{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T07:07:35Z","timestamp":1782889655695,"version":"3.54.5"},"publisher-location":"New York, NY, USA","reference-count":270,"publisher":"ACM","license":[{"start":{"date-parts":[[2026,6,30]],"date-time":"2026-06-30T00:00:00Z","timestamp":1782777600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"US Department of the Navy","award":["N00014-23-1-2563"],"award-info":[{"award-number":["N00014-23-1-2563"]}]},{"name":"Defense Advanced Research Projects Agency","award":["FA875019C0003"],"award-info":[{"award-number":["FA875019C0003"]}]},{"name":"National Science Foundation","award":["2247959"],"award-info":[{"award-number":["2247959"]}]},{"name":"National Science Foundation","award":["2247954"],"award-info":[{"award-number":["2247954"]}]},{"name":"National Science Foundation","award":["2442984"],"award-info":[{"award-number":["2442984"]}]},{"name":"Advanced Research Projects Agency for Health","award":["SP4701-23-C-0074"],"award-info":[{"award-number":["SP4701-23-C-0074"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,6,30]]},"DOI":"10.1145\/3805773.3805996","type":"proceedings-article","created":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T05:20:41Z","timestamp":1782883241000},"page":"57-73","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["SoK: A Modularized Framework for Symbolic Execution and Application for Usable Tool Design"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0484-3596","authenticated-orcid":false,"given":"James","family":"Mattei","sequence":"first","affiliation":[{"name":"Tufts University, Medford, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-6672-2986","authenticated-orcid":false,"given":"Andrew","family":"Lin","sequence":"additional","affiliation":[{"name":"Tufts University, Medford, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-6839-2305","authenticated-orcid":false,"given":"Jasper","family":"Geer","sequence":"additional","affiliation":[{"name":"University of British Columbia, Vancouver, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-3527-7396","authenticated-orcid":false,"given":"Jie","family":"Hu","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1630-1687","authenticated-orcid":false,"given":"Moritz","family":"Schloegel","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6424-0001","authenticated-orcid":false,"given":"Tiffany","family":"Bao","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9985-250X","authenticated-orcid":false,"given":"Daniel","family":"Votipka","sequence":"additional","affiliation":[{"name":"Tufts University, Medford, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2026,6,30]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"n. d.]. Supplemental Materials. https:\/\/osf.io\/p3r7m."},{"key":"e_1_3_2_1_2_1","unstructured":"2025. angr-management: The official angr GUI. https:\/\/github.com\/angr\/angrmanagement."},{"key":"e_1_3_2_1_3_1","unstructured":"2026. KLEE Symbolic Execution Engine. http:\/\/klee.github.io\/."},{"key":"e_1_3_2_1_4_1","volume-title":"Comparing the Usability of Cryptographic APIs. In IEEE Symposium on Security and Privacy (S&P).","author":"Acar Yasemin","year":"2017","unstructured":"Yasemin Acar, Michael Backes, Sascha Fahl, Simson Garfinkel, Doowon Kim, Michelle L Mazurek, and Christian Stransky. 2017. Comparing the Usability of Cryptographic APIs. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_5_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Acar Yasemin","year":"2016","unstructured":"Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L Mazurek, and Christian Stransky. 2016. You Get Where You're Looking for: The Impact of Information Sources on Code Security. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_6_1","volume-title":"Integrating Static and Dynamic Analysis for Detecting Vulnerabilities. In Annual International Computer Software and Applications Conference (COMPSAC). IEEE.","author":"Aggarwal Ashish","year":"2006","unstructured":"Ashish Aggarwal and Pankaj Jalote. 2006. Integrating Static and Dynamic Analysis for Detecting Vulnerabilities. In Annual International Computer Software and Applications Conference (COMPSAC). IEEE."},{"key":"e_1_3_2_1_7_1","volume-title":"Concolic Testing for Models of Statebased Systems. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE).","author":"Ahmadi Reza","year":"2019","unstructured":"Reza Ahmadi and Juergen Dingel. 2019. Concolic Testing for Models of Statebased Systems. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)."},{"key":"e_1_3_2_1_8_1","volume-title":"ACM Conference on Computer and Communications Security (CCS).","author":"Akon Mujtahid","year":"2023","unstructured":"Mujtahid Akon, Tianchang Yang, Yilu Dong, and Syed Rafiul Hussain. 2023. Formal Analysis of Access Control Mechanism of 5G Core Network. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_9_1","volume-title":"Pandora: Principled Symbolic Validation of Intel SGX Enclave Runtimes. In IEEE Symposium on Security and Privacy (S&P).","author":"Alder Fritz","year":"2024","unstructured":"Fritz Alder, Lesly-Ann Daniel, David Oswald, Frank Piessens, and Jo Van Bulck. 2024. Pandora: Principled Symbolic Validation of Intel SGX Enclave Runtimes. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_10_1","volume-title":"Playing in the Sandbox: A Study on the Usability of Seccomp. arXiv preprint arXiv:2506.10234","author":"Alhindi Maysara","year":"2025","unstructured":"Maysara Alhindi and Joseph Hallett. 2025. Playing in the Sandbox: A Study on the Usability of Seccomp. arXiv preprint arXiv:2506.10234 (2025)."},{"key":"e_1_3_2_1_11_1","volume-title":"NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications. In USENIX Security Symposium.","author":"Alhuzali Abeer","year":"2018","unstructured":"Abeer Alhuzali, Rigel Gjomemo, Birhanu Eshete, and V N Venkatakrishnan. 2018. NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications. In USENIX Security Symposium."},{"key":"e_1_3_2_1_12_1","volume-title":"Symposium on Usable Privacy and Security (SOUPS).","author":"Alomar Noura","year":"2020","unstructured":"Noura Alomar, Primal Wijesekera, Edward Qiu, and Serge Egelman. 2020. \"You've got your nice list of bugs, now what?\" Vulnerability Discovery and Management Processes in the Wild. In Symposium on Usable Privacy and Security (SOUPS)."},{"key":"e_1_3_2_1_13_1","volume-title":"Forecasting Malware Capabilities From Cyber Attack Memory Images. In USENIX Security Symposium.","author":"Alrawi Omar","year":"2021","unstructured":"Omar Alrawi, Moses Ike, Matthew Pruett, Ranjita Pai Kasturi, Srimanta Barua, Taleb Hirani, Brennan Hill, and Brendan Saltaformaggio. 2021. Forecasting Malware Capabilities From Cyber Attack Memory Images. In USENIX Security Symposium."},{"key":"e_1_3_2_1_14_1","volume-title":"Why Crypto-Detectors Fail: A Systematic Evaluation of Cryptographic Misuse Detection Techniques. In IEEE Symposium on Security and Privacy (S&P).","author":"Ami Amit Seal","year":"2022","unstructured":"Amit Seal Ami, Nathan Cooper, Kaushal Kafle, Kevin Moran, Denys Poshyvanyk, and Adwait Nadkarni. 2022. Why Crypto-Detectors Fail: A Systematic Evaluation of Cryptographic Misuse Detection Techniques. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_15_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Ami Amit Seal","year":"2024","unstructured":"Amit Seal Ami, Kevin Moran, Denys Poshyvanyk, and Adwait Nadkarni. 2024. False negative-that one is going to kill you\": Understanding Industry Perspectives of Static Analysis based Security Testing. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_16_1","volume-title":"International Conference on Software Engineering (ICSE).","author":"Aquino Andrea","year":"2017","unstructured":"Andrea Aquino, Giovanni Denaro, and Mauro Pezze. 2017. Heuristically Matching Solution Spaces of Arithmetic Formulas to Efficiently Reuse Solutions. