{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T06:58:20Z","timestamp":1782889100029,"version":"3.54.5"},"publisher-location":"New York, NY, USA","reference-count":65,"publisher":"ACM","license":[{"start":{"date-parts":[[2026,6,30]],"date-time":"2026-06-30T00:00:00Z","timestamp":1782777600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-2054911"],"award-info":[{"award-number":["CNS-2054911"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-2055014"],"award-info":[{"award-number":["CNS-2055014"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,6,30]]},"DOI":"10.1145\/3805773.3805995","type":"proceedings-article","created":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T05:20:41Z","timestamp":1782883241000},"page":"44-56","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["ASN1spect: Uncovering ASN.1 Compiler-Generated Vulnerabilities in Critical Infrastructure"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7907-2327","authenticated-orcid":false,"given":"Seaver","family":"Thorn","sequence":"first","affiliation":[{"name":"North Carolina State University, Raleigh, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3315-938X","authenticated-orcid":false,"given":"Nathaniel","family":"Bennett","sequence":"additional","affiliation":[{"name":"University of Florida, Gainesville, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7498-4239","authenticated-orcid":false,"given":"Kevin","family":"Butler","sequence":"additional","affiliation":[{"name":"University of Florida, Gainesville, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7143-5189","authenticated-orcid":false,"given":"Patrick","family":"Traynor","sequence":"additional","affiliation":[{"name":"University of Florida, Gainesville, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3043-8092","authenticated-orcid":false,"given":"William","family":"Enck","sequence":"additional","affiliation":[{"name":"North Carolina State University, Raleigh, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2026,6,30]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/36"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3670320"},{"key":"e_1_3_2_1_3_1","unstructured":"Bosch. 2022. Bosch -Open-Source Software Attributions for XC_CT_RN_AIVI_Scope 3.x. https:\/\/oss.bosch-cm.com\/download\/Mi tsubishi\/5128_210730\/OSS_Disclosure_Document_5128_210730.pdf."},{"key":"e_1_3_2_1_4_1","unstructured":"brchiu. 2017. Simplify the logic of accessing codec function for specific TYPE \u2022 vlm\/asn1c@1fa31c9. https:\/\/github.com\/vlm\/asn1c\/commit\/1fa31c9e3e41822514 39e8d5795fe4abf73f3152."},{"key":"e_1_3_2_1_5_1","first-page":"209","volume-title":"KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In 8th USENIX Symposium on Operating Systems Design and Implementation. USENIX Association","author":"Cadar Cristian","year":"2008","unstructured":"Cristian Cadar, Daniel Dunbar, and Dawson Engler. 2008. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In 8th USENIX Symposium on Operating Systems Design and Implementation. USENIX Association, San Diego, CA, 209-224. https:\/\/www.usenix.org\/legacy\/ event\/osdi08\/tech\/full_papers\/cadar\/cadar.pdf"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.40"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598110"},{"key":"e_1_3_2_1_8_1","volume-title":"Cisco Systems","author":"Inc.","year":"2017","unstructured":"Inc. Cisco Systems. 2017. Open Source Used In Samsung 7252S v1. https:\/\/linqcd n.avbportal.com\/documents\/2b290775-0cca-4d76-8844-2f5f77b59867.pdf."},{"key":"e_1_3_2_1_9_1","volume-title":"Cisco Systems","author":"Inc.","year":"2025","unstructured":"Inc. Cisco Systems. 2025. Open Source Used In Cisco Secure Endpoint Connector (Mac) 1.24.0. https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/open_ source\/docs\/CiscoSecureEndpointConnectorMac-1270-1747841284.pdf."