{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,25]],"date-time":"2025-06-25T04:11:41Z","timestamp":1750824701385,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":30,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,8,21]],"date-time":"2017-08-21T00:00:00Z","timestamp":1503273600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,8,21]]},"DOI":"10.1145\/3106237.3121276","type":"proceedings-article","created":{"date-parts":[[2017,8,2]],"date-time":"2017-08-02T19:36:18Z","timestamp":1501702578000},"page":"1056-1058","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["FOSS version differentiation as a benchmark for static analysis security testing tools"],"prefix":"10.1145","author":[{"given":"Ivan","family":"Pashchenko","sequence":"first","affiliation":[{"name":"University of Trento, Italy"}]}],"member":"320","published-online":{"date-parts":[[2017,8,21]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"National Security Agency Center for Assured Software (NSA CAS). 2012. Juliet Test Suite v1.2 for Java User Guide. (2012). National Security Agency Center for Assured Software (NSA CAS). 2012. Juliet Test Suite v1.2 for Java User Guide. (2012)."},{"key":"e_1_3_2_1_2_1","first-page":"269","article-title":"Assessing and Comparing Vulnerability Detection Tools for Web Services","volume":"8","author":"Antunes Nuno","year":"2015","unstructured":"Nuno Antunes and Marco Vieira . 2015 . Assessing and Comparing Vulnerability Detection Tools for Web Services : Benchmarking Approach and Examples. 8 , 2 (2015), 269 \u2013 283 . Nuno Antunes and Marco Vieira. 2015. Assessing and Comparing Vulnerability Detection Tools for Web Services: Benchmarking Approach and Examples. 8, 2 (2015), 269\u2013283.","journal-title":"Benchmarking Approach and Examples."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1049\/iet-sen.2009.0083"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"crossref","unstructured":"Nathaniel Ayewah William Pugh J. David Morgenthaler John Penix and YuQian Zhou. 2007. Evaluating static analysis defect warnings on production software. Nathaniel Ayewah William Pugh J. David Morgenthaler John Penix and YuQian Zhou. 2007. Evaluating static analysis defect warnings on production software.","DOI":"10.1145\/1251535.1251536"},{"key":"e_1_3_2_1_5_1","volume-title":"Black and Athos Ribeiro","author":"Paul","year":"2016","unstructured":"Paul E. Black and Athos Ribeiro . 2016 . SATE V Ockham Sound Analysis Criteria. Technical Report. National Institute of Standards and Technology (NIST) . Paul E. Black and Athos Ribeiro. 2016. SATE V Ockham Sound Analysis Criteria. Technical Report. National Institute of Standards and Technology (NIST)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2889160.2889206"},{"key":"e_1_3_2_1_7_1","unstructured":"2889206 2889206"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","unstructured":"Aurelien Delaitre Bertrand Stivalet Elizabeth Fong and Vadim Okun. 2015. Evaluating Bug Finders\u2013Test and Measurement of Static Code Analyzers. Aurelien Delaitre Bertrand Stivalet Elizabeth Fong and Vadim Okun. 2015. Evaluating Bug Finders\u2013Test and Measurement of Static Code Analyzers.","DOI":"10.1109\/COUFLESS.2015.10"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"crossref","unstructured":"Lisa Nguyen Quang Do Michael Eichberg and Eric Bodden. 2016. Toward an automated benchmark management system. ACM 13\u201317. Lisa Nguyen Quang Do Michael Eichberg and Eric Bodden. 2016. Toward an automated benchmark management system. ACM 13\u201317.","DOI":"10.1145\/2931021.2931023"},{"key":"e_1_3_2_1_10_1","volume-title":"LAVA: Large-scale automated vulnerability addition.","author":"Dolan-Gavitt Brendan","year":"2016","unstructured":"Brendan Dolan-Gavitt , Patrick Hulin , Engin Kirda , Tim Leek , Andrea Mambretti , Wil Robertson , Frederick Ulrich , and Ryan Whelan . 