{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:55:49Z","timestamp":1750308949634,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":35,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,6,4]],"date-time":"2018-06-04T00:00:00Z","timestamp":1528070400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,6,4]]},"DOI":"10.1145\/3229345.3229391","type":"proceedings-article","created":{"date-parts":[[2018,11,30]],"date-time":"2018-11-30T19:39:54Z","timestamp":1543606794000},"page":"1-8","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Improvements to the Identification Process of Vulnerable Components"],"prefix":"10.1145","author":[{"given":"Bruna Vuicik","family":"Mocelin","sequence":"first","affiliation":[{"name":"Universidade do Vale do Rio dos Sinos, S\u00e3o Leopoldo, RS, Brasil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kleinner","family":"Farias","sequence":"additional","affiliation":[{"name":"Universidade do Vale do Rio dos Sinos, S\u00e3o Leopoldo, RS, Brasil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lucian","family":"Gon\u00e7ales","sequence":"additional","affiliation":[{"name":"Universidade do Vale do Rio dos Sinos, S\u00e3o Leopoldo, RS, Brasil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vinicius","family":"Bischoff","sequence":"additional","affiliation":[{"name":"Universidade do Vale do Rio dos Sinos, S\u00e3o Leopoldo, RS, Brasil"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2018,6,4]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1080\/07366980701500734"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2016.01.005"},{"key":"e_1_3_2_1_3_1","volume-title":"Dispon\u00edvel em: <https:\/\/www.bithound.io\/features>. Acesso em: 19 fev","author":"Bithound Inc. Features. Kitchener, 2016.","year":"2018","unstructured":"Bithound Inc. Features. Kitchener, 2016. Dispon\u00edvel em: <https:\/\/www.bithound.io\/features>. Acesso em: 19 fev . 2018 . Bithound Inc. Features. Kitchener, 2016. Dispon\u00edvel em: <https:\/\/www.bithound.io\/features>. Acesso em: 19 fev. 2018."},{"key":"e_1_3_2_1_4_1","volume-title":"Dispon\u00edvel em: <https:\/\/info.blackducksoftware.com\/rs\/872-OLS-526\/images\/BlackDuck_HUB_UL.pdf>. Acesso em: 19 fev","author":"Black Duck","year":"2018","unstructured":"Black Duck | Hub. Burlington, 2016. Dispon\u00edvel em: <https:\/\/info.blackducksoftware.com\/rs\/872-OLS-526\/images\/BlackDuck_HUB_UL.pdf>. Acesso em: 19 fev . 2018 . Black Duck | Hub. Burlington, 2016. Dispon\u00edvel em: <https:\/\/info.blackducksoftware.com\/rs\/872-OLS-526\/images\/BlackDuck_HUB_UL.pdf>. Acesso em: 19 fev. 2018."},{"key":"e_1_3_2_1_5_1","volume-title":"Patch-level verification for Bundler","author":"Bundler-Audit","year":"2016","unstructured":"Bundler-Audit . Patch-level verification for Bundler , 2016 . Dispon\u00edvel em: <https:\/\/github.com\/rubysec\/bundler-audit>. Acesso em: 19 fev. 2018. Bundler-Audit. Patch-level verification for Bundler, 2016. Dispon\u00edvel em: <https:\/\/github.com\/rubysec\/bundler-audit>. Acesso em: 19 fev. 2018."},{"key":"e_1_3_2_1_6_1","volume-title":"Netherlands.","author":"Cadariu M.","year":"2014","unstructured":"Cadariu , M. Tracking Known Security Vulnerabilities in Third-party Components , Netherlands. 2014 . 86 f. M. Sc. Dissertation - Programa de P\u00f3s-Gradua\u00e7\u00e3o em Ci\u00eancia da Computa\u00e7\u00e3o, Delft University of Technology , Holanda, 2014. Cadariu, M. Tracking Known Security Vulnerabilities in Third-party Components, Netherlands. 