{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T12:09:16Z","timestamp":1766491756560,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":43,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,6,17]]},"DOI":"10.1145\/3727967.3756836","type":"proceedings-article","created":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T11:53:17Z","timestamp":1766490797000},"page":"117-126","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Evaluating the Effectiveness of SAST Tools: A Comparative Study on Vulnerability Detection, Reporting, and Usability"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-1522-1147","authenticated-orcid":false,"given":"Haifa","family":"Al-Shammare","sequence":"first","affiliation":[{"name":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1696-8660","authenticated-orcid":false,"given":"Rawan","family":"Alraddadi","sequence":"additional","affiliation":[{"name":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-8956-5003","authenticated-orcid":false,"given":"Faten","family":"Al-Abdulwahhab","sequence":"additional","affiliation":[{"name":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7318-7644","authenticated-orcid":false,"given":"Mahmood","family":"Niazi","sequence":"additional","affiliation":[{"name":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6339-2257","authenticated-orcid":false,"given":"Mamoona","family":"Humayun","sequence":"additional","affiliation":[{"name":"University of Roehampton, London, United Kingdom"}]}],"member":"320","published-online":{"date-parts":[[2025,12,23]]},"reference":[{"key":"e_1_3_3_2_1_2","volume-title":"2018 IEEE International Conference on Big Data: proceedings: December 10 - 13, 2018","author":"Abe N.","year":"2018","unstructured":"N. Abe, 2018 IEEE International Conference on Big Data: proceedings: December 10 - 13, 2018, Seattle, WA, USA. Institute of Electrical and Electronics Engineers, 2018."},{"key":"e_1_3_3_2_2_2","doi-asserted-by":"publisher","DOI":"10.1109\/issre.2019.00040"},{"key":"e_1_3_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-021-09959-3"},{"key":"e_1_3_3_2_4_2","doi-asserted-by":"publisher","DOI":"10.32604\/cmc.2020.010885"},{"key":"e_1_3_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.32604\/cmc.2022.019289"},{"key":"e_1_3_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1007\/s13369-016-2362-5"},{"key":"e_1_3_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2015.08.002"},{"key":"e_1_3_3_2_8_2","doi-asserted-by":"publisher","DOI":"10.3390\/electronics8111218"},{"key":"e_1_3_3_2_9_2","doi-asserted-by":"publisher","DOI":"10.1145\/3691621.3694947"},{"key":"e_1_3_3_2_10_2","first-page":"245","article-title":"Guerrilla HCI: Using discount usability engineering to penetrate the intimidation barrier","author":"Nielsen J.","year":"1994","unstructured":"J. Nielsen, \u201cGuerrilla HCI: Using discount usability engineering to penetrate the intimidation barrier,\u201d Cost-justifying usability, pp. 245\u2013272, 1994.","journal-title":"Cost-justifying usability"},{"key":"e_1_3_3_2_11_2","volume-title":"10 usability heuristics for user interface design","author":"Jakob I. N.","year":"1995","unstructured":"I. N. Jakob, \u201c10 usability heuristics for user interface design,\u201d Nielsen Norman Group, vol. 1, 1995."},{"key":"e_1_3_3_2_12_2","doi-asserted-by":"publisher","DOI":"10.1145\/3356773.3356798"},{"key":"e_1_3_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3338952"},{"key":"e_1_3_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.3390\/app10249119"},{"key":"e_1_3_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1007\/s00607-018-0664-z"},{"key":"e_1_3_3_2_16_2","volume-title":"SecSE@ESORICS","author":"Oyetoyan T. D.","year":"2017","unstructured":"T. D. Oyetoyan and M. L. Chaim, \u201cComparing Capability of Static Analysis Tools to Detect Security Weaknesses in Mobile Applications,\u201d in SecSE@ESORICS, 2017."},{"key":"e_1_3_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2018.2839339"},{"key":"e_1_3_3_2_18_2","doi-asserted-by":"publisher","DOI":"10.1109\/INFOTEH51037.2021.9400688"},{"key":"e_1_3_3_2_19_2","volume-title":"USENIX Security Symposium","author":"Smith J.","year":"2020","unstructured":"J. Smith, L. N. Q. Do, and E. R. Murphy-Hill, \u201cWhy Can't Johnny Fix Vulnerabilities: A Usability Evaluation of Static Analysis Tools for Security,\u201d in SOUPS @ USENIX Security Symposium, 2020."