{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T19:36:50Z","timestamp":1772048210066,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":31,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,6,18]],"date-time":"2024-06-18T00:00:00Z","timestamp":1718668800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,6,18]]},"DOI":"10.1145\/3661167.3661262","type":"proceedings-article","created":{"date-parts":[[2024,6,14]],"date-time":"2024-06-14T12:24:25Z","timestamp":1718367865000},"page":"614-623","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["Semgrep*: Improving the Limited Performance of Static Application Security Testing (SAST) Tools"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7592-7079","authenticated-orcid":false,"given":"Gareth","family":"Bennett","sequence":"first","affiliation":[{"name":"School of Computing and Communications, Lancaster University, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2728-9014","authenticated-orcid":false,"given":"Tracy","family":"Hall","sequence":"additional","affiliation":[{"name":"School of Computing and Communications, Lancaster University, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3314-7300","authenticated-orcid":false,"given":"Emily","family":"Winter","sequence":"additional","affiliation":[{"name":"School of Computing and Communications, Lancaster University, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2939-8919","authenticated-orcid":false,"given":"Steve","family":"Counsell","sequence":"additional","affiliation":[{"name":"Dept. of Computer Science, Brunel University, United Kingdom"}]}],"member":"320","published-online":{"date-parts":[[2024,6,18]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/11535706_21"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2019.110427"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.5120\/ijca2017914750"},{"key":"e_1_3_2_1_4_1","volume-title":"Understanding Industry Perspectives of Static Analysis based Security Testing. arXiv preprint arXiv:2307.16325","author":"Ami Amit\u00a0Seal","year":"2023","unstructured":"Amit\u00a0Seal Ami, Kevin Moran, Denys Poshyvanyk, and Adwait Nadkarni. 2023. \" False negative\u2013that one is going to kill you\": Understanding Industry Perspectives of Static Analysis based Security Testing. arXiv preprint arXiv:2307.16325 (2023)."},{"key":"e_1_3_2_1_5_1","unstructured":"Ross Anderson. 2002. Security in open versus closed systems\u2014the dance of Boltzmann Coase and Moore. (2002)."},{"key":"e_1_3_2_1_6_1","unstructured":"Aman Anupam Prathika Gonchigar Shashank Sharma Prapulla SB and Anala MR. 2020. Analysis of Open Source Node. js Vulnerability Scanners. (2020)."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SYNASC.2017.00035"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2009.163"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2016.105"},{"key":"e_1_3_2_1_10_1","unstructured":"Paul\u00a0E Black Damien Cupif Guillaume Haben Alex-Kevin Loembe Vadim Okun and Yann Prono. 2023. SATE VI Report. (2023)."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3087402"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3475716.3475781"},{"key":"e_1_3_2_1_13_1","unstructured":"cve. 1999. CVE Program Mission. https:\/\/www.cve.org\/. Accessed: 2023-08-04."},{"key":"e_1_3_2_1_14_1","unstructured":"cwe. 2022. 2022 CWE Top 25 Most Dangerous Software Weaknesses. https:\/\/cwe.mitre.org\/top25\/archive\/2022\/2022_cwe_top25.html. Accessed: 2023-07-19."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.500-326"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-022-10179-6"},{"key":"e_1_3_2_1_17_1","unstructured":"Christoph Gentsch. 2020. Evaluation of open source static analysis security testing (SAST) tools for c. (2020)."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2013.6606613"},{"key":"e_1_3_2_1_19_1","unstructured":"Kaixuan Li Sen Chen Lingling Fan Ruitao Feng Han Liu Chengwei Liu Yang Liu and Yixiang Chen. 2023. Comparison and Evaluation on Static Application Security Testing (SAST) Tools for Java. (2023)."},{"key":"e_1_3_2_1_20_1","volume-title":"Evaluation of static analysis tools for finding vulnerabilities in Java and C\/C++ source code. arXiv preprint arXiv:1805.09040","author":"Mahmood Rahma","year":"2018","unstructured":"Rahma Mahmood and Qusay\u00a0H Mahmoud. 2018. Evaluation of static analysis tools for finding vulnerabilities in Java and C\/C++ source code. arXiv preprint arXiv:1805.09040 (2018)."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.3390\/app10249119"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1193213"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"crossref","unstructured":"P.J. Morrison R. Pandita and X. Xiao. 2018. Are vulnerabilities discovered and resolved like other defects?. In Empir Software Eng 23. 1383\u20131421.","DOI":"10.1007\/s10664-017-9541-1"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-016-9447-3"},{"key":"e_1_3_2_1_25_1","unstructured":"Owasp NodeGoat. 2013. OWASP NodeGoat. https:\/\/github.com\/OWASP\/NodeGoat. Accessed: 2023-07-19."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00607-018-0664-z"},{"key":"e_1_3_2_1_27_1","unstructured":"owasp. 2023. Source Code Analysis Tools. https:\/\/owasp.org\/www-community\/Source_Code_Analysis_Tools. Accessed: 2023-07-18."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2019.00064"},{"key":"e_1_3_2_1_29_1","unstructured":"SARD. 2000. NIST Software Assurance Reference Dataset. https:\/\/samate.nist.gov\/SARD\/. Accessed: 2023-07-19."},{"key":"e_1_3_2_1_30_1","volume-title":"Static Analysis Tool Exposition (SATE). https:\/\/www.nist.gov\/itl\/ssd\/software-quality-group\/samate\/static-analysis-tool-exposition-sate. Accessed: 2023-07-18","year":"2013","unstructured":"sate. 2013. Static Analysis Tool Exposition (SATE). https:\/\/www.nist.gov\/itl\/ssd\/software-quality-group\/samate\/static-analysis-tool-exposition-sate. Accessed: 2023-07-18."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-019-09750-5"}],"event":{"name":"EASE 2024: 28th International Conference on Evaluation and Assessment in Software Engineering","location":"Salerno Italy","acronym":"EASE 2024"},"container-title":["Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3661167.3661262","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3661167.3661262","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T11:12:51Z","timestamp":1755861171000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3661167.3661262"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,18]]},"references-count":31,"alternative-id":["10.1145\/3661167.3661262","10.1145\/3661167"],"URL":"https:\/\/doi.org\/10.1145\/3661167.3661262","relation":{},"subject":[],"published":{"date-parts":[[2024,6,18]]},"assertion":[{"value":"2024-06-18","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}