00EA;ncia para a ciberseguran&#x00E7;a"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/1858996.1859089"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.2478\/hjbpa-2018-0024"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2016.68"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/ISPASS.2015.7095802"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/MCC.2014.51"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/MCC.2016.100"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2015.62"},{"key":"ref31","article-title":"Open vulnerability assessment language (OVAL) validation program derived test requirements","author":"banghart","year":"2010"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1016\/S0034-4257(97)00083-7"},{"key":"ref30","first-page":"1","article-title":"Standardizing cyber threat intelligence information with the structured threat information expression (STIX)","volume":"11","author":"barnum","year":"2012","journal-title":"MITRE Corp"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/TechDebt.2019.00024"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/CCAA.2017.8229914"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3365199"},{"key":"ref76","article-title":"OWASP zed attack proxy","author":"bennetts","year":"2013"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.11610\/isij.3206"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3197899"},{"key":"ref39","first-page":"162","article-title":"Software development life cycle agile vs traditional approaches","volume":"37","author":"leau","year":"2012","journal-title":"Proc Int Conf Inf Netw Technol"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2911732"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1145\/2093548.2093564"},{"key":"ref70","article-title":"Automated whitebox fuzz testing","author":"godefroid","year":"2008"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1145\/2109205.2109208"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.5120\/10440-5125"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/ICSGEA.2019.00131"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3161522"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.3390\/app10249119"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2018.00054"},{"key":"ref26","author":"shirey","year":"4949","journal-title":"Internet Security Glossary Version 2"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2013.445"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/96267.96279"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/CINTI.2016.7846383"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1046\/j.1365-2575.2002.00118.x"},{"key":"ref63","article-title":"Lint, a C program checker","author":"johnson","year":"1977"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-SEIP.2019.00014"},{"key":"ref66","article-title":"The dynamics of software composition analysis","author":"foo","year":"2019","journal-title":"arXiv 1909 00973"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3475716.3475769"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9521-5"},{"key":"ref28","year":"2022","journal-title":"Owasp Top 10 2022"},{"key":"ref27","year":"2022","journal-title":"Software Weaknesses 2022"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.3390\/computers9010018"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/CCWC47524.2020.9031195"},{"key":"ref62","first-page":"1","article-title":"The need for fourth generation static analysis tools for security&#x2013;from bugs to flaws","author":"lebanidze","year":"2008","journal-title":"Proc Appl Secur Conf"},{"key":"ref61","article-title":"Container vulnerability scanners: An analysis","author":"jagelid","year":"2020"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/10005208\/10251527.pdf?arnumber=10251527","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,9]],"date-time":"2023-10-09T19:18:03Z","timestamp":1696879083000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10251527\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"references-count":76,"URL":"https:\/\/doi.org\/10.1109\/access.2023.3315595","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]}}}