{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T16:08:29Z","timestamp":1775837309066,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2015,10,12]],"date-time":"2015-10-12T00:00:00Z","timestamp":1444608000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,10,12]]},"DOI":"10.1145\/2810103.2813604","type":"proceedings-article","created":{"date-parts":[[2015,10,6]],"date-time":"2015-10-06T15:22:12Z","timestamp":1444144932000},"page":"426-437","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":200,"title":["VCCFinder"],"prefix":"10.1145","author":[{"given":"Henning","family":"Perl","sequence":"first","affiliation":[{"name":"Fraunhofer FKIE, Bonn, Germany"}]},{"given":"Sergej","family":"Dechand","sequence":"additional","affiliation":[{"name":"University of Bonn, Bonn, Germany"}]},{"given":"Matthew","family":"Smith","sequence":"additional","affiliation":[{"name":"University of Bonn, Bonn, Germany"}]},{"given":"Daniel","family":"Arp","sequence":"additional","affiliation":[{"name":"University of G\u00f6ttingen, G\u00f6ttingen, Germany"}]},{"given":"Fabian","family":"Yamaguchi","sequence":"additional","affiliation":[{"name":"University of G\u00f6ttingen, G\u00f6ttingen, Germany"}]},{"given":"Konrad","family":"Rieck","sequence":"additional","affiliation":[{"name":"University of G\u00f6ttingen, G\u00f6ttingen, Germany"}]},{"given":"Sascha","family":"Fahl","sequence":"additional","affiliation":[{"name":"Saarland University, Saarbr\u00fccken, Germany"}]},{"given":"Yasemin","family":"Acar","sequence":"additional","affiliation":[{"name":"Saarland University, Saarbr\u00fccken, Germany"}]}],"member":"320","published-online":{"date-parts":[[2015,10,12]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Clang static analyzer. http:\/\/clang-analyzer.llvm.org\/. Accessed: 2015-05-08.  Clang static analyzer. http:\/\/clang-analyzer.llvm.org\/. Accessed: 2015-05-08."},{"key":"e_1_3_2_1_2_1","volume-title":"A linux system call fuzzer","unstructured":"Trinity : A linux system call fuzzer . http:\/\/codemonkey.org.uk\/projects\/trinity\/. Accessed: 2015-05-08. Trinity: A linux system call fuzzer. http:\/\/codemonkey.org.uk\/projects\/trinity\/. Accessed: 2015-05-08."},{"key":"e_1_3_2_1_3_1","unstructured":"Valgrind. http:\/\/valgrind.org\/. Accessed: 2015-05-08.  Valgrind. http:\/\/valgrind.org\/. Accessed: 2015-05-08."},{"key":"e_1_3_2_1_4_1","volume-title":"https:\/\/www.grammatech.com\/codesonar\/, visited","year":"2015","unstructured":"CodeSonar\u00ae | GrammaTech static analysis. https:\/\/www.grammatech.com\/codesonar\/, visited August , 2015 . CodeSonar\u00ae | GrammaTech static analysis. https:\/\/www.grammatech.com\/codesonar\/, visited August, 2015."},{"key":"e_1_3_2_1_5_1","volume-title":"https:\/\/scan.coverity.com\/, visited","year":"2015","unstructured":"Coverity Scan -- static analysis. https:\/\/scan.coverity.com\/, visited August , 2015 . Coverity Scan -- static analysis. https:\/\/scan.coverity.com\/, visited August, 2015."},{"key":"e_1_3_2_1_6_1","volume-title":"https:\/\/www.hpfod.com\/, visited","author":"Fortify HP","year":"2015","unstructured":"HP Fortify . https:\/\/www.hpfod.com\/, visited August , 2015 . HP Fortify. https:\/\/www.hpfod.com\/, visited August, 2015."},{"key":"e_1_3_2_1_7_1","volume-title":"https:\/\/www.ibm.com\/software\/products\/en\/appscan-source\/, visited","author":"Security AppScan Source IBM","year":"2015","unstructured":"IBM Security AppScan Source . https:\/\/www.ibm.com\/software\/products\/en\/appscan-source\/, visited August , 2015 . IBM Security AppScan Source. https:\/\/www.ibm.com\/software\/products\/en\/appscan-source\/, visited August, 2015."},{"key":"e_1_3_2_1_8_1","volume-title":"https:\/\/msdn.microsoft.com\/en-us\/library\/ms933794.aspx, visited","year":"2015","unstructured":"PREfast analysis tool. https:\/\/msdn.microsoft.com\/en-us\/library\/ms933794.aspx, visited January , 2015 . PREfast analysis tool. https:\/\/msdn.microsoft.com\/en-us\/library\/ms933794.aspx, visited January, 2015."