{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T06:22:40Z","timestamp":1761805360489,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":23,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,9,5]],"date-time":"2017-09-05T00:00:00Z","timestamp":1504569600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CCF-1252644 and CCF-1217503"],"award-info":[{"award-number":["CCF-1252644 and CCF-1217503"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["D11AP00282"],"award-info":[{"award-number":["D11AP00282"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000183","name":"Army Research Office","doi-asserted-by":"publisher","award":["W911NF-09-1-0273"],"award-info":[{"award-number":["W911NF-09-1-0273"]}],"id":[{"id":"10.13039\/100000183","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,9,5]]},"DOI":"10.1145\/3121264.3121265","type":"proceedings-article","created":{"date-parts":[[2017,8,1]],"date-time":"2017-08-01T19:28:24Z","timestamp":1501615704000},"page":"1-7","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Mining mobile app markets for prioritization of security assessment effort"],"prefix":"10.1145","author":[{"given":"Alireza","family":"Sadeghi","sequence":"first","affiliation":[{"name":"University of California at Irvine, USA"}]},{"given":"Naeem","family":"Esfahani","sequence":"additional","affiliation":[{"name":"Google, USA"}]},{"given":"Sam","family":"Malek","sequence":"additional","affiliation":[{"name":"University of California at Irvine, USA"}]}],"member":"320","published-online":{"date-parts":[[2017,9,5]]},"reference":[{"volume-title":"F-Droid: Free and Open Source App Repository. (2017). https:\/\/f-droid.org\/","year":"2017","key":"e_1_3_2_1_1_1","unstructured":"2017. F-Droid: Free and Open Source App Repository. (2017). https:\/\/f-droid.org\/ 2017 . Fortify Static Code Analyzer. (2017). https:\/\/saas.hpe.com\/software\/sca 2017. National Vulnerability Database CVSS Scoring . (2017). https:\/\/nvd.nist. gov\/vuln-metrics\/cvss\/v3-calculator 2017. F-Droid: Free and Open Source App Repository. (2017). https:\/\/f-droid.org\/ 2017. Fortify Static Code Analyzer. (2017). https:\/\/saas.hpe.com\/software\/sca 2017. National Vulnerability Database CVSS Scoring. (2017). https:\/\/nvd.nist. gov\/vuln-metrics\/cvss\/v3-calculator"},{"key":"e_1_3_2_1_2_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium.","author":"Avgerinos Thanassis","year":"2011","unstructured":"Thanassis Avgerinos , Sang Kil Cha , Brent Lim Tze Hao , and David Brumley . 2011 . AEG: Automatic exploit generation . In Proceedings of the Network and Distributed System Security Symposium. Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao, and David Brumley. 2011. AEG: Automatic exploit generation. In Proceedings of the Network and Distributed System Security Symposium."},{"key":"e_1_3_2_1_3_1","volume-title":"Tsitsiklis","author":"Bertsekas Dimitri P.","year":"2008","unstructured":"Dimitri P. Bertsekas and John N . Tsitsiklis . 2008 . Introduction to Probability, 2 nd Edition. Athena Scientific . Dimitri P. Bertsekas and John N. Tsitsiklis. 2008. Introduction to Probability, 2nd Edition. Athena Scientific.","edition":"2"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1999995.2000018"},{"key":"e_1_3_2_1_5_1","volume-title":"Proceedings of the 20th USENIX security symposium","volume":"2011","author":"Enck William","year":"2011","unstructured":"William Enck , Damien Octeau , Patrick McDaniel , and Swarat Chaudhuri . 2011 . A study of android application security . In Proceedings of the 20th USENIX security symposium , Vol. 2011 . William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. 2011. A study of android application security. In Proceedings of the 20th USENIX security symposium, Vol. 2011."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568276"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2307636.2307663"},{"key":"e_1_3_2_1_8_1","unstructured":"CVSS-SIG group. 2007. Common Vulnerability Scoring System (CVSS-SIG). (2007). www.first.org\/cvss  CVSS-SIG group. 2007. Common Vulnerability Scoring System (CVSS-SIG). (2007). www.first.org\/cvss"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2014.2366457"},{"key":"e_1_3_2_1_10_1","unstructured":"Mario Linares-Vasquez Collin McMillan Denys Poshyvanyk and Mark Grechanik. 2012. On using machine learning to automatically classify software applications into domain categories. Empirical Software Eng. (2012) 1\u201337.  Mario Linares-Vasquez Collin McMillan Denys Poshyvanyk and Mark Grechanik. 