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00220"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP57164.2023.00036"},{"key":"e_1_3_2_1_12_1","first-page":"2","article-title":"Top Five Challenges in Software Supply Chain Security: Observations From 30 Industry and Government Organizations","volume":"20","author":"Enck William","year":"2022","unstructured":"William Enck and Laurie Williams. 2022. Top Five Challenges in Software Supply Chain Security: Observations From 30 Industry and Government Organizations. IEEE Security and Privacy Magazine 20, 2 (March\/April 2022).","journal-title":"IEEE Security and Privacy Magazine"},{"key":"e_1_3_2_1_13_1","unstructured":"esnacc. 2024. esnacc\/esnacc-ng: A continuation of the Enhanced SNACC ASN.1 compiler. https:\/\/github.com\/esnacc\/esnacc-ng."},{"key":"e_1_3_2_1_14_1","unstructured":"European Space Agency. 2024. ASN1SCC: An open source ASN.1 compiler for embedded systems. https:\/\/github.com\/esa\/asn1scc."},{"key":"e_1_3_2_1_15_1","unstructured":"OpenSSL Software Foundation. 2018. CVE -CVE-2018-0739. https:\/\/cve.mitre.or g\/cgi-bin\/cvename.cgi?name=CVE-2018-0739."},{"key":"e_1_3_2_1_16_1","unstructured":"gatopeich. 2021. Version string is always the same even across forks! \u2022 Issue #75 \u2022 mouse07410\/asn1c. https:\/\/github.com\/mouse07410\/asn1c\/issues\/75."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382204"},{"key":"e_1_3_2_1_18_1","unstructured":"Google. 2024. protocolbuffers\/protobuf. https:\/\/github.com\/protocolbuffers\/pro tobuf."},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of the International Conference on Software Engineering (ICSE).","author":"He Hao","year":"2026","unstructured":"Hao He, Haoqin Yang, Philipp Burckhardt, Alexandros Kapravelos, Bogdan Vasilescu, and Christian K\u00e4stner. 2026. Six Million (Suspected) Fake Stars on GitHub: A Growing Spiral of Popularity Contests, Spams, and Malware. In Proceedings of the International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_20_1","unstructured":"ICAO. 2016. Procedures for Air Navigation Services (PANS) -Air Traffic Management (Doc 4444). https:\/\/store.icao.int\/en\/procedures-for-air-navigationservices-air-traffic-management-doc-4444."},{"key":"e_1_3_2_1_21_1","unstructured":"Objective Systems Inc. 2024. License Management FAQ. https:\/\/obj-sys.com\/su pport\/license-faq.php."},{"key":"e_1_3_2_1_22_1","unstructured":"ISO. [n. d.]. Industrial automation systems -Manufacturing Message Specification. https:\/\/www.iso.org\/standard\/37079.html."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.13"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.62"},{"key":"e_1_3_2_1_25_1","unstructured":"Tomasz Lemiech. 2024. szpajder\/libacars. https:\/\/github.com\/szpajder\/libacars."},{"key":"e_1_3_2_1_26_1","volume-title":"Embedded Real Time Software and Systems (ERTS) (Feb","author":"Mamais George","year":"2012","unstructured":"George Mamais, Thanassis Tsiodras, David Lesens, and Maxime Perrotin. 2012. An ASN.1 compiler for embedded\/space systems. Embedded Real Time Software and Systems (ERTS) (Feb. 2012)."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE55347.2025.00004"},{"key":"e_1_3_2_1_28_1","unstructured":"MITRE. [n. d.]. NVD -CVE-2016-4421. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE- 2016-4421."},{"key":"e_1_3_2_1_29_1","unstructured":"Juniper Networks. 2015. Juniper Networks\u00ae Steel-Belted Radius\u00ae Carrier Administration and Configuration Guide. https:\/\/www.juniper.net\/documentatio n\/en_US\/sbr-carrier8.1.0\/information-products\/topic-collections\/sbr-adminguide-10\/book-sw-sbrc-admin.pdf."},{"key":"e_1_3_2_1_30_1","unstructured":"NextEPC. 2025. nextepc\/nextepc. https:\/\/github.com\/nextepc\/nextepc."