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_17_1","volume-title":"International Conference on Availability, Reliability and Security (ARES).","author":"Ardi Shanai","year":"2007","unstructured":"Shanai Ardi, David Byers, Per Hakon Meland, Inger Anne Tondel, and Nahid Shahmehri. 2007. How Can the Developer Benefit from Security Modeling?. In International Conference on Availability, Reliability and Security (ARES)."},{"key":"e_1_3_2_1_18_1","volume-title":"Security in the Software Development Lifecycle. In Symposium on Usable Privacy and Security (SOUPS).","author":"Assal Hala","year":"2018","unstructured":"Hala Assal and Sonia Chiasson. 2018. Security in the Software Development Lifecycle. In Symposium on Usable Privacy and Security (SOUPS)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-"},{"key":"e_1_3_2_1_20_1","volume-title":"AEG: Automatic Exploit Generation. In Symposium on Network and Distributed System Security (NDSS).","author":"Avgerinos Thanassis","year":"2011","unstructured":"Thanassis Avgerinos, Sang Kil Cha, Brent Tze Hao Lim, and David Brumley. 2011. AEG: Automatic Exploit Generation. In Symposium on Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_21_1","volume-title":"Enhancing Symbolic Execution with Veritesting. In International Conference on Software Engineering (ICSE).","author":"Avgerinos Thanassis","year":"2014","unstructured":"Thanassis Avgerinos, Alexandre Rebert, Sang Kil Cha, and David Brumley. 2014. Enhancing Symbolic Execution with Veritesting. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2008.130"},{"key":"e_1_3_2_1_23_1","volume-title":"Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts. In IEEE Symposium on Security and Privacy (S&P).","author":"Babel Kushal","year":"2023","unstructured":"Kushal Babel, Philip Daian, Mahimna Kelkar, and Ari Juels. 2023. Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_24_1","volume-title":"Malware, Firmware, and Protocol Analysis. arXiv preprint arXiv:2508.06643","author":"Bailey Joshua","year":"2025","unstructured":"Joshua Bailey and Charles Nicholas. 2025. Symbolic Execution in Practice: A Survey of Applications in Vulnerability, Malware, Firmware, and Protocol Analysis. arXiv preprint arXiv:2508.06643 (2025)."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3182657"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1218063.1217943"},{"key":"e_1_3_2_1_27_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Bao Tiffany","year":"2017","unstructured":"Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, and David Brumley. 2017. Your Exploit is Mine: Automatic Shellcode Transplant for Remote Exploits. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_28_1","volume-title":"Grounded Copilot: How Programmers Interact with Code-Generating Models. In ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA).","author":"Barke Shraddha","year":"2023","unstructured":"Shraddha Barke, Michael B. James, and Nadia Polikarpova. 2023. Grounded Copilot: How Programmers Interact with Code-Generating Models. In ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA)."},{"key":"e_1_3_2_1_29_1","volume-title":"An Exploratory Study of Hardware Reverse Engineering -Technical and Cognitive Processes. In Symposium on Usable Privacy and Security (SOUPS).","author":"Becker Steffen","year":"2020","unstructured":"Steffen Becker, Carina Wiesen, Nils Albartus, Nikol Rummel, and Christof Paar. 2020. An Exploratory Study of Hardware Reverse Engineering -Technical and Cognitive Processes. In Symposium on Usable Privacy and Security (SOUPS)."},{"key":"e_1_3_2_1_30_1","volume-title":"International Conference on Software Engineering (ICSE).","author":"Beller Moritz","year":"2018","unstructured":"Moritz Beller, Niels Spruit, Diomidis Spinellis, and Andy Zaidman. 2018. On the Dichotomy of Debugging Behavior among Programmers. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","first-page":"e1722","DOI":"10.1002\/stvr.1722","article-title":"Memory Models in Symbolic Execution: Key Ideas and New Thoughts","volume":"29","author":"Borzacchiello Luca","year":"2019","unstructured":"Luca Borzacchiello, Emilio Coppa, Daniele Cono D'Elia, and Camil Demetrescu. 2019. Memory Models in Symbolic Execution: Key Ideas and New Thoughts. Software Testing, Verification and Reliability 29, 8 (2019), e1722.","journal-title":"Software Testing, Verification and Reliability"},{"key":"e_1_3_2_1_32_1","volume-title":"Handling Memory-Intensive Operations in Symbolic Execution. In Innovations in Software Engineering Conference. ACM.","author":"Borzacchiello Luca","year":"2022","unstructured":"Luca Borzacchiello, Emilio Coppa, and Camil Demetrescu. 2022. Handling Memory-Intensive Operations in Symbolic Execution. In Innovations in Software Engineering Conference. ACM."},{"key":"e_1_3_2_1_33_1","volume-title":"Daniele Cono D'Elia, and Camil Demetrescu","author":"Borzacchiello Luca","year":"2019","unstructured":"Luca Borzacchiello, Emilio Coppa, Daniele Cono D'Elia, and Camil Demetrescu. 2019. Reconstructing C2 Servers for Remote Access Trojans with Symbolic Execution. In Cyber Security, Cryptography and Machine Learning (Lecture Notes in Computer Science). Springer International Publishing."},{"key":"e_1_3_2_1_34_1","volume-title":"Symbolic Path Cost Analysis for Side-channel Detection. In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA).","author":"Brennan Tegan","unstructured":"Tegan Brennan, Seemanta Saha, Tevfik Bultan, and Corina S. P\u0103s\u0103reanu. 2018. Symbolic Path Cost Analysis for Side-channel Detection. In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)."},{"key":"e_1_3_2_1_35_1","volume-title":"CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation. In IEEE Symposium on Security and Privacy (S&P).","author":"Brotzman Robert","year":"2019","unstructured":"Robert Brotzman, Shen Liu, Danfeng Zhang, Gang Tan, and Mahmut Kandemir. 2019. CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_36_1","volume-title":"Sys: A Static\/Symbolic Tool for Finding Good Bugs in Good (Browser) Code. In USENIX Security Symposium.","author":"Brown Fraser","year":"2020","unstructured":"Fraser Brown, Deian Stefan, and Dawson Engler. 2020. Sys: A Static\/Symbolic Tool for Finding Good Bugs in Good (Browser) Code. In USENIX Security Symposium."},{"key":"e_1_3_2_1_37_1","volume-title":"Parallel Symbolic Execution for Automated Real-world Software Testing. In European Conference on Computer Systems (EuroSys). ACM.","author":"Bucur Stefan","year":"2011","unstructured":"Stefan Bucur, Vlad Ureche, Cristian Zamfir, and George Candea. 2011. Parallel Symbolic Execution for Automated Real-world Software Testing. In European Conference on Computer Systems (EuroSys). ACM."},{"key":"e_1_3_2_1_38_1","volume-title":"Redundant State Detection for Dynamic Symbolic Execution. In USENIX Annual Technical Conference (ATC).","author":"Bugrara Suhabe","year":"2013","unstructured":"Suhabe Bugrara and Dawson Engler. 2013. Redundant State Detection for Dynamic Symbolic Execution. In USENIX Annual Technical Conference (ATC)."},{"key":"e_1_3_2_1_39_1","volume-title":"Running Symbolic Execution Forever. In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA).","author":"Busse Frank","year":"2020","unstructured":"Frank Busse, Martin Nowack, and Cristian Cadar. 2020. Running Symbolic Execution Forever. In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)."},{"key":"e_1_3_2_1_40_1","volume-title":"Symbolic Execution for Software Testing in Practice. In International Conference on Software Engineering (ICSE).","author":"Cadar Cristian","year":"2011","unstructured":"Cristian Cadar, Patrice Godefroid, Sarfraz Khurshid, Corina S. P\u0103s\u0103reanu, Koushik Sen, Nikolai Tillmann, and Willem Visser. 2011. Symbolic Execution for Software Testing in Practice. