{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:46:56Z","timestamp":1750308416053,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":23,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,5,28]],"date-time":"2018-05-28T00:00:00Z","timestamp":1527465600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"United States Air Force","award":["FA8702-15-D-0002"],"award-info":[{"award-number":["FA8702-15-D-0002"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,5,28]]},"DOI":"10.1145\/3194095.3194100","type":"proceedings-article","created":{"date-parts":[[2018,7,18]],"date-time":"2018-07-18T12:33:25Z","timestamp":1531917205000},"page":"13-20","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":12,"title":["Prioritizing alerts from multiple static analysis tools, using classification models"],"prefix":"10.1145","author":[{"given":"Lori","family":"Flynn","sequence":"first","affiliation":[{"name":"Carnegie Mellon University"}]},{"given":"William","family":"Snavely","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}]},{"given":"David","family":"Svoboda","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}]},{"given":"Nathan","family":"VanHoudnos","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}]},{"given":"Richard","family":"Qin","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}]},{"given":"Jennifer","family":"Burns","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}]},{"given":"David","family":"Zubrow","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}]},{"given":"Robert","family":"Stoddard","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}]},{"given":"Guillermo","family":"Marce-Santurio","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}]}],"member":"320","published-online":{"date-parts":[[2018,5,28]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Analyzing the State of Static Analysis: A Large-Scale Evaluation in Open Source Software. In 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER)","volume":"1","author":"Beller Moritz","year":"2016","unstructured":"Moritz Beller , Radjino Bholanath , Shane McIntosh , and Andy Zaidman . 2016 . Analyzing the State of Static Analysis: A Large-Scale Evaluation in Open Source Software. In 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER) , Vol. 1 . IEEE, 470--481. Moritz Beller, Radjino Bholanath, Shane McIntosh, and Andy Zaidman. 2016. Analyzing the State of Static Analysis: A Large-Scale Evaluation in Open Source Software. In 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER), Vol. 1. IEEE, 470--481."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1646353.1646374"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.5555\/2819419.2819423"},{"key":"e_1_3_2_1_4_1","volume-title":"Cybersecurity Development (SecDev)","author":"Flynn Lori","year":"2017","unstructured":"Lori Flynn , David Svoboda , and William Snavely . 2017. Hands-On Tutorial: Auditing Static Analysis Alerts Using a Lexicon & Rules . In Cybersecurity Development (SecDev) , 2017 IEEE. IEEE , 1--2. Lori Flynn, David Svoboda, and William Snavely. 2017. Hands-On Tutorial: Auditing Static Analysis Alerts Using a Lexicon & Rules. In Cybersecurity Development (SecDev), 2017 IEEE. IEEE, 1--2."},{"volume-title":"Presentation for Hands-On Tutorial: Auditing Static Analysis Alerts Using a Lexicon & Rules","author":"Flynn Lori","key":"e_1_3_2_1_5_1","unstructured":"Lori Flynn , David Svoboda , and William Snavely . 2017. Presentation for Hands-On Tutorial: Auditing Static Analysis Alerts Using a Lexicon & Rules . Software Engineering Institute , 1--108. https:\/\/resources.sei.cmu.edu\/library\/asset-view.cfm?assetID=505451 Lori Flynn, David Svoboda, and William Snavely. 2017. Presentation for Hands-On Tutorial: Auditing Static Analysis Alerts Using a Lexicon & Rules. Software Engineering Institute, 1--108. https:\/\/resources.sei.cmu.edu\/library\/asset-view.cfm?assetID=505451"},{"key":"e_1_3_2_1_6_1","volume-title":"Accessed","author":"Secure CERT","year":"2016","unstructured":"CERT Secure Coding group. {n. d.}. SEI CERT Coding Standards (wiki). https:\/\/www.securecoding.cert.org\/confluence\/display\/seccode\/SEI+CERT+Coding+Standards. ({n. d.}) . Accessed October 26, 2016 . CERT Secure Coding group. {n. d.