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3573105.3575684"},{"key":"e_1_3_2_1_32_1","unstructured":"OSS Nokalva. 2024. Product Licensing. https:\/\/www.oss.com\/products\/purchase. html."},{"key":"e_1_3_2_1_33_1","unstructured":"OSS Nokalva. 2025. ASN.1 Made Simple -Constraints. https:\/\/www.oss.com\/as n1\/resources\/asn1-made-simple\/advanced-constraints.html."},{"key":"e_1_3_2_1_34_1","unstructured":"Oracle. 2018. Oracle Communications Control Plane Monitor Licensing Information User Manual. https:\/\/docs.oracle.com\/communications\/E89194_01\/doc.40\/ om_40_licensing_information.pdf."},{"key":"e_1_3_2_1_35_1","unstructured":"Terence Parr. 2025. ANTLR. https:\/\/www.antlr.org\/."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.27"},{"key":"e_1_3_2_1_37_1","unstructured":"Martin Pluskal. 2026. OpenSUSE:Factory Build Status of asn1c. https:\/\/build.op ensuse.org\/package\/show\/devel:tools:compiler\/asn1c."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW50608.2020.00065"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/WiMob52687.2021.9606317"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3324884.3416552"},{"key":"e_1_3_2_1_41_1","first-page":"1465","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Ramananandro Tahina","year":"2019","unstructured":"Tahina Ramananandro, Antoine Delignat-Lavaud, Cedric Fournet, Nikhil Swamy, Tej Chajed, Nadim Kobeissi, and Jonathan Protzenko. 2019. EverParse: Verified secure Zero-Copy parsers for authenticated message formats. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 1465-1482. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/ delignat-lavaud"},{"key":"e_1_3_2_1_42_1","unstructured":"Joseph L Rios and Moffett Field. 2015. A Formal Messaging Notation for Alaskan Aviation Data. https:\/\/ntrs.nasa.gov\/api\/citations\/20150022356\/downloads\/2015 0022356.pdf."},{"key":"e_1_3_2_1_43_1","unstructured":"SatDump. 2024. SatDump\/SatDump. https:\/\/github.com\/SatDump\/SatDump."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","unstructured":"J\u00fcrgen Sch\u00f6nw\u00e4lder David T. Perkins and Keith McCloghrie. 1999. Structure of Management Information Version 2 (SMIv2). Request for Comments RFC 2578. Internet Engineering Task Force. https:\/\/doi.org\/10.17487\/RFC2578 Num Pages: 42. 10.17487\/RFC2578","DOI":"10.17487\/RFC2578"},{"key":"e_1_3_2_1_45_1","unstructured":"ITU Telecommunication Standardization Sector. 1988. Specification of Abstract Syntax Notation One (ASN.1). https:\/\/www.itu.int\/rec\/dologin_pub.asp?lang=e &id=T-REC-X.208-198811-W!!PDF-E&type=items."},{"key":"e_1_3_2_1_46_1","unstructured":"ITU Telecommunication Standardization Sector. 1988. X.400 : Message handling system and service overview. https:\/\/www.itu.int\/rec\/T-REC-F.400-198811-S\/en."},{"key":"e_1_3_2_1_47_1","unstructured":"ITU Telecommunication Standardization Sector. 2019. X.509: Information technology -Open Systems Interconnection -The Directory: Public-key and attribute certificate frameworks. https:\/\/www.itu.int\/rec\/T-REC-X.509."},{"key":"e_1_3_2_1_48_1","unstructured":"ITU Telecommunication Standardization Sector. 2021. X.680: Information technology -Abstract Syntax Notation One (ASN.1): Specification of basic notation. https:\/\/www.itu.int\/rec\/t-rec-x.680\/en."},{"key":"e_1_3_2_1_49_1","unstructured":"ITU Telecommunication Standardization Sector. 2021. X.681: Information technology -Abstract Syntax Notation One (ASN.1): Information object specification. https:\/\/www.itu.int\/rec\/T-REC-X.681\/en."},{"key":"e_1_3_2_1_50_1","unstructured":"Eugene Seliverstov. 2026. Debian -Details of package asn1c in trixie. https: \/\/packages.debian.org\/trixie\/asn1c."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"e_1_3_2_1_52_1","unstructured":"Siemens. 