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2408776.2408795"},{"key":"e_1_3_2_1_42_1","volume-title":"Designing Refactoring Tools for Developers. In Workshop on Refactoring Tools.","author":"Campbell Dustin","year":"2008","unstructured":"Dustin Campbell and Mark Miller. 2008. Designing Refactoring Tools for Developers. In Workshop on Refactoring Tools."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427280"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3101870"},{"key":"e_1_3_2_1_45_1","volume-title":"ACM\/IEEE International Conference on Automated Software Engineering (ASE).","author":"Cha Sooyoung","year":"2018","unstructured":"Sooyoung Cha, Seonho Lee, and Hakjoo Oh. 2018. Template-guided Concolic Testing via Online Learning. In ACM\/IEEE International Conference on Automated Software Engineering (ASE)."},{"key":"e_1_3_2_1_46_1","volume-title":"Concolic Testing with Adaptively Changing Search Heuristics. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE).","author":"Cha Sooyoung","year":"2019","unstructured":"Sooyoung Cha and Hakjoo Oh. 2019. Concolic Testing with Adaptively Changing Search Heuristics. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)."},{"key":"e_1_3_2_1_47_1","volume-title":"ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE).","author":"Cha Sooyoung","year":"2020","unstructured":"Sooyoung Cha and Hakjoo Oh. 2020. Making Symbolic Execution Promising by Learning Aggressive State-pruning Strategy. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)."},{"key":"e_1_3_2_1_48_1","volume-title":"Unleashing Mayhem on Binary Code. In IEEE Symposium on Security and Privacy (S&P).","author":"Cha Sang Kil","year":"2012","unstructured":"Sang Kil Cha, Thanassis Avgerinos, Alexandre Rebert, and David Brumley. 2012. Unleashing Mayhem on Binary Code. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_49_1","volume-title":"POPL","author":"Chang Stephen","year":"2017","unstructured":"Stephen Chang, Alex Knauth, and Emina Torlak. 2017. Symbolic Types for Lenient Symbolic Execution. ACM on Programming Languages 2, POPL (2017), 40:1-40:29."},{"key":"e_1_3_2_1_50_1","volume-title":"Constructing Grounded Theory: A Practical Guide through Qualitative Analysis","author":"Charmaz Kathy","unstructured":"Kathy Charmaz. 2006. Constructing Grounded Theory: A Practical Guide through Qualitative Analysis. Sage."},{"key":"e_1_3_2_1_51_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Chau Sze Yiu","year":"2017","unstructured":"Sze Yiu Chau, Omar Chowdhury, Endadul Hoque, Huangyi Ge, Aniket Kate, Cristina Nita-Rotaru, and Ninghui Li. 2017. SymCerts: Practical Symbolic Execution for Exposing Noncompliance in X.509 Certificate Validation Implementations. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_52_1","volume-title":"Symposium on Network and Distributed System Security (NDSS).","author":"Chau Sze Yiu","year":"2019","unstructured":"Sze Yiu Chau, Moosa Yahyazadeh, Omar Chowdhury, Aniket Kate, and Ninghui Li. 2019. Analyzing Semantic Correctness with Symbolic Execution: A Case Study on PKCS#1 v1.5 Signature Verification. In Symposium on Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_53_1","article-title":"Killing Stubborn Mutants with Symbolic Execution","volume":"30","author":"Chekam Thierry Titcheu","year":"2021","unstructured":"Thierry Titcheu Chekam, Mike Papadakis, Maxime Cordy, and Yves Le Traon. 2021. Killing Stubborn Mutants with Symbolic Execution. ACM Transactions on Software Engineering and Methodology 30, 2 (2021).","journal-title":"ACM Transactions on Software Engineering and Methodology"},{"key":"e_1_3_2_1_54_1","volume-title":"CRETE: A Versatile Binary-Level Concolic Testing Framework. In Fundamental Approaches to Software Engineering","author":"Chen Bo","year":"2018","unstructured":"Bo Chen, Christopher Havlicek, Zhenkun Yang, Kai Cong, Raghudeep Kannavara, and Fei Xie. 2018. CRETE: A Versatile Binary-Level Concolic Testing Framework. In Fundamental Approaches to Software Engineering. Springer International Publishing."},{"key":"e_1_3_2_1_55_1","volume-title":"USENIX Security Symposium.","author":"Chen Ju","year":"2022","unstructured":"Ju Chen, Wookhyun Han, Mingjun Yin, Haochen Zeng, Chengyu Song, Byoungyoung Lee, Heng Yin, and Insik Shin. 2022. SYMSAN: Time and Space Efficient Concolic Execution via Dynamic Data-flow Analysis. In USENIX Security Symposium."},{"key":"e_1_3_2_1_56_1","volume-title":"Control Flow-guided SMT Solving for Program Verification. In ACM\/IEEE International Conference on Automated Software Engineering (ASE).","author":"Chen Jianhui","year":"2018","unstructured":"Jianhui Chen and Fei He. 2018. Control Flow-guided SMT Solving for Program Verification. In ACM\/IEEE International Conference on Automated Software Engineering (ASE)."},{"key":"e_1_3_2_1_57_1","volume-title":"JIGSAW: Efficient and Scalable Path Constraints Fuzzing. In IEEE Symposium on Security and Privacy (S&P).","author":"Chen Ju","year":"2022","unstructured":"Ju Chen, Jinghan Wang, Chengyu Song, and Heng Yin. 2022. JIGSAW: Efficient and Scalable Path Constraints Fuzzing. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1290"},{"key":"e_1_3_2_1_59_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Chen Weiteng","year":"2024","unstructured":"Weiteng Chen, Yu Hao, Zheng Zhang, Xiaochen Zou, Dhilung Kirat, Shachee Mishra, Douglas Schales, Jiyong Jang, and Zhiyun Qian. 2024. SyzGen++: Dependency Inference for Augmenting Kernel Driver Fuzzing. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_60_1","volume-title":"WASAI: Uncovering Vulnerabilities in Wasm Smart Contracts. In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA).","author":"Chen Weimin","year":"2022","unstructured":"Weimin Chen, Zihan Sun, Haoyu Wang, Xiapu Luo, Haipeng Cai, and Lei Wu. 2022. WASAI: Uncovering Vulnerabilities in Wasm Smart Contracts. In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)."},{"key":"e_1_3_2_1_61_1","volume-title":"SAVIOR: Towards Bug-Driven Hybrid Testing. In IEEE Symposium on Security and Privacy (S&P).","author":"Chen Yaohui","year":"2020","unstructured":"Yaohui Chen, Peng Li, Jun Xu, Shengjian Guo, Rundong Zhou, Yulong Zhang, Taowei, and Long Lu. 2020. SAVIOR: Towards Bug-Driven Hybrid Testing. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_62_1","volume-title":"Synthesize Solving Strategy for Symbolic Execution. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE).","author":"Chen Zhenbang","year":"2021","unstructured":"Zhenbang Chen, Zehua Chen, Ziqi Shuai, Guofeng Zhang, Weiyu Pan, Yufeng Zhang, and Ji Wang. 2021. Synthesize Solving Strategy for Symbolic Execution. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/2110356.2110358"},{"key":"e_1_3_2_1_64_1","volume-title":"Intriguer: Field-Level Constraint Solving for Hybrid Fuzzing. In ACM Conference on Computer and Communications Security (CCS).","author":"Cho Mingi","year":"2019","unstructured":"Mingi Cho, Seoyoung Kim, and Taekyoung Kwon. 2019. Intriguer: Field-Level Constraint Solving for Hybrid Fuzzing. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_65_1","volume-title":"Grey- Box Concolic Testing on Binary Code. In International Conference on Software Engineering (ICSE).","author":"Choi Jaeseung","year":"2019","unstructured":"Jaeseung Choi, Joonun Jang, Choongwoo Han, and Sang Kil Cha. 2019. Grey- Box Concolic Testing on Binary Code. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_66_1","volume-title":"ACM\/IEEE International Conference on Automated Software Engineering (ASE).","author":"Christakis Maria","year":"2016","unstructured":"Maria Christakis and Christian Bird. 2016. What Developers Want and Need from Program Analysis: An Empirical Study. In ACM\/IEEE International Conference on Automated Software Engineering (ASE)."},{"key":"e_1_3_2_1_67_1","volume-title":"International Conference on Software Engineering (ICSE).","author":"Christakis Maria","year":"2016","unstructured":"Maria Christakis, Peter M\u00fcller, and Valentin W\u00fcstholz. 