2016 . LAVA: Large-scale automated vulnerability addition. Brendan Dolan-Gavitt, Patrick Hulin, Engin Kirda, Tim Leek, Andrea Mambretti, Wil Robertson, Frederick Ulrich, and Ryan Whelan. 2016. LAVA: Large-scale automated vulnerability addition."},{"key":"e_1_3_2_1_11_1","volume-title":"A comparative study of industrial static analysis tools. 216","author":"Emanuelsson P\u00e4r","year":"2008","unstructured":"P\u00e4r Emanuelsson and Ulf Nilsson . 2008. A comparative study of industrial static analysis tools. 216 ( 2008 ), 5\u201321. P\u00e4r Emanuelsson and Ulf Nilsson. 2008. A comparative study of industrial static analysis tools. 216 (2008), 5\u201321."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","unstructured":"Martin Johns and Moritz Jodeit. 2011. Scanstud: a methodology for systematic fine-grained evaluation of static analysis tools. Martin Johns and Moritz Jodeit. 2011. Scanstud: a methodology for systematic fine-grained evaluation of static analysis tools.","DOI":"10.1109\/ICSTW.2011.32"},{"key":"e_1_3_2_1_13_1","unstructured":"James A Kupsch and Barton P Miller. 2009. Manual vs. automated vulnerability assessment: A case study. 83\u201397. James A Kupsch and Barton P Miller. 2009. Manual vs. automated vulnerability assessment: A case study. 83\u201397."},{"key":"e_1_3_2_1_14_1","volume-title":"Watch out for This Commit! A Study of Influential Software Changes. arXiv preprint arXiv:1606.03266","author":"Li Daoyuan","year":"2016","unstructured":"Daoyuan Li , Li Li , Dongsun Kim , Tegawend\u00e9 F Bissyand\u00e9 , David Lo , and Yves Le Traon . 2016. Watch out for This Commit! A Study of Influential Software Changes. arXiv preprint arXiv:1606.03266 ( 2016 ). Daoyuan Li, Li Li, Dongsun Kim, Tegawend\u00e9 F Bissyand\u00e9, David Lo, and Yves Le Traon. 2016. Watch out for This Commit! A Study of Influential Software Changes. arXiv preprint arXiv:1606.03266 (2016)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"crossref","unstructured":"Peng Li and Baojiang Cui. 2010. A comparative study on software vulnerability static analysis techniques and tools. Peng Li and Baojiang Cui. 2010. A comparative study on software vulnerability static analysis techniques and tools.","DOI":"10.1109\/ICITIS.2010.5689543"},{"key":"e_1_3_2_1_16_1","volume-title":"Online: http:\/\/suif. stanford. edu\/livshits\/securibench","author":"Livshits Benjamin","year":"2005","unstructured":"Benjamin Livshits . 2005. Stanford SecuriBench . Online: http:\/\/suif. stanford. edu\/livshits\/securibench ( 2005 ). Benjamin Livshits. 2005. Stanford SecuriBench. Online: http:\/\/suif. stanford. edu\/livshits\/securibench (2005)."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-015-9408-2"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-015-9408-2"},{"key":"e_1_3_2_1_19_1","unstructured":"NIST. 2016. SAMATE list of Source Code Security Analyzers. (2016). https: \/\/samate.nist.gov\/index.php\/Source_Code_Security_Analyzers.html NIST. 2016. SAMATE list of Source Code Security Analyzers. (2016). https: \/\/samate.nist.gov\/index.php\/Source_Code_Security_Analyzers.html"},{"key":"e_1_3_2_1_20_1","volume-title":"Black","author":"Okun Vadim","year":"2010","unstructured":"Vadim Okun , Aurelien Delaitre , and Paul E . Black . 2010 . The second static analysis tool exposition (SATE) 2009. (2010), 500\u2013287. Vadim Okun, Aurelien Delaitre, and Paul E. Black. 2010. The second static analysis tool exposition (SATE) 2009. (2010), 500\u2013287."},{"key":"e_1_3_2_1_21_1","volume-title":"Report on the Third Static Analysis Tool Exposition (SATE 2010","author":"Okun Vadim","year":"2011","unstructured":"Vadim Okun , Aurelien Delaitre , and Paul E. Black . 2011 . Report on the Third Static Analysis Tool Exposition (SATE 2010 ). ( 2011 ), 500\u2013283. Vadim Okun, Aurelien Delaitre, and Paul E. Black. 