2014. 86 f. M. Sc. Dissertation - Programa de P\u00f3s-Gradua\u00e7\u00e3o em Ci\u00eancia da Computa\u00e7\u00e3o, Delft University of Technology, Holanda, 2014."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2015.7081868"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.IR.7695"},{"key":"e_1_3_2_1_9_1","volume-title":"AppCheck - Frequently Asked Questions. Oulu. Dispon\u00edvel em: <http:\/\/www.codenomicon.com\/products\/appcheck\/faq\/>. Acesso em: 19 fev","author":"Codenomicon LTD","year":"2018","unstructured":"Codenomicon LTD . AppCheck - Frequently Asked Questions. Oulu. Dispon\u00edvel em: <http:\/\/www.codenomicon.com\/products\/appcheck\/faq\/>. Acesso em: 19 fev . 2018 . Codenomicon LTD. AppCheck - Frequently Asked Questions. Oulu. Dispon\u00edvel em: <http:\/\/www.codenomicon.com\/products\/appcheck\/faq\/>. Acesso em: 19 fev. 2018."},{"key":"e_1_3_2_1_10_1","volume-title":"Palo Alto, 2016","author":"Contrast Security","year":"2018","unstructured":"Contrast Security . Complete Coverage of Today's Modern Applications . Palo Alto, 2016 . Dispon\u00edvel em: <https:\/\/www.contrastsecurity.com\/supported-technologies>. Acesso em: 19 fev. 2018 . Contrast Security. Complete Coverage of Today's Modern Applications. Palo Alto, 2016. Dispon\u00edvel em: <https:\/\/www.contrastsecurity.com\/supported-technologies>. Acesso em: 19 fev. 2018."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"e_1_3_2_1_12_1","volume-title":"Oct.","author":"Financial Services Information Sharing and Analysis Center","year":"2015","unstructured":"Financial Services Information Sharing and Analysis Center . Appropriate Software Security Control Types for Third Party Service and Product Providers ., Oct. 2015 . Financial Services Information Sharing and Analysis Center. Appropriate Software Security Control Types for Third Party Service and Product Providers., Oct. 2015."},{"key":"e_1_3_2_1_13_1","first-page":"4","volume":"8","author":"Fonseca V. S.","year":"2016","unstructured":"Fonseca , V. S. ; Barcellos ; M. P; Almeida Falbo , R. Tools Integration for Supporting Software Measurement: A Systematic Literature Review. iSys-Revista Brasileira de Sistemas de Informa\u00e7\u00e3o , 8 , 4 , 2016 , 80--108. Fonseca, V. S.; Barcellos; M. P; Almeida Falbo, R. Tools Integration for Supporting Software Measurement: A Systematic Literature Review. iSys-Revista Brasileira de Sistemas de Informa\u00e7\u00e3o, 8,4, 2016, 80--108.","journal-title":"Review. iSys-Revista Brasileira de Sistemas de Informa\u00e7\u00e3o"},{"key":"e_1_3_2_1_14_1","volume-title":"Dispon\u00edvel em: <https:\/\/gemnasium.com\/features>. Acesso em: 10 jan","author":"Gemnasium","year":"2018","unstructured":"Gemnasium . Features. Paris, 2016. Dispon\u00edvel em: <https:\/\/gemnasium.com\/features>. Acesso em: 10 jan . 2018 . Gemnasium. Features. Paris, 2016. Dispon\u00edvel em: <https:\/\/gemnasium.com\/features>. Acesso em: 10 jan. 2018."},{"key":"e_1_3_2_1_15_1","volume-title":"The Java Language Specification: Java SE 8 Edition. Redwood City: Oracle America","author":"Gosling J.","year":"2015","unstructured":"Gosling , J. ; Joy , B. ; Steele , G. ; Bracha , G. ; Buckley , A. The Java Language Specification: Java SE 8 Edition. Redwood City: Oracle America , Inc. and\/or its affiliates, 2015 . Dispon\u00edvel em: <http:\/\/docs.oracle.com\/javase\/specs\/jls\/se8\/jls8.pdf>. Acesso em: 10 jan. 2018. Gosling, J.; Joy, B.; Steele, G.; Bracha, G.; Buckley, A. The Java Language Specification: Java SE 8 Edition. Redwood City: Oracle America, Inc. and\/or its affiliates, 2015. Dispon\u00edvel em: <http:\/\/docs.oracle.com\/javase\/specs\/jls\/se8\/jls8.pdf>. Acesso em: 10 jan. 2018."