},{"key":"e_1_3_2_1_9_1","volume-title":"https:\/\/code.google.com\/p\/rough-auditing-tool-for-security\/, visited","year":"2015","unstructured":"Rough auditing tool for security (RATS). https:\/\/code.google.com\/p\/rough-auditing-tool-for-security\/, visited January , 2015 . Rough auditing tool for security (RATS). https:\/\/code.google.com\/p\/rough-auditing-tool-for-security\/, visited January, 2015."},{"key":"e_1_3_2_1_10_1","volume-title":"http:\/\/splint.org\/, visited","year":"2015","unstructured":"Splint -- annotation-assisted lightweight static checking. http:\/\/splint.org\/, visited January , 2015 . Splint -- annotation-assisted lightweight static checking. http:\/\/splint.org\/, visited January, 2015."},{"key":"e_1_3_2_1_11_1","first-page":"339","volume-title":"USENIX Security Symposium","volume":"10","author":"Bandhakavi S.","year":"2010","unstructured":"S. Bandhakavi , S. T. King , P. Madhusudan , and M. Winslett . VEX: Vetting browser extensions for security vulnerabilities . In USENIX Security Symposium , volume 10 , pages 339 -- 354 , 2010 . S. Bandhakavi, S. T. King, P. Madhusudan, and M. Winslett. VEX: Vetting browser extensions for security vulnerabilities. In USENIX Security Symposium, volume 10, pages 339--354, 2010."},{"key":"e_1_3_2_1_12_1","first-page":"209","volume-title":"OSDI","volume":"8","author":"Cadar C.","year":"2008","unstructured":"C. Cadar , D. Dunbar , and D. R. Engler . KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs . In OSDI , volume 8 , pages 209 -- 224 , 2008 . C. Cadar, D. Dunbar, and D. R. Engler. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In OSDI, volume 8, pages 209--224, 2008."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2008.24"},{"key":"e_1_3_2_1_14_1","first-page":"139","volume-title":"USENIX Security Symposium","author":"Cho C. Y.","year":"2011","unstructured":"C. Y. Cho , D. Babic , P. Poosankam , K. Z. Chen , E. X. Wu , and D. Song . MACE: Model-inference-assisted concolic exploration for protocol and vulnerability discovery . In USENIX Security Symposium , pages 139 -- 154 , 2011 . C. Y. Cho, D. Babic, P. Poosankam, K. Z. Chen, E. X. Wu, and D. Song. MACE: Model-inference-assisted concolic exploration for protocol and vulnerability discovery. In USENIX Security Symposium, pages 139--154, 2011."},{"key":"e_1_3_2_1_15_1","first-page":"989","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Dahse J.","year":"2014","unstructured":"J. Dahse and T. Holz . Static detection of second-order vulnerabilities in web applications . In 23rd USENIX Security Symposium (USENIX Security 14) , pages 989 -- 1003 , San Diego, CA , Aug. 2014 . USENIX Association. J. Dahse and T. Holz. Static detection of second-order vulnerabilities in web applications. In 23rd USENIX Security Symposium (USENIX Security 14), pages 989--1003, San Diego, CA, Aug. 2014. USENIX Association."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/362929.362947"},{"key":"e_1_3_2_1_17_1","volume-title":"LIBLINEAR: A library for large linear classification. Journal of Machine Learning Research (JMLR), 9: 1871--1874","author":"Fan R.-E.","year":"2008","unstructured":"R.-E. Fan , K.-W. Chang , C.-J. Hsieh , X.-R. Wang , and C.-J. Lin . LIBLINEAR: A library for large linear classification. Journal of Machine Learning Research (JMLR), 9: 1871--1874 , 2008 . R.-E. Fan, K.-W. Chang, C.-J. Hsieh, X.-R. Wang, and C.-J. Lin. LIBLINEAR: A library for large linear classification. Journal of Machine Learning Research (JMLR), 9: 1871--1874, 2008."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.4236\/jsea.2009.23020"},{"key":"e_1_3_2_1_19_1","volume-title":"Elements of software science","author":"Halstead M. H.","unstructured":"M. H. Halstead . Elements of software science . Elsevier computer science library: operational programming systems series. North-Holland, New York, NY, 1977. M. H. Halstead. Elements of software science. Elsevier computer science library: operational programming systems series. North-Holland, New York, NY, 1977."