2016. Guiding Dynamic Symbolic Execution toward Unverified Program Executions. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_68_1","volume-title":"TeeRex: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves. In USENIX Security Symposium.","author":"Cloosters Tobias","year":"2020","unstructured":"Tobias Cloosters, Michael Rodler, and Lucas Davi. 2020. TeeRex: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves. In USENIX Security Symposium."},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/3452379"},{"key":"e_1_3_2_1_70_1","volume-title":"Rethinking Pointer Reasoning in Symbolic Execution. In ACM\/IEEE International Conference on Automated Software Engineering (ASE).","author":"Coppa Emilio","year":"2017","unstructured":"Emilio Coppa, Daniele Cono D'Elia, and Camil Demetrescu. 2017. Rethinking Pointer Reasoning in Symbolic Execution. In ACM\/IEEE International Conference on Automated Software Engineering (ASE)."},{"key":"e_1_3_2_1_71_1","volume-title":"SymFusion: Hybrid Instrumentation for Concolic Execution. In ACM\/IEEE International Conference on Automated Software Engineering (ASE).","author":"Coppa Emilio","year":"2022","unstructured":"Emilio Coppa, Heng Yin, and Camil Demetrescu. 2022. SymFusion: Hybrid Instrumentation for Concolic Execution. In ACM\/IEEE International Conference on Automated Software Engineering (ASE)."},{"key":"e_1_3_2_1_72_1","volume-title":"Inception: System-Wide Security Testing of Real-World Embedded Systems Software. In USENIX Security Symposium.","author":"Corteggiani Nassim","year":"2018","unstructured":"Nassim Corteggiani, Giovanni Camurati, and Aurelien Francillon. 2018. Inception: System-Wide Security Testing of Real-World Embedded Systems Software. In USENIX Security Symposium."},{"key":"e_1_3_2_1_73_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Daniel Lesly-Ann","year":"2020","unstructured":"Lesly-Ann Daniel, Sebastien Bardin, and Tamara Rezk. 2020. Binsec\/Rel: Efficient Relational Symbolic Execution for Constant-Time at Binary-Level. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_74_1","volume-title":"One Size Does Not Fit All: A Grounded Theory and Online Survey Study of Developer Preferences for Security Warning Types. In International Conference on Software Engineering (ICSE).","author":"Danilova Anastasia","year":"2020","unstructured":"Anastasia Danilova, Alena Naiakshina, and Matthew Smith. 2020. One Size Does Not Fit All: A Grounded Theory and Online Survey Study of Developer Preferences for Security Warning Types. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_75_1","volume-title":"On the Security Blind Spots of Software Composition Analysis. In Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses.","author":"Dietrich Jens","year":"2023","unstructured":"Jens Dietrich, Shawn Rasheed, Alexander Jordan, and Tim White. 2023. On the Security Blind Spots of Software Composition Analysis. In Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses."},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00180"},{"key":"e_1_3_2_1_77_1","article-title":"Gradual C0: Symbolic Execution for Gradual Verification","volume":"46","author":"DiVincenzo Jenna","year":"2025","unstructured":"Jenna DiVincenzo, Ian McCormack, Conrad Zimmerman, Hemant Gouni, Jacob Gorenburg, Jan-Paul Ramos-D\u00e1vila, Mona Zhang, Joshua Sunshine, \u00c9ric Tanter, and Jonathan Aldrich. 2025. Gradual C0: Symbolic Execution for Gradual Verification. ACM Transactions on Programming Languages and Systems 46, 4, Article 14 (2025), 57 pages.","journal-title":"ACM Transactions on Programming Languages and Systems"},{"key":"e_1_3_2_1_78_1","first-page":"835","article-title":"Why Do Software Developers Use Static Analysis Tools? A User-centered Study of Developer Needs and Motivations","volume":"48","author":"Quang Do Lisa Nguyen","year":"2020","unstructured":"Lisa Nguyen Quang Do, James R Wright, and Karim Ali. 2020. Why Do Software Developers Use Static Analysis Tools? A User-centered Study of Developer Needs and Motivations. IEEE Transactions on Software Engineering 48, 3 (2020), 835-847.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"e_1_3_2_1_79_1","volume-title":"International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE).","author":"Do T.A.","unstructured":"T.A. Do, Alvis Fong, and R. Pears. 2012. Dynamic Symbolic Execution Guided by Data Dependency Analysis for High Structural Coverage. In International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE)."},{"key":"e_1_3_2_1_80_1","volume-title":"Interactive Debugging and Steering of Multi-Agent AI Systems. In ACM CHI Conference on Human Factors in Computing Systems (CHI).","author":"Epperson Will","year":"2025","unstructured":"Will Epperson, Gagan Bansal, Victor C Dibia, Adam Fourney, Jack Gerrits, Erkang Zhu, and Saleema Amershi. 2025. Interactive Debugging and Steering of Multi-Agent AI Systems. In ACM CHI Conference on Human Factors in Computing Systems (CHI)."},{"key":"e_1_3_2_1_81_1","volume-title":"ACM Conference on Computer and Communications Security (CCS).","author":"Fahl Sascha","year":"2013","unstructured":"Sascha Fahl, Marian Harbach, Henning Perl, Markus Koetter, and Matthew Smith. 2013. Rethinking SSL Development in an Appified World. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1145\/3296979.3192395"},{"key":"e_1_3_2_1_83_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Ford Irina","year":"2024","unstructured":"Irina Ford, Ananta Soneji, Faris Bugra Kokulu, Jayakrishna Vadayath, Zion Leonahenahe Basque, Gaurav Vipat, Adam Doup\u00e9, Ruoyu Wang, Gail- Joon Ahn, Tiffany Bao, et al. 2024. \"Watching over the shoulder of a professional\": Why Hackers Make Mistakes and How They Fix Them. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_84_1","volume-title":"Part I: A Multi-language Platform for Symbolic Execution. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI).","author":"Santos Jos\u00e9 Fragoso","year":"2020","unstructured":"Jos\u00e9 Fragoso Santos, Petar Maksimovi\u0107, Sacha-Elie Ayoun, and Philippa Gardner. 2020. Gillian, Part I: A Multi-language Platform for Symbolic Execution. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)."},{"key":"e_1_3_2_1_85_1","volume-title":"ETHBMC: A Bounded Model Checker for Smart Contracts. In USENIX Security Symposium.","author":"Frank Joel","year":"2020","unstructured":"Joel Frank, Cornelius Aschermann, and Thorsten Holz. 2020. ETHBMC: A Bounded Model Checker for Smart Contracts. In USENIX Security Symposium."},{"key":"e_1_3_2_1_86_1","volume-title":"ACM CHI Conference on Human Factors in Computing Systems (CHI).","author":"Gathani Sneha","year":"2020","unstructured":"Sneha Gathani, Peter Lim, and Leilani Battle. 2020. Debugging Database Queries: A Survey of Tools, Techniques, and Users. In ACM CHI Conference on Human Factors in Computing Systems (CHI)."},{"key":"e_1_3_2_1_87_1","volume-title":"Symposium on Usable Privacy and Security (SOUPS).","author":"Geierhaas Lisa","year":"2022","unstructured":"Lisa Geierhaas, Anna-Marie Ortloff, Matthew Smith, and Alena Naiakshina. 2022. Let's Hash: Helping Developers with Password Security. In Symposium on Usable Privacy and Security (SOUPS)."},{"key":"e_1_3_2_1_88_1","volume-title":"DART: Directed Automated Random Testing. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI).","author":"Godefroid Patrice","year":"2005","unstructured":"Patrice Godefroid, Nils Klarlund, and Koushik Sen. 2005. DART: Directed Automated Random Testing. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)."},{"key":"e_1_3_2_1_89_1","volume-title":"ACM CHI Conference on Human Factors in Computing Systems (CHI).","author":"Gorski Peter Leo","year":"2020","unstructured":"Peter Leo Gorski, Yasemin Acar, Luigi Lo Iacono, and Sascha Fahl. 2020. Listen to Developers! A Participatory Design Study on Security Warnings for Cryptographic APIs. In ACM CHI Conference on Human Factors in Computing Systems (CHI)."