},{"key":"e_1_3_2_1_16_1","volume-title":"Software Security: Building Security In","author":"Mcgraw G.","year":"2006","unstructured":"Mcgraw , G. Software Security: Building Security In . Upper Saddle River, NJ : Addison-Wesley , 2006 . Mcgraw, G. Software Security: Building Security In. Upper Saddle River, NJ: Addison-Wesley, 2006."},{"key":"e_1_3_2_1_17_1","volume-title":"Why Does This Exist?","author":"Milner","year":"2016","unstructured":"Milner , Steve; Victims Project Team. Why Does This Exist? . 2016 . Dispon\u00edvel em: <https:\/\/victi.ms\/about.html>. Acesso em: 19 fev. 2018. Milner, Steve; Victims Project Team. Why Does This Exist?. 2016. Dispon\u00edvel em: <https:\/\/victi.ms\/about.html>. Acesso em: 19 fev. 2018."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2016.02.048"},{"key":"e_1_3_2_1_19_1","volume-title":"NVD Frequently Asked Questions. Dispon\u00edvel em: <https:\/\/nvd.nist.gov\/faq>. Acesso em: 9 fev","author":"National Vulnerability Satabase (NVD).","year":"2018","unstructured":"National Vulnerability Satabase (NVD). NVD Frequently Asked Questions. Dispon\u00edvel em: <https:\/\/nvd.nist.gov\/faq>. Acesso em: 9 fev . 2018 . National Vulnerability Satabase (NVD). NVD Frequently Asked Questions. Dispon\u00edvel em: <https:\/\/nvd.nist.gov\/faq>. Acesso em: 9 fev. 2018."},{"key":"e_1_3_2_1_20_1","volume-title":"Richland. Dispon\u00edvel em: <https:\/\/nodesecurity.io\/tools>. Acesso em: 19 fev","author":"Node Security","year":"2018","unstructured":"Node Security . Tools . Richland. Dispon\u00edvel em: <https:\/\/nodesecurity.io\/tools>. Acesso em: 19 fev . 2018 . Node Security. Tools. Richland. Dispon\u00edvel em: <https:\/\/nodesecurity.io\/tools>. Acesso em: 19 fev. 2018."},{"key":"e_1_3_2_1_21_1","volume-title":"What you require you must also retire","author":"Oftedal E.","year":"2016","unstructured":"Oftedal , E. Retire .js : What you require you must also retire . 2016 . Dispon\u00edvel em: <http:\/\/retirejs.github.io\/r etire.js\/>. Acesso em: 10 jan. 2018. Oftedal, E. Retire.js: What you require you must also retire. 2016. Dispon\u00edvel em: <http:\/\/retirejs.github.io\/r etire.js\/>. Acesso em: 10 jan. 2018."},{"key":"e_1_3_2_1_22_1","volume-title":"Bel Air","author":"Open Web Application Security","year":"2016","unstructured":"Open Web Application Security Project (OWASP). OWASP Dependency Check . Bel Air , June 16, 2016 . Dispon\u00edvel em: <https:\/\/www.owasp.org\/index.php\/OWASP_Dependency_Check>. Acesso em: 10 jan. 2018. Open Web Application Security Project (OWASP). OWASP Dependency Check. Bel Air, June 16, 2016. Dispon\u00edvel em: <https:\/\/www.owasp.org\/index.php\/OWASP_Dependency_Check>. Acesso em: 10 jan. 2018."},{"key":"e_1_3_2_1_23_1","volume-title":"Bel Air","author":"Open Web Application Security","year":"2015","unstructured":"Open Web Application Security Project (OWASP). OWASP Wordpress Vulnerability Scanner Project . Bel Air , Dec. 8, 2015 . Dispon\u00edvel em: <https:\/\/www.owasp.org\/index.php\/OWASP_Wordpress_Vulnerability_Scanner_Project>. Acesso em: 10 jan. 2018. Open Web Application Security Project (OWASP). OWASP Wordpress Vulnerability Scanner Project. Bel Air, Dec. 8, 2015. Dispon\u00edvel em: <https:\/\/www.owasp.org\/index.php\/OWASP_Wordpress_Vulnerability_Scanner_Project>. Acesso em: 10 jan. 2018."