{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T21:22:52Z","timestamp":1773868972313,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":47,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,5,21]],"date-time":"2022-05-21T00:00:00Z","timestamp":1653091200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1633437, 1901102, 1925615, 2120429"],"award-info":[{"award-number":["1633437, 1901102, 1925615, 2120429"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,5,21]]},"DOI":"10.1145\/3510003.3510216","type":"proceedings-article","created":{"date-parts":[[2022,7,5]],"date-time":"2022-07-05T22:42:59Z","timestamp":1657060979000},"page":"2104-2115","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":21,"title":["The extent of orphan vulnerabilities from code reuse in open source software"],"prefix":"10.1145","author":[{"given":"David","family":"Reid","sequence":"first","affiliation":[{"name":"University of Tennessee"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mahmoud","family":"Jahanshahi","sequence":"additional","affiliation":[{"name":"University of Tennessee"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Audris","family":"Mockus","sequence":"additional","affiliation":[{"name":"University of Tennessee"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2022,7,5]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2016.12"},{"key":"e_1_3_2_1_2_1","volume-title":"2019 34th IEEE\/ACM International Conference on Automated Software Engineering (ASE). 1082--1085","author":"Amreen S.","unstructured":"S. Amreen, A. Karnauch, and A. Mockus. 2019. Developer Reputation Estimator (DRE). In 2019 34th IEEE\/ACM International Conference on Automated Software Engineering (ASE). 1082--1085."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3340482.3342742"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2018.09.016"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2083"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2015.7081868"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2014.66"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3196398.3196401"},{"key":"e_1_3_2_1_9_1","unstructured":"Dependabot. 2021. Github Dependabot. https:\/\/github.com\/dependabot"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3364641.3364650"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2005.85"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3379597.3387500"},{"key":"e_1_3_2_1_14_1","volume-title":"2017 IEEE\/ACM 14th International Conference on Mining Software Repositories (MSR). 291--301","author":"Gharehyazie M.","unstructured":"M. Gharehyazie, B. Ray, and V. Filkov. 2017. Some from Here, Some from There: Cross-Project Code Reuse in GitHub. In 2017 IEEE\/ACM 14th International Conference on Mining Software Repositories (MSR). 291--301."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2020.110653"},{"key":"e_1_3_2_1_16_1","unstructured":"Glenn Randers-Pehrson. 2020. glennrp\/libpng. https:\/\/github.com\/glennrp\/libpng"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1188913.1188921"},{"key":"e_1_3_2_1_18_1","volume-title":"2012 34th International Conference on Software Engineering (ICSE). 331--341","author":"Inoue K.","unstructured":"K. Inoue, Y. Sasaki, P. Xia, and Y. Manabe. 2012. Where does this code come from and where does it go? --- Integrated code history tracker for open source systems. In 2012 34th International Conference on Software Engineering (ICSE). 331--341."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2005.38"},{"key":"e_1_3_2_1_20_1","volume-title":"Source File Set Search for Clone-and-Own Reuse Analysis. In 2017 IEEE\/ACM 14th International Conference on Mining Software Repositories (MSR). 257--268","author":"Ishio T.","unstructured":"T. Ishio, Y. Sakaguchi, K. Ito, and K. Inoue. 2017. Source File Set Search for Clone-and-Own Reuse Analysis. In 2017 IEEE\/ACM 14th International Conference on Mining Software Repositories (MSR). 257--268."},{"key":"e_1_3_2_1_21_1","volume-title":"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation. 305--314","author":"Kawamitsu N.","unstructured":"N. Kawamitsu, T. Ishio, T. Kanda, R. G. Kula, C. De Roover, and K. Inoue. 2014. Identifying Source Code Reuse across Repositories Using LCS-Based Source Code Similarity. In 2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation. 305--314."