},{"key":"e_1_3_2_1_90_1","volume-title":"Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse. In Symposium on Usable Privacy and Security (SOUPS).","author":"Gorski Peter Leo","year":"2018","unstructured":"Peter Leo Gorski, Luigi Lo Iacono, Dominik Wermke, Christian Stransky, Sebastian M\u00f6ller, Yasemin Acar, and Sascha Fahl. 2018. Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse. In Symposium on Usable Privacy and Security (SOUPS)."},{"key":"e_1_3_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2022.3175660"},{"key":"e_1_3_2_1_92_1","volume-title":"SYMBION: Interleaving Symbolic with Concrete Execution. In IEEE Conference on Communications and Network Security (CNS).","author":"Gritti Fabio","year":"2020","unstructured":"Fabio Gritti, Lorenzo Fontana, Eric Gustafson, Fabio Pagani, Andrea Continella, Christopher Kruegel, and Giovanni Vigna. 2020. SYMBION: Interleaving Symbolic with Concrete Execution. In IEEE Conference on Communications and Network Security (CNS)."},{"key":"e_1_3_2_1_93_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS48642.2020.9162164"},{"key":"e_1_3_2_1_94_1","volume-title":"International Conference on Software Engineering (ICSE).","author":"Guo Hui","year":"2020","unstructured":"Hui Guo and Cindy Rubio-Gonz\u00e1lez. 2020. Efficient Generation of Errorinducing Floating-point Inputs via Symbolic Execution. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_95_1","volume-title":"SpecuSym: Speculative Symbolic Execution for Cache Timing Leak Detection. In International Conference on Software Engineering (ICSE).","author":"Guo Shengjian","year":"2020","unstructured":"Shengjian Guo, Yueqi Chen, Peng Li, Yueqiang Cheng, Huibo Wang, Meng Wu, and Zhiqiang Zuo. 2020. SpecuSym: Speculative Symbolic Execution for Cache Timing Leak Detection. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_96_1","unstructured":"Shengjian Guo Meng Wu and Chao Wang. 2018. Adversarial Symbolic Execution for Detecting Concurrency-Related Cache Timing Leaks. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)."},{"key":"e_1_3_2_1_97_1","volume-title":"The SeaHorn Verification Framework. In International Conference on Computer- Aided Verification (CAV).","author":"Gurfinkel Arie","year":"2015","unstructured":"Arie Gurfinkel, Temesghen Kahsai, Anvesh Komuravelli, and Jorge Navas. 2015. The SeaHorn Verification Framework. In International Conference on Computer- Aided Verification (CAV)."},{"key":"e_1_3_2_1_98_1","volume-title":"USENIX Security Symposium.","author":"Haller Istvan","year":"2013","unstructured":"Istvan Haller, Asia Slowinska, Matthias Neugschwandtner, and Herbert Bos. 2013. Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations. In USENIX Security Symposium."},{"key":"e_1_3_2_1_99_1","volume-title":"QueryX: Symbolic Query on Decompiled Code for Finding Bugs in COTS Binaries. In IEEE Symposium on Security and Privacy (S&P).","author":"Han HyungSeok","year":"2023","unstructured":"HyungSeok Han, JeongOh Kyea, Yonghwi Jin, Jinoh Kang, Brian Pak, and Insu Yun. 2023. QueryX: Symbolic Query on Decompiled Code for Finding Bugs in COTS Binaries. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_100_1","unstructured":"Ahmed E Hassan Gustavo A Oliva Dayi Lin Boyuan Chen Zhen Ming et al. 2024. Rethinking Software Engineering in the Foundation Model Era: From Task-driven AI Copilots to Goal-driven AI Pair Programmers. arXiv preprint arXiv:2404.10225 (2024)."},{"key":"e_1_3_2_1_101_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Hassan Sk Adnan","year":"2023","unstructured":"Sk Adnan Hassan, Zainab Aamir, Dongyoon Lee, James C Davis, and Francisco Servant. 2023. Improving Developers' Understanding of Regex Denial of Service Tools through Anti-Patterns and Fix Strategies. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_102_1","doi-asserted-by":"publisher","DOI":"10.1080\/19312450709336664"},{"key":"e_1_3_2_1_103_1","volume-title":"ACM Conference on Computer and Communications Security (CCS).","author":"He Jingxuan","year":"2019","unstructured":"Jingxuan He, Mislav Balunovi\u0107, Nodar Ambroladze, Petar Tsankov, and Martin Vechev. 2019. Learning to Fuzz from Symbolic Execution with Application to Smart Contracts. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_104_1","volume-title":"FSE","author":"He Weigang","year":"2024","unstructured":"Weigang He, Peng Di, Mengli Ming, Chengyu Zhang, Ting Su, Shijie Li, and Yulei Sui. 2024. Finding and Understanding Defects in Static Analyzers by Constructing Automated Oracles. ACM on Software Engineering 1, FSE (2024), 1656- 1678."},{"key":"e_1_3_2_1_105_1","doi-asserted-by":"publisher","DOI":"10.1145\/3546943"},{"key":"e_1_3_2_1_106_1","volume-title":"USENIX Security Symposium.","author":"H\u00f6ltervennhoff Sandra","year":"2023","unstructured":"Sandra H\u00f6ltervennhoff, Philip Klostermeyer, Noah W\u00f6hler, Yasemin Acar, and Sascha Fahl. 2023. \"I wouldn't want my unsafe code to run my pacemaker\": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. In USENIX Security Symposium."},{"key":"e_1_3_2_1_107_1","volume-title":"Marco: A Stochastic Asynchronous Concolic Explorer. In International Conference on Software Engineering (ICSE).","author":"Hu Jie","year":"2024","unstructured":"Jie Hu, Yue Duan, and Heng Yin. 2024. Marco: A Stochastic Asynchronous Concolic Explorer. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_108_1","volume-title":"Pangolin: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction. In IEEE Symposium on Security and Privacy (S&P).","author":"Huang Heqing","year":"2020","unstructured":"Heqing Huang, Peisen Yao, Rongxin Wu, Qingkai Shi, and Charles Zhang. 2020. Pangolin: Incremental Hybrid Fuzzing with Polyhedral Path Abstraction. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_109_1","volume-title":"Finding Schedule-sensitive Branches. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE).","author":"Huang Jeff","year":"2015","unstructured":"Jeff Huang and Lawrence Rauchwerger. 2015. Finding Schedule-sensitive Branches. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)."},{"key":"e_1_3_2_1_110_1","volume-title":"Top of the Heap: Efficient Memory Error Protection of Safe Heap Objects. In ACM Conference on Computer and Communications Security (CCS).","author":"Huang Kaiming","year":"2024","unstructured":"Kaiming Huang, Mathias Payer, Zhiyun Qian, Jack Sampson, Gang Tan, and Trent Jaeger. 2024. Top of the Heap: Efficient Memory Error Protection of Safe Heap Objects. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_111_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Jancar Jan","year":"2022","unstructured":"Jan Jancar, Marcel Fourn\u00e9, Daniel De Almeida Braga, Mohamed Sabt, Peter Schwabe, Gilles Barthe, Pierre-Alain Fouque, and Yasemin Acar. 2022. \"They're not that hard to mitigate\": What Cryptographic Library Developers Think about Timing Attacks. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_112_1","volume-title":"ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA).","author":"Jia Xiangyang","year":"2015","unstructured":"Xiangyang Jia, Carlo Ghezzi, and Shi Ying. 2015. Enhancing Reuse of Constraint Solutions to Improve Symbolic Execution. In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)."},{"key":"e_1_3_2_1_113_1","volume-title":"PDiff: Semantic-based Patch Presence Testing for Downstream Kernels. In ACM Conference on Computer and Communications Security (CCS).","author":"Jiang Zheyue","year":"2020","unstructured":"Zheyue Jiang, Yuan Zhang, Jun Xu, Qi Wen, Zhenghe Wang, Xiaohan Zhang, Xinyu Xing, Min Yang, and Zhemin Yang. 2020. PDiff: Semantic-based Patch Presence Testing for Downstream Kernels. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_114_1","article-title":"Ex- Gen: Cross-platform, Automated Exploit Generation for Smart Contract Vulnerabilities","volume":"20","author":"Jin Ling","year":"2023","unstructured":"Ling Jin, Yinzhi Cao, Yan Chen, Di Zhang, and Simone Campanoni. 