},{"key":"e_1_3_2_1_24_1","unstructured":"Palamida Inc. Standard Edition. San Francisco 2015. Dispon\u00edvel em: <http:\/\/www.palamida.com\/files\/Palamida-Standard-Edition-Datasheet.pdf>. Acesso em: 10 jan. 2018.  Palamida Inc. Standard Edition. San Francisco 2015. Dispon\u00edvel em: <http:\/\/www.palamida.com\/files\/Palamida-Standard-Edition-Datasheet.pdf>. Acesso em: 10 jan. 2018."},{"key":"e_1_3_2_1_25_1","volume-title":"Payment Card Industry (PCI) Data Security Standard","author":"PCI Security Standards Council","year":"2015","unstructured":"PCI Security Standards Council . Payment Card Industry (PCI) Data Security Standard . Apr. 2015 . Dispon\u00edvel em: <https:\/\/www.pcisecuritystandards.org\/documents\/PCI_DSS_v3-1.pdf>. Acesso em: 10 jan. 2018. PCI Security Standards Council. Payment Card Industry (PCI) Data Security Standard. Apr. 2015. Dispon\u00edvel em: <https:\/\/www.pcisecuritystandards.org\/documents\/PCI_DSS_v3-1.pdf>. Acesso em: 10 jan. 2018."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2015.7332492"},{"key":"e_1_3_2_1_27_1","volume-title":"Fulton, 2008","author":"Sonatype Inc.","year":"2018","unstructured":"Sonatype Inc. Application Health Check . Fulton, 2008 . Dispon\u00edvel em: <http:\/\/www.sonatype.com\/download-application-health-check>. Acesso em: 10 fev. 2018 . Sonatype Inc. Application Health Check. Fulton, 2008. Dispon\u00edvel em: <http:\/\/www.sonatype.com\/download-application-health-check>. Acesso em: 10 fev. 2018."},{"key":"e_1_3_2_1_28_1","volume-title":"Fulton","author":"Sonatype Inc.","year":"2016","unstructured":"Sonatype Inc. Nexus IQ Server Documentation . Fulton , June 16, 2016 . Dispon\u00edvel em: <http:\/\/books.sonatype. com\/sonatype-clm-book\/pdf\/book-clm.pdf>. Acesso em: 19 fev. 2018. Sonatype Inc. Nexus IQ Server Documentation. Fulton, June 16, 2016. Dispon\u00edvel em: <http:\/\/books.sonatype. com\/sonatype-clm-book\/pdf\/book-clm.pdf>. Acesso em: 19 fev. 2018."},{"key":"e_1_3_2_1_29_1","volume-title":"Better Science: Better science on over 5 million libraries","author":"Sourceclear","year":"2016","unstructured":"Sourceclear . Better Science: Better science on over 5 million libraries . San Francisco , 2016 . Dispon\u00edvel em: <https:\/\/srcclr.com\/features\/science>. Acesso em: 10 jan. 2018. Sourceclear. Better Science: Better science on over 5 million libraries. San Francisco, 2016. Dispon\u00edvel em: <https:\/\/srcclr.com\/features\/science>. Acesso em: 10 jan. 2018."},{"key":"e_1_3_2_1_30_1","volume-title":"Maven Getting Started Guide","author":"The Apache Software Foundation","year":"2016","unstructured":"The Apache Software Foundation (ASF). Maven Getting Started Guide . 2016 . Dispon\u00edvel em: <https:\/\/maven.apache.org\/guides\/getting-started\/index.html>. Acesso em: 10 jan. 2018. The Apache Software Foundation (ASF). Maven Getting Started Guide. 2016. Dispon\u00edvel em: <https:\/\/maven.apache.org\/guides\/getting-started\/index.html>. Acesso em: 10 jan. 2018."