{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,4]],"date-time":"2025-12-04T10:00:45Z","timestamp":1764842445889,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,10,21]],"date-time":"2020-10-21T00:00:00Z","timestamp":1603238400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,10,21]]},"DOI":"10.1145\/3422392.3422409","type":"proceedings-article","created":{"date-parts":[[2020,12,22]],"date-time":"2020-12-22T01:45:39Z","timestamp":1608601539000},"page":"193-202","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["An Empirical Study on Configuration-Related Code Weaknesses"],"prefix":"10.1145","author":[{"given":"Fl\u00e1vio","family":"Medeiros","sequence":"first","affiliation":[{"name":"IFAL, Alagoas, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"M\u00e1rcio","family":"Ribeiro","sequence":"additional","affiliation":[{"name":"UFAL, Alagoas, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rohit","family":"Gheyi","sequence":"additional","affiliation":[{"name":"UFCG, Para\u00edba, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Larissa","family":"Braz","sequence":"additional","affiliation":[{"name":"UFCG, Para\u00edba, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christian","family":"K\u00e4stner","sequence":"additional","affiliation":[{"name":"CMU, Pennsylvania, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sven","family":"Apel","sequence":"additional","affiliation":[{"name":"Saarland University, Saarland, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kleber","family":"Santos","sequence":"additional","affiliation":[{"name":"UFCG, Para\u00edba, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2020,12,21]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2020. Cppcheck Design. http:\/\/cppcheck.sourceforge.net\/."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2642937.2642990"},{"key":"e_1_3_2_1_3_1","article-title":"Variability Bugs in Highly Configurable Systems: A Qualitative Analysis","volume":"26","author":"Abal Iago","year":"2018","unstructured":"Iago Abal, Jean Melo, Stefan St\u0103nciulescu, Claus Brabrand, M\u00e1rcio Ribeiro, and Andrzej Wasowski. 2018. Variability Bugs in Highly Configurable Systems: A Qualitative Analysis. Transactions on Software Engineering and Methodology 26, 3 (2018), 10:1--10:34.","journal-title":"Transactions on Software Engineering and Methodology"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/129852.129859"},{"volume-title":"Proceedings of the Working Conference on Reverse Engineering. IEEE, Germany, 281--290","author":"Ira","key":"e_1_3_2_1_5_1","unstructured":"Ira D. Baxter and Michael Mehlich. 2001. Preprocessor conditional removal by simple partial evaluation. In Proceedings of the Working Conference on Reverse Engineering. IEEE, Germany, 281--290."},{"key":"e_1_3_2_1_6_1","volume-title":"Bond and Kathryn S McKinley","author":"Michael","year":"2008","unstructured":"Michael D. Bond and Kathryn S McKinley. 2008. Tolerating memory leaks. In Proceedings of the Object-Oriented Programming Systems Languages and Applications. 109--126."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2993236.2993250"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cl.2018.01.002"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2006.03.004"},{"key":"e_1_3_2_1_10_1","unstructured":"Al Danial. 2020. CLOC. http:\/\/cloc.sourceforge.net\/."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2362536.2362544"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2002.1158288"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2934466.2934467"},{"key":"e_1_3_2_1_14_1","volume-title":"Proceedings of the USENIX Conference on Security. 273--288","author":"Finifter Matthew","year":"2013","unstructured":"Matthew Finifter, Devdatta Akhawe, and David Wagner. 2013. An empirical study of vulnerability rewards programs. In Proceedings of the USENIX Conference on Security. 273--288."},{"volume-title":"Modeling the security ecosystem - the dynamics of (In)security","author":"Frei Stefan","key":"e_1_3_2_1_15_1","unstructured":"Stefan Frei, Dominik Schatzmann, Bernhard Plattner, and Brian Trammell. 2010. Modeling the security ecosystem - the dynamics of (In)security. Springer US, 79--106."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/512035.512039"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2003.1240330"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2005.23"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2011.25"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2024436.2024443"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254103"},{"key":"e_1_3_2_1_22_1","volume-title":"Test them all, is it worth it? A ground truth comparison of configuration sampling strategies. arXiv preprint arXiv:1710.07980","author":"Halin Axel","year":"2017","unstructured":"Axel Halin, Alexandre Nuttinck, Mathieu Acher, Xavier Devroey, Gilles Perrouin, and Benoit Baudry. 