2023. Ex- Gen: Cross-platform, Automated Exploit Generation for Smart Contract Vulnerabilities. IEEE Transactions on Dependable and Secure Computing 20, 1 (2023).","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_2_1_115_1","volume-title":"International Conference on Software Engineering (ICSE).","author":"Johnson Brittany","year":"2013","unstructured":"Brittany Johnson, Yoonki Song, Emerson Murphy-Hill, and Robert Bowdidge. 2013. Why Don't Software Developers Use Static Analysis Tools to Find Bugs?. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_116_1","volume-title":"Jetset: Targeted Firmware Rehosting for Embedded Systems. In USENIX Security Symposium.","author":"Johnson Evan","year":"2021","unstructured":"Evan Johnson, Maxwell Bland, YiFei Zhu, Joshua Mason, Stephen Checkoway, Stefan Savage, and Kirill Levchenko. 2021. Jetset: Targeted Firmware Rehosting for Embedded Systems. In USENIX Security Symposium."},{"key":"e_1_3_2_1_117_1","volume-title":"Pending Constraints in Symbolic Execution for Better Exploration and Seeding. In ACM\/IEEE International Conference on Automated Software Engineering (ASE).","author":"Kapus Timotej","year":"2020","unstructured":"Timotej Kapus, Frank Busse, and Cristian Cadar. 2020. Pending Constraints in Symbolic Execution for Better Exploration and Seeding. In ACM\/IEEE International Conference on Automated Software Engineering (ASE)."},{"key":"e_1_3_2_1_118_1","volume-title":"ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE).","author":"Kapus Timotej","year":"2019","unstructured":"Timotej Kapus and Cristian Cadar. 2019. A Segmented Memory Model for Symbolic Execution. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)."},{"key":"e_1_3_2_1_119_1","volume-title":"An Investigation of Interaction and Information Needs for Protocol Reverse Engineering Automation. In ACM CHI Conference on Human Factors in Computing Systems (CHI).","author":"Katcher Samantha","year":"2025","unstructured":"Samantha Katcher, James Mattei, Jared Chandler, and Daniel Votipka. 2025. An Investigation of Interaction and Information Needs for Protocol Reverse Engineering Automation. In ACM CHI Conference on Human Factors in Computing Systems (CHI)."},{"key":"e_1_3_2_1_120_1","volume-title":"Marijn Janssen, Kevin Borgolte, and Tobias Fiebig.","author":"Kaur Mannat","year":"2021","unstructured":"Mannat Kaur, Michel Van Eeten, Marijn Janssen, Kevin Borgolte, and Tobias Fiebig. 2021. Human Factors in Security Research: Lessons Learned from 2008- 2018. arXiv preprint arXiv:2103.13287 (2021)."},{"key":"e_1_3_2_1_121_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Kek\u00fcll\u00fco\u011flu Dilara","year":"2023","unstructured":"Dilara Kek\u00fcll\u00fco\u011flu and Yasemin Acar. 2023. \"We are a startup to the core\": A qualitative interview study on the security and privacy development practices in Turkish software startups. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_122_1","volume-title":"ICFP","author":"Keuchel Steven","year":"2022","unstructured":"Steven Keuchel, Sander Huyghebaert, Georgy Lukyanov, and Dominique Devriese. 2022. Verified Symbolic Execution with Kripke Specification Monads (and no Meta-programming). ACM on Programming Languages 6, ICFP (2022)."},{"key":"e_1_3_2_1_123_1","volume-title":"Generalized Symbolic Execution for Model Checking and Testing. In Symposium on Tools and Algorithms for the Construction and Analysis of Systems (TACAS).","author":"Khurshid Sarfraz","year":"2003","unstructured":"Sarfraz Khurshid, Corina S. P\u0103s\u0103reanu, and Willem Visser. 2003. Generalized Symbolic Execution for Model Checking and Testing. In Symposium on Tools and Algorithms for the Construction and Analysis of Systems (TACAS)."},{"key":"e_1_3_2_1_124_1","volume-title":"HFL: Hybrid Fuzzing on the Linux Kernel. In Symposium on Network and Distributed System Security (NDSS).","author":"Kim Kyungtae","year":"2020","unstructured":"Kyungtae Kim, Dae R. Jeong, Chung Hwan Kim, Yeongjin Jang, Insik Shin, and Byoungyoung Lee. 2020. HFL: Hybrid Fuzzing on the Linux Kernel. In Symposium on Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_125_1","doi-asserted-by":"publisher","DOI":"10.1145\/360248.360252"},{"key":"e_1_3_2_1_126_1","volume-title":"Symposium on Usable Privacy and Security (SOUPS).","author":"Klymenko Alexandra","year":"2025","unstructured":"Alexandra Klymenko, Stephen Meisenbacher, Patrick Gage Kelley, Sai Teja Peddinti, Kurt Thomas, and Florian Matthes. 2025. \"We are not Future-ready\": Understanding AI Privacy Risks and Existing Mitigation Strategies from the Perspective of AI Developers in Europe. In Symposium on Usable Privacy and Security (SOUPS)."},{"key":"e_1_3_2_1_127_1","volume-title":"USENIX Security Symposium.","author":"Krause Alexander","year":"2025","unstructured":"Alexander Krause, Harjot Kaur, Jan H Klemmer, Oliver Wiese, and Sascha Fahl. 2025. \"That's my perspective from 30 years of doing this\": An Interview Study on Practices, Experiences, and Challenges of Updating Cryptographic Code. In USENIX Security Symposium."},{"key":"e_1_3_2_1_128_1","volume-title":"USENIX Security Symposium.","author":"Krause Alexander","year":"2023","unstructured":"Alexander Krause, Jan H Klemmer, Nicolas Huaman, Dominik Wermke, Yasemin Acar, and Sascha Fahl. 2023. Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secret Information in Source Code Repositories. In USENIX Security Symposium."},{"key":"e_1_3_2_1_129_1","volume-title":"CBMC: The C Bounded Model Checker","author":"Kroening Daniel","year":"2023","unstructured":"Daniel Kroening, Peter Schrammel, and Michael Tautschnig. 2023. CBMC: The C Bounded Model Checker. http:\/\/arxiv.org\/abs\/2302.02384 arXiv:2302.02384 [cs]."},{"key":"e_1_3_2_1_130_1","volume-title":"Effects of Explicit Feature Traceability on Program Comprehension. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE).","author":"Kr\u00fcger Jacob","year":"2019","unstructured":"Jacob Kr\u00fcger, G\u00fcl \u00c7al\u0131kl\u0131, Thorsten Berger, Thomas Leich, and Gunter Saake. 2019. Effects of Explicit Feature Traceability on Program Comprehension. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)."},{"key":"e_1_3_2_1_131_1","volume-title":"USENIX Security Symposium.","author":"Krupp Johannes","year":"2018","unstructured":"Johannes Krupp and Christian Rossow. 2018. teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts. In USENIX Security Symposium."},{"key":"e_1_3_2_1_132_1","volume-title":"Towards Symbolic Pointers Reasoning in Dynamic Symbolic Execution. In Ivannikov Memorial Workshop (IVMEM). IEEE.","author":"Kuts Daniil","year":"2021","unstructured":"Daniil Kuts. 2021. Towards Symbolic Pointers Reasoning in Dynamic Symbolic Execution. In Ivannikov Memorial Workshop (IVMEM). IEEE."},{"key":"e_1_3_2_1_133_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.2970422"},{"key":"e_1_3_2_1_134_1","volume-title":"On the Feasibility of Automated Built-in Function Modeling for PHP Symbolic Execution. In The Web Conference. ACM.","author":"Li Penghui","year":"2021","unstructured":"Penghui Li, Wei Meng, Kangjie Lu, and Changhua Luo. 2021. On the Feasibility of Automated Built-in Function Modeling for PHP Symbolic Execution. In The Web Conference. ACM."},{"key":"e_1_3_2_1_135_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Li Penghui","year":"2024","unstructured":"Penghui Li, Wei Meng, Mingxue Zhang, Chenlin Wang, and Changhua Luo. 2024. Holistic Concolic Execution for Dynamic Web Applications via Symbolic Interpreter Analysis. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_136_1","volume-title":"ACM\/IEEE International Conference on Automated Software Engineering (ASE).","author":"Li Xin","year":"2016","unstructured":"Xin Li, Yongjuan Liang, Hong Qian, Yi-Qi Hu, Lei Bu, Yang Yu, Xin Chen, and Xuandong Li. 2016. Symbolic Execution of Complex Program Driven by Machine Learning based Constraint Solving. In ACM\/IEEE International Conference on Automated Software Engineering (ASE)."