2011. Report on the Third Static Analysis Tool Exposition (SATE 2010). (2011), 500\u2013283."},{"key":"e_1_3_2_1_22_1","volume-title":"Black","author":"Okun Vadim","year":"2013","unstructured":"Vadim Okun , Aurelien Delaitre , and Paul E . Black . 2013 . Report on the static analysis tool exposition (SATE) IV. 500 (2013), 297. Vadim Okun, Aurelien Delaitre, and Paul E. Black. 2013. Report on the static analysis tool exposition (SATE) IV. 500 (2013), 297."},{"key":"e_1_3_2_1_23_1","volume-title":"Black","author":"Okun Vadim","year":"2009","unstructured":"Vadim Okun , Romain Gaucher , and Paul E . Black . 2009 . Static analysis tool exposition (SATE) 2008. 5, 00-2 (2009), 79. Vadim Okun, Romain Gaucher, and Paul E. Black. 2009. Static analysis tool exposition (SATE) 2008. 5, 00-2 (2009), 79."},{"key":"e_1_3_2_1_24_1","unstructured":"OWASP. 2017. OWASP list of Source Code Analysis Tools. (2017). https: \/\/www.owasp.org\/index.php\/Source_Code_Analysis_Tools OWASP. 2017. OWASP list of Source Code Analysis Tools. (2017). https: \/\/www.owasp.org\/index.php\/Source_Code_Analysis_Tools"},{"key":"e_1_3_2_1_25_1","volume-title":"Programming Language Use in US Academia and Industry. 14, 2","author":"Arfa Rabai Latifa Ben","year":"2015","unstructured":"Latifa Ben Arfa Rabai , Barry Cohen , and Ali Mili . 2015. Programming Language Use in US Academia and Industry. 14, 2 ( 2015 ), 143. Latifa Ben Arfa Rabai, Barry Cohen, and Ali Mili. 2015. Programming Language Use in US Academia and Industry. 14, 2 (2015), 143."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3088515.3088523"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Joseph R. Ruthruff John Penix J. David Morgenthaler Sebastian Elbaum and Gregg Rothermel. 2008. Predicting accurate and actionable static analysis warnings: an experimental approach. Joseph R. Ruthruff John Penix J. David Morgenthaler Sebastian Elbaum and Gregg Rothermel. 2008. Predicting accurate and actionable static analysis warnings: an experimental approach.","DOI":"10.1145\/1368088.1368135"},{"key":"e_1_3_2_1_28_1","unstructured":"David Wheeler. 2015. Static analysis tools for security. (2015). http:\/\/www. dwheeler.com\/essays\/static-analysis-tools.html David Wheeler. 2015. Static analysis tools for security. (2015). http:\/\/www. dwheeler.com\/essays\/static-analysis-tools.html"},{"key":"e_1_3_2_1_29_1","unstructured":"John Wilander and Mariam Kamkar. 2002. A comparison of publicly available tools for static intrusion prevention. (2002). John Wilander and Mariam Kamkar. 2002. A comparison of publicly available tools for static intrusion prevention. (2002)."},{"key":"e_1_3_2_1_30_1","unstructured":"Abstract 1 Research problem & Motivation 2 Background & Related Work 3 Approach & Uniqueness 4 Results & Contributions References Abstract 1 Research problem & Motivation 2 Background & Related Work 3 Approach & Uniqueness 4 Results & Contributions References"}],"event":{"name":"ESEC\/FSE'17: Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"],"location":"Paderborn Germany","acronym":"ESEC\/FSE'17"},"container-title":["Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3106237.3121276","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3106237.3121276","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,24]],"date-time":"2025-06-24T20:11:30Z","timestamp":1750795890000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3106237.3121276"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,8,21]]},"references-count":30,"alternative-id":["10.1145\/3106237.3121276","10.1145\/3106237"],"URL":"https:\/\/doi.org\/10.1145\/3106237.3121276","relation":{},"subject":[],"published":{"date-parts":[[2017,8,21]]},"assertion":[{"value":"2017-08-21","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}