2012. On using machine learning to automatically classify software applications into domain categories. Empirical Software Eng. (2012) 1\u201337."},{"volume-title":"Information Technology Project Management","author":"Marchewka Jack T.","key":"e_1_3_2_1_11_1","unstructured":"Jack T. Marchewka . 2009. Information Technology Project Management . Wiley . Jack T. Marchewka. 2009. Information Technology Project Management. Wiley."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/CMPASS.1997.613270"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2008.514"},{"key":"e_1_3_2_1_14_1","volume-title":"A Taxonomy and Qualitative Comparison of Program Analysis Techniques for Security Assessment of Android Software","author":"Sadeghi Alireza","year":"2016","unstructured":"Alireza Sadeghi , Hamid Bagheri , Joshua Garcia , and Sam Malek . 2016. A Taxonomy and Qualitative Comparison of Program Analysis Techniques for Security Assessment of Android Software . IEEE Transactions on Software Eng . ( 2016 ). Alireza Sadeghi, Hamid Bagheri, Joshua Garcia, and Sam Malek. 2016. A Taxonomy and Qualitative Comparison of Program Analysis Techniques for Security Assessment of Android Software. IEEE Transactions on Software Eng. (2016)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-54804-8_11"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2295136.2295141"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2372225.2372231"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.81"},{"key":"e_1_3_2_1_19_1","unstructured":"Symantec Corp. 2012. 2012 Norton Study. (Sept. 2012). www.symantec.com\/ about\/news\/release\/article.jsp?prid=20120905_02  Symantec Corp. 2012. 2012 Norton Study. (Sept. 2012). www.symantec.com\/ about\/news\/release\/article.jsp?prid=20120905_02"},{"volume-title":"Introduction to Data Mining (1 ed.)","author":"Tan Pang-Ning","key":"e_1_3_2_1_20_1","unstructured":"Pang-Ning Tan , Michael Steinbach , and Vipin Kumar . 2005. Introduction to Data Mining (1 ed.) . Addison Wesley . Pang-Ning Tan, Michael Steinbach, and Vipin Kumar. 2005. Introduction to Data Mining (1 ed.). Addison Wesley."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.1"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1016\/0263-7863(93)90003-6"},{"key":"e_1_3_2_1_23_1","volume-title":"Verification and Validation (ICST), 2010 Third International Conference on. 421\u2013428","author":"Zimmermann Thomas","year":"2010","unstructured":"Thomas Zimmermann , Nachiappan Nagappan , and Laurie Williams . 2010 . Searching for a needle in a haystack: Predicting security vulnerabilities for windows vista. In Software Testing , Verification and Validation (ICST), 2010 Third International Conference on. 421\u2013428 . Abstract 1 Introduction 2 Motivation 3 Approach Overview 4 Probabilistic Rule Classification 5 Vulnerability Impact Calculation 6 Risk Assessment 7 Experiment Setup 8 Evaluation 8.1 Rule Ranking 8.2 Criticality Ranking 8.3 Risk Ranking 9 Related Work 10 Conclusion References Thomas Zimmermann, Nachiappan Nagappan, and Laurie Williams. 2010. Searching for a needle in a haystack: Predicting security vulnerabilities for windows vista. In Software Testing, Verification and Validation (ICST), 2010 Third International Conference on. 421\u2013428. Abstract 1 Introduction 2 Motivation 3 Approach Overview 4 Probabilistic Rule Classification 5 Vulnerability Impact Calculation 6 Risk Assessment 7 Experiment Setup 8 Evaluation 8.1 Rule Ranking 8.2 Criticality Ranking 8.3 Risk Ranking 9 Related Work 10 Conclusion References"}],"event":{"name":"ESEC\/FSE'17: Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"],"location":"Paderborn Germany","acronym":"ESEC\/FSE'17"},"container-title":["Proceedings of the 2nd ACM SIGSOFT International Workshop on App Market Analytics"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3121264.3121265","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3121264.3121265","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3121264.3121265","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:39:24Z","timestamp":1750217964000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3121264.3121265"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,9,5]]},"references-count":23,"alternative-id":["10.1145\/3121264.3121265","10.1145\/3121264"],"URL":"https:\/\/doi.org\/10.1145\/3121264.3121265","relation":{},"subject":[],"published":{"date-parts":[[2017,9,5]]},"assertion":[{"value":"2017-09-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}