},{"key":"e_1_3_2_1_137_1","volume-title":"ACM SIGPLAN Conference on Object- Oriented Programming Systems, Languages, and Applications (OOPSLA).","author":"Li You","year":"2013","unstructured":"You Li, Zhendong Su, Linzhang Wang, and Xuandong Li. 2013. Steering Symbolic Execution to Less Traveled Paths. In ACM SIGPLAN Conference on Object- Oriented Programming Systems, Languages, and Applications (OOPSLA)."},{"key":"e_1_3_2_1_138_1","doi-asserted-by":"crossref","unstructured":"Hongliang Liang Wenqing Yu Lu Ai and Lin Jiang. 2020. A Practical Concolic Execution Technique for Large Scale Software Systems. In Evaluation and Assessment in Software Engineering. ACM.","DOI":"10.1145\/3383219.3383254"},{"key":"e_1_3_2_1_139_1","volume-title":"International Conference on Software Engineering (ICSE).","author":"Liang Jenny T.","unstructured":"Jenny T. Liang, Maryam Arab, Minhyuk Ko, Amy J. Ko, and Thomas D. LaToza. 2023. A Qualitative Study on the Implementation Design Decisions of Developers. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_140_1","volume-title":"Symposium on Network and Distributed System Security (NDSS).","author":"Liang Zhengchuan","year":"2024","unstructured":"Zhengchuan Liang, Xiaochen Zou, Chengyu Song, and Zhiyun Qian. 2024. K- LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploits against the Linux Kernel. In Symposium on Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_141_1","volume-title":"USENIX Security Symposium.","author":"Lin Elizabeth","year":"2025","unstructured":"Elizabeth Lin, Sparsha Gowda, William Enck, and Dominik Wermke. 2025. Context Matters: Qualitative Insights into Developers' Approaches and Challenges with Software Composition Analysis. In USENIX Security Symposium."},{"key":"e_1_3_2_1_142_1","volume-title":"Debugging Techniques in Professional Programming. In Plateau Workshop.","author":"Liu Amanda","year":"2023","unstructured":"Amanda Liu and Michael Coblenz. 2023. Debugging Techniques in Professional Programming. In Plateau Workshop."},{"key":"e_1_3_2_1_143_1","volume-title":"Legion: Best-first Concolic Testing. In ACM\/IEEE International Conference on Automated Software Engineering (ASE).","author":"Liu Dongge","unstructured":"Dongge Liu, Gidon Ernst, Toby Murray, and Benjamin I. P. Rubinstein. 2020. Legion: Best-first Concolic Testing. In ACM\/IEEE International Conference on Automated Software Engineering (ASE)."},{"key":"e_1_3_2_1_144_1","volume-title":"Mousse: A System for Selective Symbolic Execution of Programs with Untamed Environments. In European Conference on Computer Systems (EuroSys). ACM.","author":"Liu Yingtong","year":"2020","unstructured":"Yingtong Liu, Hsin-Wei Hung, and Ardalan Amiri Sani. 2020. Mousse: A System for Selective Symbolic Execution of Programs with Untamed Environments. In European Conference on Computer Systems (EuroSys). ACM."},{"key":"e_1_3_2_1_145_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Liu Zhengyu","year":"2024","unstructured":"Zhengyu Liu, Kecheng An, and Yinzhi Cao. 2024. Undefined-oriented Programming: Detecting and Chaining Prototype Pollution Gadgets in Node.js Template Engines for Malicious Consequences. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_146_1","volume-title":"Sound Regular Expression Semantics for Dynamic Symbolic Execution of JavaScript. In ACM SIG- PLAN Conference on Programming Language Design and Implementation (PLDI).","author":"Loring Blake","year":"2019","unstructured":"Blake Loring, Duncan Mitchell, and Johannes Kinder. 2019. Sound Regular Expression Semantics for Dynamic Symbolic Execution of JavaScript. In ACM SIG- PLAN Conference on Programming Language Design and Implementation (PLDI)."},{"key":"e_1_3_2_1_147_1","volume-title":"ACM Conference on Computer and Communications Security (CCS).","author":"Luo Changhua","year":"2024","unstructured":"Changhua Luo, Penghui Li, Wei Meng, and Chao Zhang. 2024. Test Suites Guided Vulnerability Validation for Node.js Applications. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_148_1","volume-title":"ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE).","author":"Luo Lannan","year":"2014","unstructured":"Lannan Luo, Jiang Ming, Dinghao Wu, Peng Liu, and Sencun Zhu. 2014. Semantics-based Obfuscation-resilient Binary Code Similarity Comparison with Applications to Software Plagiarism Detection. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)."},{"key":"e_1_3_2_1_149_1","volume-title":"ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA).","author":"Luo Sicheng","year":"2021","unstructured":"Sicheng Luo, Hui Xu, Yanxiang Bi, Xin Wang, and Yangfan Zhou. 2021. Boosting Symbolic Execution via Constraint Solving Time Prediction (Experience Paper). In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)."},{"key":"e_1_3_2_1_150_1","volume-title":"Concurrency Debugging with Differential Schedule Projections. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI).","author":"Machado Nuno","year":"2015","unstructured":"Nuno Machado, Brandon Lucia, and Lu\u00eds Rodrigues. 2015. Concurrency Debugging with Differential Schedule Projections. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)."},{"key":"e_1_3_2_1_151_1","volume-title":"USENIX Security Symposium.","author":"Mantovani Alessandro","year":"2022","unstructured":"Alessandro Mantovani, Simone Aonzo, Yanick Fratantonio, and Davide Balzarotti. 2022. RE-Mind: A First Look inside the Mind of a Reverse Engineer. In USENIX Security Symposium."},{"key":"e_1_3_2_1_152_1","volume-title":"KATCH: High-coverage Testing of Software Patches. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE).","author":"Marinescu Paul Dan","year":"2013","unstructured":"Paul Dan Marinescu and Cristian Cadar. 2013. KATCH: High-coverage Testing of Software Patches. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)."},{"key":"e_1_3_2_1_153_1","volume-title":"Annual Computer Security Applications Conference (ACSAC).","author":"Mattei James","year":"2022","unstructured":"James Mattei, Madeline McLaughlin, Samantha Katcher, and Daniel Votipka. 2022. A Qualitative Evaluation of Reverse Engineering Tool Usability. In Annual Computer Security Applications Conference (ACSAC)."},{"key":"e_1_3_2_1_154_1","volume-title":"CSCW","author":"McDonald Nora","year":"2019","unstructured":"Nora McDonald, Sarita Schoenebeck, and Andrea Forte. 2019. Reliability and Inter-rater Reliability in Qualitative Research: Norms and Guidelines for CSCW and HCI Practice. ACM on Human-Computer Interaction 3, CSCW (2019), 1-23."},{"key":"e_1_3_2_1_155_1","volume-title":"Symbolic Execution with Existential Second-order Constraints. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE).","author":"Mechtaev Sergey","year":"2018","unstructured":"Sergey Mechtaev, Alberto Griggio, Alessandro Cimatti, and Abhik Roychoudhury. 2018. Symbolic Execution with Existential Second-order Constraints. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)."},{"key":"e_1_3_2_1_156_1","volume-title":"The Impact Of Bug Localization Based on Crash Report Mining: A Developers' Perspective. In International Conference on Software Engineering: Software Engineering in Practice.","author":"Medeiros Marcos","year":"2024","unstructured":"Marcos Medeiros, Uir\u00e1 Kulesza, Roberta Coelho, Rodrigo Bonif\u00e1cio, Christoph Treude, and Eiji Adachi Barbosa. 2024. The Impact Of Bug Localization Based on Crash Report Mining: A Developers' Perspective. In International Conference on Software Engineering: Software Engineering in Practice."},{"key":"e_1_3_2_1_157_1","volume-title":"LeanSym: Efficient Hybrid Fuzzing Through Conservative Constraint Debloating. In International Symposium on Research in Attacks, Intrusions and Defenses. ACM.","author":"Mi Xianya","year":"2021","unstructured":"Xianya Mi, Sanjay Rawat, Cristiano Giuffrida, and Herbert Bos. 2021. LeanSym: Efficient Hybrid Fuzzing Through Conservative Constraint Debloating. In International Symposium on Research in Attacks, Intrusions and Defenses. ACM."