{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T18:18:22Z","timestamp":1772821102605,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","funder":[{"name":"National Science Foundation (NSF)","award":["CCF-1943300, CNS-1816845, CNS-1823246"],"award-info":[{"award-number":["CCF-1943300, CNS-1816845, CNS-1823246"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,5,21]]},"DOI":"10.1145\/3510003.3510210","type":"proceedings-article","created":{"date-parts":[[2022,7,5]],"date-time":"2022-07-05T22:42:59Z","timestamp":1657060979000},"page":"13-24","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["A grounded theory based approach to characterize software attack surfaces"],"prefix":"10.1145","author":[{"given":"Sara","family":"Moshtari","sequence":"first","affiliation":[{"name":"Rochester Institute of Technology"}]},{"given":"Ahmet","family":"Okutan","sequence":"additional","affiliation":[{"name":"Rochester Institute of Technology"}]},{"given":"Mehdi","family":"Mirakhorli","sequence":"additional","affiliation":[{"name":"Rochester Institute of Technology"}]}],"member":"320","published-online":{"date-parts":[[2022,7,5]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2022. Attack Surface Analysis. https:\/\/github.com\/SoftwareDesignLab\/attack_surface_analysis. (Accessed on 1\/30\/2022)."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1985793.1985995"},{"key":"e_1_3_2_1_3_1","volume-title":"Constructing grounded theory: A practical guide through qualitative analysis","author":"Charmaz Kathy","unstructured":"Kathy Charmaz. 2006. Constructing grounded theory: A practical guide through qualitative analysis. Sage Publication."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1631\/FITEE.1500379"},{"key":"e_1_3_2_1_5_1","volume-title":"Basics of qualitative research: Techniques and procedures for developing grounded theory","author":"Corbin Juliet","unstructured":"Juliet Corbin and Anselm Strauss. 2014. Basics of qualitative research: Techniques and procedures for developing grounded theory. Sage publications."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5590\/JOSC.2018.10.1.02"},{"key":"e_1_3_2_1_7_1","volume-title":"Theoretical Sensitivity: Advances in the Methodology of Grounded Theory","author":"Glaser B.G.","year":"1978","unstructured":"B.G. Glaser. 1978. Theoretical Sensitivity: Advances in the Methodology of Grounded Theory. Sociology Press. https:\/\/books.google.com\/books?id=73-2AAAAIAAJ"},{"key":"e_1_3_2_1_8_1","volume-title":"Basics of grounded theory analysis: Emergence vs forcing","author":"Glaser Barney G","unstructured":"Barney G Glaser. 1992. Basics of grounded theory analysis: Emergence vs forcing. Sociology press."},{"key":"e_1_3_2_1_9_1","volume-title":"Discovery of grounded theory: Strategies for qualitative research","author":"Glaser Barney G","unstructured":"Barney G Glaser and Anselm L Strauss. 2017. Discovery of grounded theory: Strategies for qualitative research. Routledge Publication."},{"key":"e_1_3_2_1_10_1","volume-title":"The discovery of grounded theory: strategies for qualitative research","author":"Glaser Barney G","year":"1967","unstructured":"G Glaser Barney and L Strauss Anselm. 1967. The discovery of grounded theory: strategies for qualitative research. New York, Adline de Gruyter (1967)."},{"key":"e_1_3_2_1_11_1","volume-title":"Quantifying the attack surface of a web application. Sicherheit","author":"Heumann Thomas","year":"2010","unstructured":"Thomas Heumann, J\u00f6rg Keller, and Sven T\u00fcrpe. 2010. Quantifying the attack surface of a web application. Sicherheit 2010. Sicherheit, Schutz und Zuverl\u00e4ssigkeit (2010)."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-011-9161-0"},{"key":"e_1_3_2_1_13_1","unstructured":"Michael Howard. 2003. Fending off future attacks by reducing attack surface."},{"key":"e_1_3_2_1_14_1","volume-title":"Computer security in the 21st century","author":"Howard Michael","unstructured":"Michael Howard, Jon Pincus, and Jeannette M Wing. 2005. Measuring relative attack surfaces. In Computer security in the 21st century. Springer, 109--137."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.29"},{"key":"e_1_3_2_1_16_1","volume-title":"Sysevr: A framework for using deep learning to detect software vulnerabilities. arXiv preprint arXiv:1807.06756","author":"Li Zhen","year":"2018","unstructured":"Zhen Li, Deqing Zou, Shouhuai Xu, Hai Jin, Yawei Zhu, and Zhaoxuan Chen. 2018. Sysevr: A framework for using deep learning to detect software vulnerabilities. arXiv preprint arXiv:1807.06756 (2018)."