},{"key":"e_1_3_2_1_20_1","first-page":"445","volume-title":"Presented as part of the 21st USENIX Security Symposium (USENIX Security 12)","author":"Holler C.","year":"2012","unstructured":"C. Holler , K. Herzig , and A. Zeller . Fuzzing with code fragments . In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12) , pages 445 -- 458 , Bellevue, WA , 2012 . USENIX. C. Holler, K. Herzig, and A. Zeller. Fuzzing with code fragments. In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), pages 445--458, Bellevue, WA, 2012. USENIX."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2007.70773"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1976.233837"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382756.2382785"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2013.19"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2661685.2661687"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315311"},{"key":"e_1_3_2_1_27_1","volume-title":"Nov.","author":"Rieck K.","year":"2012","unstructured":"K. Rieck , C. Wressnegger , and A. Bikadorov . Sally: A tool for embedding strings in vector spaces. Journal of Machine Learning Research (JMLR), 13 (Nov): 3247--3251 , Nov. 2012 . K. Rieck, C. Wressnegger, and A. Bikadorov. Sally: A tool for embedding strings in vector spaces. Journal of Machine Learning Research (JMLR), 13 (Nov): 3247--3251, Nov. 2012."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-54804-8_11"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1108\/eb026671"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.5555\/576628"},{"issue":"10","key":"e_1_3_2_1_31_1","first-page":"993","article-title":"Predicting vulnerable software components via text mining. Software Engineering","volume":"40","author":"Scandariato R.","year":"2014","unstructured":"R. Scandariato , J. Walden , A. Hovsepyan , and W. Joosen . Predicting vulnerable software components via text mining. Software Engineering , IEEE Transactions on , 40 ( 10 ): 993 -- 1006 , Oct 2014 . R. Scandariato, J. Walden, A. Hovsepyan, and W. Joosen. Predicting vulnerable software components via text mining. Software Engineering, IEEE Transactions on, 40 (10): 993--1006, Oct 2014.","journal-title":"IEEE Transactions on"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1082983.1083147"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1002\/ejsp.2420020412"},{"key":"e_1_3_2_1_34_1","volume-title":"http:\/\/www.dwheeler.com\/flawfinder\/, visited","author":"Wheeler D. A.","year":"2015","unstructured":"D. A. Wheeler . Flawfinder. http:\/\/www.dwheeler.com\/flawfinder\/, visited January , 2015 . D. A. Wheeler. Flawfinder. http:\/\/www.dwheeler.com\/flawfinder\/, visited January, 2015."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/HSI.2012.22"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516665"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.44"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2010.32"}],"event":{"name":"CCS'15: The 22nd ACM Conference on Computer and Communications Security","location":"Denver Colorado USA","acronym":"CCS'15","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2810103.2813604","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2810103.2813604","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T05:48:36Z","timestamp":1750225716000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2810103.2813604"}},"subtitle":["Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits"],"short-title":[],"issued":{"date-parts":[[2015,10,12]]},"references-count":38,"alternative-id":["10.1145\/2810103.2813604","10.1145\/2810103"],"URL":"https:\/\/doi.org\/10.1145\/2810103.2813604","relation":{},"subject":[],"published":{"date-parts":[[2015,10,12]]},"assertion":[{"value":"2015-10-12","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}