2023. Siemens -License Conditions. https:\/\/cache.industry.siemens.c om\/dl\/files\/710\/109825710\/att_1158963\/v1\/OSS_SINEC-INS_99.pdf."},{"key":"e_1_3_2_1_53_1","unstructured":"Telecom Behnke. 2019. Telecom Behnke -Wichtige Lizenzinformation. https: \/\/www.behnke-online.de\/de\/downloads\/lizenzinf ormation\/488-aktuellelizenzinformationen\/file."},{"key":"e_1_3_2_1_54_1","first-page":"6647","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Vasquez Willy R.","year":"2023","unstructured":"Willy R. Vasquez, Stephen Checkoway, and Hovav Shacham. 2023. The most dangerous codec in the world: Finding and exploiting vulnerabilities in H.264 decoders. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA, 6647-6664. https:\/\/www.usenix.org\/conference\/us enixsecurity23\/presentation\/vasquez"},{"key":"e_1_3_2_1_55_1","unstructured":"Vasil Velichkov. 2024. velichkov\/asn1c. https:\/\/github.com\/velichkov\/asn1c."},{"key":"e_1_3_2_1_56_1","unstructured":"Viasat. 2022. Viasat -Open Source Software Notice. https:\/\/www.viasat.com\/con tent\/dam\/us-site\/corporate\/documents\/MobileDynamicDefense_open_source_ notices_for_web_page.pdf."},{"key":"e_1_3_2_1_57_1","unstructured":"Viasat. 2024. Classic Aero. https:\/\/www.viasat.com\/aviation\/flight-operationsand-safety\/classic-aero\/."},{"key":"e_1_3_2_1_58_1","unstructured":"Lev Walkin. 2009. asn1c in iPhone. https:\/\/lionet.livejournal.com\/43412.html."},{"key":"e_1_3_2_1_59_1","unstructured":"Lev Walkin. 2013. fix default constraint checking \u2022 vlm\/asn1c@6169b8d. https: \/\/github.com\/vlm\/asn1c\/commit\/6169b8d5654ca53692ea50ca573408a1321a50f7."},{"key":"e_1_3_2_1_60_1","unstructured":"Lev Walkin. 2016. Where is my code? https:\/\/lionet.livejournal.com\/138575.html."},{"key":"e_1_3_2_1_61_1","unstructured":"Lev Walkin. 2017. Open Source ASN.1 Compiler: asn1c 0.9.28. https:\/\/lionet.inf o\/asn1c\/compiler.html."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP6062"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","unstructured":"2024.00040 ISSN: 2995-1356. 10.1109\/EuroSP60621.2024.00040","DOI":"10.1109\/EuroSP60621.2024.00040"},{"key":"e_1_3_2_1_64_1","volume-title":"Proceedings of the IEEE\/ACM 45th International Conference on Software Engineering (ICSE).","author":"Zhou Jiayuan","unstructured":"Jiayuan Zhou, Michael Pacheco, Jinfu Chen, Xing Hu, Xin Xia, David Lo, and Ahmed E. Hassan. 2023. CoLeFunDa: Explainable Silent Vulnerability Fix Identification. In Proceedings of the IEEE\/ACM 45th International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_65_1","volume-title":"Proceedings of the IEEE\/ACM International Conference on Automated Software Engineering (ASE).","author":"Zhou Jiayuan","unstructured":"Jiayuan Zhou, Michael Pacheco, Zhiyuan Wan, Xin Xia, David Lo, Yuan Wang, and Ahmed E. Hassan. 2021. Finding A Needle in a Haystack: Automated Mining of Silent Vulnerability Fixes. In Proceedings of the IEEE\/ACM International Conference on Automated Software Engineering (ASE)."}],"event":{"name":"SecDev '26: 2026 ACM Secure Development Conference","location":"Montreal QC Canada","acronym":"SecDev '26","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 2026 ACM Secure Development Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3805773.3805995","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3805773.3805995","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T05:21:48Z","timestamp":1782883308000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3805773.3805995"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,6,30]]},"references-count":65,"alternative-id":["10.1145\/3805773.3805995","10.1145\/3805773"],"URL":"https:\/\/doi.org\/10.1145\/3805773.3805995","relation":{},"subject":[],"published":{"date-parts":[[2026,6,30]]},"assertion":[{"value":"2026-06-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}