},{"key":"e_1_3_2_1_17_1","volume-title":"Vuldeepecker: A deep learning-based system for vulnerability detection. arXiv preprint arXiv:1801.01681","author":"Li Zhen","year":"2018","unstructured":"Zhen Li, Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin, Sujuan Wang, Zhijun Deng, and Yuyi Zhong. 2018. Vuldeepecker: A deep learning-based system for vulnerability detection. arXiv preprint arXiv:1801.01681 (2018)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.60"},{"key":"e_1_3_2_1_20_1","volume-title":"Moving Target Defense","author":"Manadhata Pratyusa K","unstructured":"Pratyusa K Manadhata and Jeannette M Wing. 2011. A formal model for a system's attack surface. In Moving Target Defense. Springer, 1--28."},{"key":"e_1_3_2_1_21_1","volume-title":"CWE VIEW: Weaknesses Introduced During Design. https:\/\/cwe.mitre.org\/data\/definitions\/701.html. (Accessed on 08\/14\/2021).","author":"MITRE.","year":"2008","unstructured":"MITRE. 2008. CWE VIEW: Weaknesses Introduced During Design. https:\/\/cwe.mitre.org\/data\/definitions\/701.html. (Accessed on 08\/14\/2021)."},{"key":"e_1_3_2_1_22_1","volume-title":"CWE VIEW: Weaknesses Introduced During Implementation. https:\/\/cwe.mitre.org\/data\/definitions\/702.html. (Accessed on 08\/14\/2021).","author":"MITRE.","year":"2008","unstructured":"MITRE. 2008. CWE VIEW: Weaknesses Introduced During Implementation. https:\/\/cwe.mitre.org\/data\/definitions\/702.html. (Accessed on 08\/14\/2021)."},{"key":"e_1_3_2_1_23_1","unstructured":"MITRE. 2017. CVE-2016-10259. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2016-10259. (Accessed on 08\/14\/2021)."},{"key":"e_1_3_2_1_24_1","unstructured":"MITRE. 2019. CVE-2019-15336. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2019-15336. (Accessed on 08\/14\/2021)."},{"key":"e_1_3_2_1_25_1","unstructured":"MITRE. 2020. CVE-2020-5319. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2020-5319. (Accessed on 08\/14\/2021)."},{"key":"e_1_3_2_1_26_1","unstructured":"MITRE. 2021. Common Vulnerabilities and Exposures. https:\/\/cve.mitre.org. (Accessed on 08\/14\/2021)."},{"key":"e_1_3_2_1_27_1","unstructured":"MITRE. 2022. Common Weakness Enumeration. https:\/\/cwe.mitre.org\/index.html. (Accessed on 08\/14\/2021)."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2995306.2995311"},{"key":"e_1_3_2_1_29_1","unstructured":"NIST. 2022. National Vulnerability Database. https:\/\/nvd.nist.gov. (Accessed on 08\/14\/2021)."},{"key":"e_1_3_2_1_30_1","volume-title":"Statistics Results. https:\/\/nvd.nist.gov\/vuln\/search. [Online","author":"NVD.","year":"2021","unstructured":"NVD. 2021. Statistics Results. https:\/\/nvd.nist.gov\/vuln\/search. [Online; accessed 02-April-2021]."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1049\/iet-sen.2014.0185"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1111\/nin.12261"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180239"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884833"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.148"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-SEIP.2017.9"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2018.07.008"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2015.277"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2010.12.010"}],"event":{"name":"ICSE '22: 44th International Conference on Software Engineering","location":"Pittsburgh Pennsylvania","acronym":"ICSE '22","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS"]},"container-title":["Proceedings of the 44th International Conference on Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3510003.3510210","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,14]],"date-time":"2024-07-14T23:52:05Z","timestamp":1721001125000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3510003.3510210"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5,21]]},"references-count":38,"alternative-id":["10.1145\/3510003.3510210","10.1145\/3510003"],"URL":"https:\/\/doi.org\/10.1145\/3510003.3510210","relation":{},"subject":[],"published":{"date-parts":[[2022,5,21]]},"assertion":[{"value":"2022-07-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}