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/130844.130856"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/MITP.2019.2895423"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR52588.2021.00086"},{"key":"e_1_3_2_1_25_1","volume-title":"World of Code: An Infrastructure for Mining the Universe of Open Source VCS Data. In 2019 IEEE\/ACM 16th International Conference on Mining Software Repositories (MSR). 143--154","author":"Ma Y.","unstructured":"Y. Ma, C. Bogart, S. Amreen, R. Zaretzki, and A. Mockus. 2019. World of Code: An Infrastructure for Mining the Universe of Open Source VCS Data. In 2019 IEEE\/ACM 16th International Conference on Mining Software Repositories (MSR). 143--154."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09905-9"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3379597.3387499"},{"key":"e_1_3_2_1_28_1","unstructured":"Paul Myerson. 2017. Can't Turn Back Time: Cybersecurity Must Be Dealt With. https:\/\/www.industryweek.com\/supply-chain\/article\/22006116\/cant-turn-back-time-cybersecurity-must-be-dealt-with"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.2017.2977"},{"key":"e_1_3_2_1_30_1","unstructured":"National Institute of Standards and Technology. 2021. National Vulnerability Database. http:\/\/nvd.nist.gov"},{"key":"e_1_3_2_1_31_1","unstructured":"OpenSSL. 2021. News\/Vulnerabilities. https:\/\/www.openssl.org\/news\/vulnerabilities.html"},{"key":"e_1_3_2_1_32_1","unstructured":"OWASP. 2017. The Open Web Application Security Project OWASP Top 10. https:\/\/owasp.org\/www-project-top-ten"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/s12130-999-1026-0"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","unstructured":"Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446. 10.17487\/RFC8446","DOI":"10.17487\/RFC8446"},{"key":"e_1_3_2_1_35_1","volume-title":"libpng.org. Retrieved","author":"Roelofs Greg","year":"2020","unstructured":"Greg Roelofs. 2006. libpng.org. Retrieved August 4, 2020 from http:\/\/www.libpng.org"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","unstructured":"Crowe S Cresswell K Robertson A Huby G Avery A and Sheikh A. 2011. The case study approach. BMC Medical Research Methodology (2011). 10.1186\/1471-2288-11-100","DOI":"10.1186\/1471-2288-11-100"},{"key":"e_1_3_2_1_37_1","unstructured":"Slashdot Media. 2020. SourceForge. https:\/\/sourceforge.net"},{"key":"e_1_3_2_1_38_1","unstructured":"The Apache Software Foundation. 2021. Apache Maven Project. https:\/\/maven.apache.org\/"},{"key":"e_1_3_2_1_39_1","unstructured":"The MITRE Corporation. 2014. CVE-2014-0160. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0160"},{"key":"e_1_3_2_1_40_1","unstructured":"The MITRE Corporation. 2017. CVE-2017-12652. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-12652"},{"key":"e_1_3_2_1_41_1","unstructured":"The MITRE Corporation. 2021. Common Vulnerabilities and Exposures (CVE). https:\/\/cve.mitre.org\/"},{"key":"e_1_3_2_1_42_1","unstructured":"The MITRE Corporation. 2021. CVE-2021-29482. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-29482"},{"key":"e_1_3_2_1_43_1","unstructured":"The MITRE Corporation. 2021. CVE-2021-3449. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-3449"},{"key":"e_1_3_2_1_44_1","volume-title":"LIBPNG: PNG reference library. https:\/\/sourceforge.net\/projects\/libpng","author":"Truta Cosmin","year":"2020","unstructured":"Cosmin Truta and Glenn Randers-Pehrson. 2020. LIBPNG: PNG reference library. https:\/\/sourceforge.net\/projects\/libpng"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.59"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.11185\/imt.7.1370"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.11185\/imt.9.155"}],"event":{"name":"ICSE '22: 44th International Conference on Software Engineering","location":"Pittsburgh Pennsylvania","acronym":"ICSE '22","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS"]},"container-title":["Proceedings of the 44th International Conference on Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3510003.3510216","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3510003.3510216","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3510003.3510216","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:12:24Z","timestamp":1750191144000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3510003.3510216"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5,21]]},"references-count":47,"alternative-id":["10.1145\/3510003.3510216","10.1145\/3510003"],"URL":"https:\/\/doi.org\/10.1145\/3510003.3510216","relation":{},"subject":[],"published":{"date-parts":[[2022,5,21]]},"assertion":[{"value":"2022-07-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}