},{"key":"e_1_3_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.2507\/31st.daaam.proceedings.078"},{"key":"e_1_3_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1145\/3661167.3661279"},{"key":"e_1_3_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2015.08.002"},{"key":"e_1_3_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2018.8622456"},{"key":"e_1_3_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09880-1"},{"key":"e_1_3_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2016.105"},{"key":"e_1_3_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-025-10621-5"},{"key":"e_1_3_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-80020-7_13"},{"key":"e_1_3_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1002\/0471028959.sof142"},{"volume-title":"NIST. Accessed","year":"2021","key":"e_1_3_3_2_29_2","unstructured":"\u201cSource code security analyzers,\u201d NIST. Accessed: Dec. 21, 2021. [Online]. Available: https:\/\/www.nist.gov\/itl\/ssd\/software-qualitygroup\/source-code-security-analyzers"},{"key":"e_1_3_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2017.24"},{"key":"e_1_3_3_2_31_2","doi-asserted-by":"publisher","DOI":"10.1109\/iSCI50694.2020.00021"},{"key":"e_1_3_3_2_32_2","volume-title":"NTNU","author":"Beba S.","year":"2019","unstructured":"S. Beba and M. M. Karlsen, \u201cImplementation Analysis of Open-Source Static Analysis Tools for Detecting Security Vulnerabilities,\u201d NTNU, 2019."},{"key":"e_1_3_3_2_33_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-91602-6_6"},{"key":"e_1_3_3_2_34_2","first-page":"15","volume-title":"2015 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2015","volume":"27","author":"Shiraishi Shinichi Mohan V. M. H.","year":"2016","unstructured":"V. M. H. Shiraishi Shinichi Mohan, \u201cTest suites for benchmarks of static analysis tools,\u201d 2015 IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2015, vol. 27, no. 2, pp. 12\u201315, 2016"},{"key":"e_1_3_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1145\/2998626.2998662"},{"volume-title":"Accessed","year":"2021","key":"e_1_3_3_2_36_2","unstructured":"\u201cSystem usability scale (sus) score,\u201d measuringu. Accessed: Dec. 18, 2021. [Online]. Available: https:\/\/measuringu.com\/interpret-susscore"},{"key":"e_1_3_3_2_37_2","doi-asserted-by":"publisher","DOI":"10.15575\/join.v6i1.700"},{"volume-title":"Accessed","year":"2021","key":"e_1_3_3_2_38_2","unstructured":"\u201c5 ways to interpret a sus score,\u201d measuringu. Accessed: Dec. 18, 2021. [Online]. Available: https:\/\/measuringu.com\/interpret-susscore"},{"key":"e_1_3_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.5555\/2835587.2835589"},{"key":"e_1_3_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.3004525"},{"key":"e_1_3_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/PDGC.2018.8745996"},{"volume-title":"Accessed","year":"2021","key":"e_1_3_3_2_42_2","unstructured":"\u201cSystem usability scale (sus) score.\u201d Accessed: Dec. 18, 2021. [Online]. Available: https:\/\/stuart-cunningham.github.io\/sus\/"},{"volume-title":"Static analysis tools evaluation criteria","year":"2013","key":"e_1_3_3_2_43_2","unstructured":"\u201cStatic analysis tools evaluation criteria,\u201d 2013."}],"event":{"name":"EASE Companion '25: Evaluation and Assessment in Software Engineering","acronym":"EASE Companion '25","location":"Istanbul Turkiye"},"container-title":["Proceedings of the 2025 29th International Conference on Evaluation and Assessment in Software Engineering Companion"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3727967.3756836","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T12:07:19Z","timestamp":1766491639000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3727967.3756836"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,17]]},"references-count":43,"alternative-id":["10.1145\/3727967.3756836","10.1145\/3727967"],"URL":"https:\/\/doi.org\/10.1145\/3727967.3756836","relation":{},"subject":[],"published":{"date-parts":[[2025,6,17]]},"assertion":[{"value":"2025-12-23","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}