{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:12:39Z","timestamp":1750219959384,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":47,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,8]],"date-time":"2022-11-08T00:00:00Z","timestamp":1667865600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,11]]},"DOI":"10.1145\/3560835.3564553","type":"proceedings-article","created":{"date-parts":[[2022,11,9]],"date-time":"2022-11-09T02:38:26Z","timestamp":1667961506000},"page":"73-82","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Adapting Static Taint Analyzers to Software Marketplaces"],"prefix":"10.1145","author":[{"given":"Daniel","family":"Krohmer","sequence":"first","affiliation":[{"name":"Fraunhofer IESE, Kaiserslautern, Germany"}]},{"given":"Kunal","family":"Sharma","sequence":"additional","affiliation":[{"name":"University of Kaiserslautern, Kaiserslautern, Germany"}]},{"given":"Shi","family":"Chen","sequence":"additional","affiliation":[{"name":"University of Kaiserslautern, Kaiserslautern, Germany"}]}],"member":"320","published-online":{"date-parts":[[2022,11,8]]},"reference":[{"doi-asserted-by":"publisher","key":"e_1_3_2_1_1_1","DOI":"10.1145\/2351676.2351691"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_2_1","DOI":"10.1145\/1809100.1809110"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_3_1","DOI":"10.1109\/EuroSP.2017.14"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_4_1","DOI":"10.1109\/SP.2008.22"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_5_1","DOI":"10.1109\/ICSE43902.2021.00054"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_6_1","DOI":"10.5555\/184656.180369"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_7_1","DOI":"10.1145\/3314221.3314648"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_8_1","DOI":"10.1145\/3468264.3473934"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_9_1","DOI":"10.1145\/3301417.3312497"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_10_1","DOI":"10.1109\/ICSPCT.2014.6884962"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_11_1","DOI":"10.1109\/TSE.2007.70748"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_12_1","DOI":"10.1145\/1181775.1181797"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_13_1","DOI":"10.1109\/ICITIS.2010.5689529"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_14_1","DOI":"10.1109\/SP.2006.29"},{"volume-title":"Static Analysis for Detecting Taint-Style Vulnerabilities in Web Applications","author":"Jovanovic Nenad","unstructured":"Nenad Jovanovic, Christopher Kruegel, and Engin Kirda. 2010. Static Analysis for Detecting Taint-Style Vulnerabilities in Web Applications. , Vol. 18, 5 (sep 2010), 861--907.","key":"e_1_3_2_1_15_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_16_1","DOI":"10.1109\/TSE.2018.2878020"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_17_1","DOI":"10.1145\/3230833.3230856"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_18_1","DOI":"10.1145\/2508859.2516703"},{"doi-asserted-by":"publisher","unstructured":"Song Li Mingqing Kang Jianwei Hou and Yinzhi Cao. 2021. Detecting Node.js prototype pollution vulnerabilities via object lookup analysis. 268--279. https:\/\/doi.org\/10.1145\/3468264.3468542","key":"e_1_3_2_1_19_1","DOI":"10.1145\/3468264.3468542"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_20_1","DOI":"10.1145\/1542476.1542485"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_21_1","DOI":"10.1145\/3459012.3459013"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_22_1","DOI":"10.1007\/978--3-030--81688--9_36"},{"doi-asserted-by":"publisher","unstructured":"Achmad Fahrurrozi Maskur and Yudistira Dwi Wardhana Asnar. 2019. Static Code Analysis Tools with the Taint Analysis Method for Detecting Web Application Vulnerability. In 2019 International Conference on Data and Software Engineering (ICoDSE). 1--6. https:\/\/doi.org\/10.1109\/ICoDSE48700.2019.9092614","key":"e_1_3_2_1_23_1","DOI":"10.1109\/ICoDSE48700.2019.9092614"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_24_1","DOI":"10.1109\/TR.2015.2457411"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_25_1","DOI":"10.1145\/2931037.2931041"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_26_1","DOI":"10.1145\/2566486.2568024"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_27_1","DOI":"10.1109\/IWSESS.2009.5068455"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_28_1","DOI":"10.18420\/SE2021_27"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_29_1","DOI":"10.1145\/1377943.1377956"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_30_1","DOI":"10.1145\/3338906.3338933"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_31_1","DOI":"10.1147\/sj.462.0265"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_32_1","DOI":"10.1016\/j.scico.2013.03.012"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_33_1","DOI":"10.1145\/3332371"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_34_1","DOI":"10.1145\/3377811.3380390"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_35_1","DOI":"10.1145\/2993600.2993606"},{"key":"e_1_3_2_1_36_1","volume-title":"DjangoChecker: Applying Extended Taint Tracking and Server Side Parsing for Detection of Context-Sensitive XSS Flaws. CoRR","author":"Steinhauser Anton'i","year":"2019","unstructured":"Anton'i n Steinhauser and Petr Tuma. 2019. DjangoChecker: Applying Extended Taint Tracking and Server Side Parsing for Detection of Context-Sensitive XSS Flaws. CoRR , Vol. abs\/2005.06990 (2019). showeprint[arXiv]2005.06990 https:\/\/arxiv.org\/abs\/2005.06990"},{"key":"e_1_3_2_1_37_1","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Stock Ben","year":"2014","unstructured":"Ben Stock, Sebastian Lekies, Tobias Mueller, Patrick Spiegel, and Martin Johns. 2014. Precise Client-side Protection against DOM-based Cross-Site Scripting. In 23rd USENIX Security Symposium (USENIX Security 14). USENIX Association, San Diego, CA, 655--670. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/stock"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_38_1","DOI":"10.1145\/1542476.1542486"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_39_1","DOI":"10.1109\/MSP.2005.159"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_40_1","DOI":"10.1109\/SANER50967.2021.00062"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_41_1","DOI":"10.1145\/1368088.1368112"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_42_1","DOI":"10.1145\/2483760.2483788"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_43_1","DOI":"10.1109\/PAAP.2014.10"},{"key":"e_1_3_2_1_44_1","volume-title":"Yan and Heng Yin","author":"Lok","year":"2017","unstructured":"Lok K. Yan and Heng Yin. 2017. SoK : On the Soundness and Precision of Dynamic Taint Analysis."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_45_1","DOI":"10.1109\/ICCT.2017.8359859"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_46_1","DOI":"10.1109\/IMIS.2016.46"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_47_1","DOI":"10.1109\/ICSE.2013.6606611"}],"event":{"sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"acronym":"CCS '22","name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","location":"Los Angeles CA USA"},"container-title":["Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3560835.3564553","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3560835.3564553","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:49:09Z","timestamp":1750182549000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3560835.3564553"}},"subtitle":["A Leverage Point for Mass Vulnerability Detection?"],"short-title":[],"issued":{"date-parts":[[2022,11,8]]},"references-count":47,"alternative-id":["10.1145\/3560835.3564553","10.1145\/3560835"],"URL":"https:\/\/doi.org\/10.1145\/3560835.3564553","relation":{},"subject":[],"published":{"date-parts":[[2022,11,8]]},"assertion":[{"value":"2022-11-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}