},{"key":"e_1_3_2_1_31_1","volume-title":"Software Composition Analysis. Burlington. Dispon\u00edvel em: <https:\/\/info.veracode.com\/data sheet-software-composition-analysis.html>. Acesso em: 10 jan","author":"Veracode","year":"2018","unstructured":"Veracode . Software Composition Analysis. Burlington. Dispon\u00edvel em: <https:\/\/info.veracode.com\/data sheet-software-composition-analysis.html>. Acesso em: 10 jan . 2018 . Veracode. Software Composition Analysis. Burlington. Dispon\u00edvel em: <https:\/\/info.veracode.com\/data sheet-software-composition-analysis.html>. Acesso em: 10 jan. 2018."},{"key":"e_1_3_2_1_32_1","volume-title":"Apr.","author":"Verizon Enterprise Solutions","year":"2015","unstructured":"Verizon Enterprise Solutions . 2015 Data Breach Investigations Report , Apr. 2015 . Dispon\u00edvel em: <http:\/\/news.verizonenterprise.com\/2015\/04\/2015-data-breach-report-info\/>. Acesso em: 11 fev. 2018. Verizon Enterprise Solutions. 2015 Data Breach Investigations Report, Apr. 2015. Dispon\u00edvel em: <http:\/\/news.verizonenterprise.com\/2015\/04\/2015-data-breach-report-info\/>. Acesso em: 11 fev. 2018."},{"key":"e_1_3_2_1_33_1","volume-title":"Continuously Audit Open Source Components in Your Code","author":"Whitesource Software","year":"2016","unstructured":"Whitesource Software . Continuously Audit Open Source Components in Your Code . New York , 2016 . Dispon\u00edvel em: <http:\/\/www.whitesourcesoftware.com\/open_source_scanning_software\/>. Acesso em: 20 fev. 2018. Whitesource Software. Continuously Audit Open Source Components in Your Code. New York, 2016. Dispon\u00edvel em: <http:\/\/www.whitesourcesoftware.com\/open_source_scanning_software\/>. Acesso em: 20 fev. 2018."},{"key":"e_1_3_2_1_34_1","volume-title":"Dispon\u00edvel em: <https:\/\/storage.googleapis.com\/google-code-archive-downloads\/v2\/code.google.com\/owasptop 10\/OWASP%20Top%2010%20-%202013.pdf>. Acesso em: 1 fev","author":"Williams J.","year":"2018","unstructured":"Williams , J. ; Wichers , D. OWASP Top -10 2013. { S.I. }, Feb . 2013. Dispon\u00edvel em: <https:\/\/storage.googleapis.com\/google-code-archive-downloads\/v2\/code.google.com\/owasptop 10\/OWASP%20Top%2010%20-%202013.pdf>. Acesso em: 1 fev . 2018 . Williams, J.; Wichers, D. OWASP Top-10 2013. {S.I.}, Feb. 2013. Dispon\u00edvel em: <https:\/\/storage.googleapis.com\/google-code-archive-downloads\/v2\/code.google.com\/owasptop 10\/OWASP%20Top%2010%20-%202013.pdf>. Acesso em: 1 fev. 2018."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1595676.1595691"}],"event":{"name":"SBSI'18: XIV Brazilian Symposium on Information Systems","sponsor":["SIGAPP ACM Special Interest Group on Applied Computing","SIGMIS ACM Special Interest Group on Management Information Systems","SBC Sociedade Brasileira de Computa\u00e7\u00e3o"],"location":"Caxias do Sul Brazil","acronym":"SBSI'18"},"container-title":["Proceedings of the XIV Brazilian Symposium on Information Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3229345.3229391","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3229345.3229391","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T21:37:53Z","timestamp":1750282673000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3229345.3229391"}},"subtitle":["Deciding About Updates"],"short-title":[],"issued":{"date-parts":[[2018,6,4]]},"references-count":35,"alternative-id":["10.1145\/3229345.3229391","10.1145\/3229345"],"URL":"https:\/\/doi.org\/10.1145\/3229345.3229391","relation":{},"subject":[],"published":{"date-parts":[[2018,6,4]]},"assertion":[{"value":"2018-06-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}