{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:16:48Z","timestamp":1763468208952,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":36,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,9,18]],"date-time":"2014-09-18T00:00:00Z","timestamp":1410998400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,9,18]]},"DOI":"10.1145\/2652524.2652533","type":"proceedings-article","created":{"date-parts":[[2014,9,5]],"date-time":"2014-09-05T19:09:15Z","timestamp":1409944155000},"page":"1-10","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["Discovering buffer overflow vulnerabilities in the wild"],"prefix":"10.1145","author":[{"given":"Ming","family":"Fang","sequence":"first","affiliation":[{"name":"Auburn University, Auburn, AL"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Munawar","family":"Hafiz","sequence":"additional","affiliation":[{"name":"Auburn University, Auburn, AL"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2014,9,18]]},"reference":[{"doi-asserted-by":"publisher","key":"e_1_3_2_1_1_1","DOI":"10.1109\/RAMS.2006.1677355"},{"volume-title":"ISSRE'09","year":"2009","author":"Anbalagan P.","key":"e_1_3_2_1_2_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_3_1","DOI":"10.1109\/ICSE.2009.5070530"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_4_1","DOI":"10.1109\/2.889093"},{"volume-title":"WEIS '04","year":"2004","author":"Arora A.","key":"e_1_3_2_1_5_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_6_1","DOI":"10.1109\/ESEM.2011.18"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_7_1","DOI":"10.1002\/spe.2109"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_8_1","DOI":"10.1145\/1646353.1646374"},{"volume-title":"IEEE Computer Society","year":"2001","author":"Browne H.","key":"e_1_3_2_1_9_1"},{"volume-title":"McGraw-Hill","year":"1978","author":"Denzin N.","key":"e_1_3_2_1_10_1"},{"volume-title":"DIMVA '10","year":"2010","author":"Doup\u00e9 A.","key":"e_1_3_2_1_11_1"},{"volume-title":"USENIX Security' 13","year":"2013","author":"Finifter M.","key":"e_1_3_2_1_12_1"},{"volume-title":"WEIS '09","year":"2009","author":"Frei S.","key":"e_1_3_2_1_13_1"},{"volume-title":"BlackHat Europe","year":"2008","author":"Frei S.","key":"e_1_3_2_1_14_1"},{"volume-title":"CERIAS","year":"2005","author":"Gopalakrishna R.","key":"e_1_3_2_1_15_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_16_1","DOI":"10.5555\/2486788.2486877"},{"volume-title":"Sage Publications Ltd","year":"2004","author":"Krippendorff K.","key":"e_1_3_2_1_17_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_18_1","DOI":"10.1109\/ESEM.2007.82"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_19_1","DOI":"10.1145\/1853919.1853925"},{"unstructured":"P. Mell K. Scarfone and S. Romanosky. CVSS: A complete guide to the Common Vulnerability Scoring System Version 2.0. Technical report FIRST.org 2007.  P. Mell K. Scarfone and S. Romanosky. CVSS: A complete guide to the Common Vulnerability Scoring System Version 2.0. Technical report FIRST.org 2007.","key":"e_1_3_2_1_20_1"},{"key":"e_1_3_2_1_21_1","first-page":"109","article-title":"Evaluation of patch management strategies","volume":"3","author":"Okhravi H.","year":"2008","journal-title":"International Journal of Computational Intelligence: Theory and Practice"},{"unstructured":"M. Patton. Qualitative Research & Evaluation Methods. Sage Publications Ltd Singapore 3 edition 2001.  M. Patton. Qualitative Research & Evaluation Methods . Sage Publications Ltd Singapore 3 edition 2001.","key":"e_1_3_2_1_22_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_23_1","DOI":"10.1109\/ISSRE.2004.1"},{"volume-title":"Sage Publications Ltd","year":"2009","author":"Saldana J.","key":"e_1_3_2_1_24_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_25_1","DOI":"10.1109\/ISSRE.2013.6698898"},{"key":"e_1_3_2_1_26_1","article-title":"Full disclosure and the window of exposure","author":"Schneier B.","year":"2000","journal-title":"Crypto-Gram Newsletter"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_27_1","DOI":"10.1007\/978-3-642-27576-0_24"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_28_1","DOI":"10.1109\/IMF.2009.15"},{"unstructured":"SecurityFocus. Bugtraq vulnerability list. http:\/\/www.securityfocus.com\/.  SecurityFocus. Bugtraq vulnerability list. http:\/\/www.securityfocus.com\/.","key":"e_1_3_2_1_29_1"},{"volume-title":"ICSE '12","year":"2012","author":"Shahzad M.","key":"e_1_3_2_1_30_1"},{"unstructured":"L. Suto. Analyzing the effectiveness and coverage of Web application security scanners. Technical report eEye Digital Security 2007.  L. Suto. Analyzing the effectiveness and coverage of Web application security scanners. Technical report eEye Digital Security 2007.","key":"e_1_3_2_1_31_1"},{"unstructured":"M. Weinstein. TAMS Analyzer for Macintosh OS X: The native open source Macintosh qualitative research tool.  M. Weinstein. TAMS Analyzer for Macintosh OS X: The native open source Macintosh qualitative research tool.","key":"e_1_3_2_1_32_1"},{"volume-title":"NDSS '03","year":"2003","author":"Wilander J.","key":"e_1_3_2_1_33_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_34_1","DOI":"10.1145\/1809100.1809104"},{"volume-title":"Sage Publications Ltd","year":"2004","author":"Yin R.","key":"e_1_3_2_1_35_1"},{"volume-title":"DEXA '11","year":"2011","author":"Zhang S.","key":"e_1_3_2_1_36_1"}],"event":{"sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS"],"acronym":"ESEM '14","name":"ESEM '14: 2014 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement","location":"Torino Italy"},"container-title":["Proceedings of the 8th ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2652524.2652533","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2652524.2652533","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:11:55Z","timestamp":1750227115000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2652524.2652533"}},"subtitle":["an empirical study"],"short-title":[],"issued":{"date-parts":[[2014,9,18]]},"references-count":36,"alternative-id":["10.1145\/2652524.2652533","10.1145\/2652524"],"URL":"https:\/\/doi.org\/10.1145\/2652524.2652533","relation":{},"subject":[],"published":{"date-parts":[[2014,9,18]]},"assertion":[{"value":"2014-09-18","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}