}. SEI CERT Coding Standards (wiki). https:\/\/www.securecoding.cert.org\/confluence\/display\/seccode\/SEI+CERT+Coding+Standards. ({n. d.}). Accessed October 26, 2016."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2010.12.007"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1349332.1349339"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.5555\/1366804.1366875"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1041685.1029909"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.5555\/1760267.1760289"},{"key":"e_1_3_2_1_12_1","unstructured":"Fred Long Dhruv Mohindra Robert C. Seacord Dean Sutherland and David Svoboda. 2012. The CERT Oracle Secure Coding Standard for Java. Pearson Education.   Fred Long Dhruv Mohindra Robert C. Seacord Dean Sutherland and David Svoboda. 2012. The CERT Oracle Secure Coding Standard for Java. Pearson Education."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/QSIC.2008.30"},{"key":"e_1_3_2_1_14_1","volume-title":"Accessed","author":"MITRE.","year":"2016","unstructured":"MITRE. {n. d.}. Common Weakness Enumeration: A Community-Developed Dictionary of Software Weakness Types. https:\/\/cwe.mitre.org. ({n. d.}) . Accessed June 22, 2016 . MITRE. {n. d.}. Common Weakness Enumeration: A Community-Developed Dictionary of Software Weakness Types. https:\/\/cwe.mitre.org. ({n. d.}). Accessed June 22, 2016."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2015.56"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"crossref","unstructured":"Daniel Plakosh Robert Seacord Robert W Stoddard David Svoboda and David Zubrow. 2014. Improving the Automated Detection and Analysis of Secure Coding Violations. (2014).  Daniel Plakosh Robert Seacord Robert W Stoddard David Svoboda and David Zubrow. 2014. Improving the Automated Detection and Analysis of Secure Coding Violations. (2014).","DOI":"10.21236\/ADA609855"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368088.1368135"},{"key":"e_1_3_2_1_18_1","unstructured":"Robert C Seacord. 2014. The CERT C Coding Standard: 98 Rules for Developing Safe Reliable and Secure Systems. Pearson Education.   Robert C Seacord. 2014. The CERT C Coding Standard: 98 Rules for Developing Safe Reliable and Secure Systems. Pearson Education."},{"key":"e_1_3_2_1_19_1","unstructured":"CERT Software Engineering Institute. {n. d.}. Secure Code Analysis Laboratory (SCALe). https:\/\/www.cert.org\/secure-coding\/products-services\/scale.cfm?. ({n. d.}).  CERT Software Engineering Institute. {n. d.}. Secure Code Analysis Laboratory (SCALe). https:\/\/www.cert.org\/secure-coding\/products-services\/scale.cfm?. ({n. d.})."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2016.018"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884804"},{"key":"e_1_3_2_1_22_1","volume-title":"d.}. Lizard. https:\/\/github.com\/terryyin\/lizard. ({n. d.}). Accessed","author":"Yin Terry","year":"2018","unstructured":"Terry Yin . {n. d.}. Lizard. https:\/\/github.com\/terryyin\/lizard. ({n. d.}). Accessed January 29, 2018 . Terry Yin. {n. d.}. Lizard. https:\/\/github.com\/terryyin\/lizard. ({n. d.}). Accessed January 29, 2018."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884839"}],"event":{"name":"ICSE '18: 40th International Conference on Software Engineering","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE-CS Computer Society"],"location":"Gothenburg Sweden","acronym":"ICSE '18"},"container-title":["Proceedings of the 1st International Workshop on Software Qualities and Their Dependencies"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3194095.3194100","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3194095.3194100","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3194095.3194100","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T17:49:16Z","timestamp":1750268956000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3194095.3194100"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,5,28]]},"references-count":23,"alternative-id":["10.1145\/3194095.3194100","10.1145\/3194095"],"URL":"https:\/\/doi.org\/10.1145\/3194095.3194100","relation":{},"subject":[],"published":{"date-parts":[[2018,5,28]]},"assertion":[{"value":"2018-05-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}