2017. Test them all, is it worth it? A ground truth comparison of configuration sampling strategies. arXiv preprint arXiv:1710.07980 (2017)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.5381\/jot.2009.8.6.c5"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2048066.2048128"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1806799.1806819"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1960275.1960299"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2491411.2491437"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884793"},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of the European Conference on Object-Oriented Programming. 999--1022","author":"Medeiros Fl\u00e1vio","year":"2015","unstructured":"Fl\u00e1vio Medeiros, Christian Kastner, M\u00e1rcio Ribeiro, Sarah Nadi, and Rohit Gheyi. 2015. The Love\/Hate Relationship with the C Preprocessor: An Interview Study. In Proceedings of the European Conference on Object-Oriented Programming. 999--1022."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2517208.2517221"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2814204.2814206"},{"key":"e_1_3_2_1_33_1","unstructured":"Mitre. 2019. Top 25 Most Dangerous Software Errors. http:\/\/cwe.mitre.org\/top25\/."},{"key":"e_1_3_2_1_34_1","unstructured":"Mitre. 2020. Uninitialized Variable. https:\/\/cwe.mitre.org\/data\/definitions\/457.html."},{"key":"e_1_3_2_1_35_1","unstructured":"Mitre. 2020. Weaknesses. https:\/\/cwe.mitre.org\/documents\/glossary\/index.html#Weakness."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3338967"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3168365.3168382"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1002\/smr.1595"},{"key":"e_1_3_2_1_39_1","volume-title":"A Survey of Combinatorial Testing. Computing Surveys 43, 2","author":"Nie Changhai","year":"2011","unstructured":"Changhai Nie and Hareton Leung. 2011. A Survey of Combinatorial Testing. Computing Surveys 43, 2 (2011), 11:1--11:29."},{"key":"e_1_3_2_1_40_1","series-title":"Lecture Notes in Computer Science","volume-title":"Software Product Lines: Going Beyond, Jan Bosch and Jaejoon Lee (Eds.)","author":"Oster Sebastian","unstructured":"Sebastian Oster, Florian Markert, and Philipp Ritter. 2010. Automated Incremental Pairwise Testing of Software Product Lines. In Software Product Lines: Going Beyond, Jan Bosch and Jaejoon Lee (Eds.). Lecture Notes in Computer Science, Vol. 6287. 196--210."},{"key":"e_1_3_2_1_41_1","unstructured":"OWASP. 2020. Buffer Overflow. https:\/\/owasp.org\/www-community\/vulnerabilities\/Buffer_Overflow."},{"key":"e_1_3_2_1_42_1","unstructured":"OWASP. 2020. Memory Leak. https:\/\/owasp.org\/www-community\/vulnerabilities\/Memory_leak."},{"key":"e_1_3_2_1_43_1","unstructured":"OWASP. 2020. Null Pointer Dereference. https:\/\/owasp.org\/www-community\/vulnerabilities\/Null_Dereference."},{"key":"e_1_3_2_1_44_1","unstructured":"OWASP. 2020. Resource Leak. https:\/\/owasp.org\/www-community\/vulnerabilities\/Unreleased_Resource."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/1950365.1950401"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2491627.2491628"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2010.43"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.64"},{"key":"e_1_3_2_1_49_1","volume-title":"Proceendings of the USENIX Annual Technical Conference. USENIX Association.","author":"Spencer Henry","year":"1992","unstructured":"Henry Spencer and Geoff Collyer. 1992. Ifdef Considered Harmful, or Portability Experience with C News. In Proceendings of the USENIX Annual Technical Conference. USENIX Association."},{"key":"e_1_3_2_1_50_1","volume-title":"USENIX Annual Technical Conference. 421--432","author":"Tartler Reinhard","year":"2014","unstructured":"Reinhard Tartler, Christian Dietrich, Julio Sincero, Wolfgang Schroder-Preikschat, and Daniel Lohmann. 2014. Static Analysis of Variability in System Software: The 90,000 #ifdefs Issue. In USENIX Annual Technical Conference. 421--432."},{"key":"e_1_3_2_1_51_1","unstructured":"Our Team. 2020. Supplementary website. https:\/\/sbesweaknesses.github.io\/."},{"key":"e_1_3_2_1_52_1","unstructured":"David Wheeler. 2020. FlawFinder. https:\/\/www.dwheeler.com\/flawfinder\/."}],"event":{"name":"SBES '20: 34th Brazilian Symposium on Software Engineering","sponsor":["SBC Brazilian Computer Society"],"location":"Natal Brazil","acronym":"SBES '20"},"container-title":["Proceedings of the XXXIV Brazilian Symposium on Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3422392.3422409","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3422392.3422409","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:03:22Z","timestamp":1750197802000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3422392.3422409"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,10,21]]},"references-count":51,"alternative-id":["10.1145\/3422392.3422409","10.1145\/3422392"],"URL":"https:\/\/doi.org\/10.1145\/3422392.3422409","relation":{},"subject":[],"published":{"date-parts":[[2020,10,21]]},"assertion":[{"value":"2020-12-21","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}