},{"key":"e_1_3_2_1_158_1","volume-title":"USENIX Security Symposium.","author":"Ming Jiang","year":"2017","unstructured":"Jiang Ming, Dongpeng Xu, Yufei Jiang, and Dinghao Wu. 2017. BinSim: Tracebased Semantic Binary Diffing via System Call Sliced Segment Equivalence Checking. In USENIX Security Symposium."},{"key":"e_1_3_2_1_159_1","volume-title":"Tell Me What Else You Have: Practitioners' Perception of ML-Based Security Tools and Explanations. In IEEE Symposium on Security and Privacy (S&P).","author":"Mink Jaron","year":"2023","unstructured":"Jaron Mink, Hadjer Benkraouda, Limin Yang, Arridhana Ciptadi, Ali Ahmadzadeh, Daniel Votipka, and Gang Wang. 2023. Everybody's Got ML, Tell Me What Else You Have: Practitioners' Perception of ML-Based Security Tools and Explanations. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_160_1","volume-title":"European Symposium on Usable Security.","author":"Mokhberi Azadeh","year":"2021","unstructured":"Azadeh Mokhberi and Konstantin Beznosov. 2021. SoK: Human, Organizational, and Technological Dimensions of Developers' Challenges in Engineering Secure Software. In European Symposium on Usable Security."},{"key":"e_1_3_2_1_161_1","volume-title":"Manticore: A User- Friendly Symbolic Execution Framework for Binaries and Smart Contracts. In ACM\/IEEE International Conference on Automated Software Engineering (ASE).","author":"Mossberg Mark","year":"2019","unstructured":"Mark Mossberg, Felipe Manzano, Eric Hennenfent, Alex Groce, Gustavo Grieco, Josselin Feist, Trent Brunson, and Artem Dinaburg. 2019. Manticore: A User- Friendly Symbolic Execution Framework for Binaries and Smart Contracts. In ACM\/IEEE International Conference on Automated Software Engineering (ASE)."},{"key":"e_1_3_2_1_162_1","volume-title":"Workshop on Binary Analysis Research (BAR).","author":"Muench Marius","year":"2018","unstructured":"Marius Muench, Dario Nisi, Aur\u00e9lien Francillon, and Davide Balzarotti. 2018. Avatar 2 : A Multi-Target Orchestration Platform. In Workshop on Binary Analysis Research (BAR)."},{"key":"e_1_3_2_1_163_1","volume-title":"Summers","author":"M\u00fcller Peter","year":"2016","unstructured":"Peter M\u00fcller, Malte Schwerhoff, and Alexander J. Summers. 2016. Automatic Verification of Iterated Separating Conjunctions Using Symbolic Execution. In"},{"key":"e_1_3_2_1_164_1","volume-title":"ACM CHI Conference on Human Factors in Computing Systems (CHI).","author":"Pl\u00f6ger Stephan","year":"2023","unstructured":"Stephan Pl\u00f6ger, Mischa Meier, and Matthew Smith. 2023. A Usability Evaluation of AFL and libFuzzer with CS Students. In ACM CHI Conference on Human Factors in Computing Systems (CHI)."},{"key":"e_1_3_2_1_165_1","volume-title":"Annual Computer Security Applications Conference (ACSAC).","author":"Poeplau Sebastian","year":"2019","unstructured":"Sebastian Poeplau and Aur\u00e9lien Francillon. 2019. Systematic Comparison of Symbolic Execution Systems: Intermediate Representation and its Generation. In Annual Computer Security Applications Conference (ACSAC)."},{"key":"e_1_3_2_1_166_1","volume-title":"USENIX Security Symposium.","author":"Poeplau Sebastian","year":"2020","unstructured":"Sebastian Poeplau and Aur\u00e9lien Francillon. 2020. Symbolic Execution with SymCC: Don't Interpret, Compile!. In USENIX Security Symposium."},{"key":"e_1_3_2_1_167_1","volume-title":"SymQEMU: Compilationbased Symbolic Execution for Binaries. In Symposium on Network and Distributed System Security (NDSS).","author":"Poeplau Sebastian","year":"2021","unstructured":"Sebastian Poeplau and Aur\u00e9lien Francillon. 2021. SymQEMU: Compilationbased Symbolic Execution for Binaries. In Symposium on Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_168_1","volume-title":"Hotspot Symbolic Execution of Floating-point Programs. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE).","author":"Quan Minghui","year":"2016","unstructured":"Minghui Quan. 2016. Hotspot Symbolic Execution of Floating-point Programs. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)."},{"key":"e_1_3_2_1_169_1","doi-asserted-by":"crossref","first-page":"106700","DOI":"10.1016\/j.infsof.2021.106700","article-title":"Challenges and Solutions when Adopting DevSecOps","volume":"141","author":"Rajapakse Roshan N","year":"2022","unstructured":"Roshan N Rajapakse, Mansooreh Zahedi, M Ali Babar, and Haifeng Shen. 2022. Challenges and Solutions when Adopting DevSecOps: A Systematic Review. Information and Software Technology 141 (2022), 106700.","journal-title":"A Systematic Review. Information and Software Technology"},{"key":"e_1_3_2_1_170_1","doi-asserted-by":"publisher","DOI":"10.5555\/AAI28120045"},{"key":"e_1_3_2_1_171_1","volume-title":"Usability and Security of Trusted Platform Module (TPM) Library APIs. In Symposium on Usable Privacy and Security (SOUPS).","author":"Rao Siddharth Prakash","year":"2022","unstructured":"Siddharth Prakash Rao, Gabriela Limonta, and Janne Lindqvist. 2022. Usability and Security of Trusted Platform Module (TPM) Library APIs. In Symposium on Usable Privacy and Security (SOUPS)."},{"key":"e_1_3_2_1_172_1","volume-title":"VUzzer: Application-aware Evolutionary Fuzzing. In Symposium on Network and Distributed System Security (NDSS).","author":"Rawat Sanjay","year":"2017","unstructured":"Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, and Herbert Bos. 2017. VUzzer: Application-aware Evolutionary Fuzzing. In Symposium on Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_173_1","volume-title":"ACM Conference on Computer and Communications Security (CCS).","author":"Roth Sebastian","year":"2021","unstructured":"Sebastian Roth, Lea Gr\u00f6ber, Michael Backes, Katharina Krombholz, and Ben Stock. 2021. 12 Angry Developers -A Qualitative Study on Developers' Struggles with CSP. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_174_1","volume-title":"USENIX Security Symposium.","author":"Roth Sebastian","year":"2024","unstructured":"Sebastian Roth, Lea Gr\u00f6ber, Philipp Baus, Katharina Krombholz, and Ben Stock. 2024. Trust Me If You Can-How Usable is Trusted Types in Practice?. In USENIX Security Symposium."},{"key":"e_1_3_2_1_175_1","volume-title":"Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic. In ACM SIGPLAN Conference on Certified Programs and Proofs.","author":"Reuben N.","unstructured":"Reuben N. S. Rowe and James Brotherston. 2017. Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic. In ACM SIGPLAN Conference on Certified Programs and Proofs."},{"key":"e_1_3_2_1_176_1","volume-title":"Symposium on Network and Distributed System Security (NDSS).","author":"Ruaro Nicola","year":"2024","unstructured":"Nicola Ruaro, Fabio Gritti, Robert McLaughlin, Ilya Grishchenko, Christopher Kruegel, and Giovanni Vigna. 2024. Not your Type! Detecting Storage Collision Vulnerabilities in Ethereum Smart Contracts. In Symposium on Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_177_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Ruaro Nicola","year":"2022","unstructured":"Nicola Ruaro, Fabio Pagani, Stefano Ortolani, Christopher Kruegel, and Giovanni Vigna. 2022. SYMBEXCEL: Automated Analysis and Understanding of Malicious Excel 4.0 Macros. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_178_1","volume-title":"SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning. In ACM International Conference Proceeding Series.","author":"Ruaro Nicola","year":"2021","unstructured":"Nicola Ruaro, Kyle Zeng, Lukas Dresel, Mario Polino, Tiffany Bao, Andrea Continella, Stefano Zanero, Christopher Kruegel, and Giovanni Vigna. 2021. SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning. In ACM International Conference Proceeding Series."},{"key":"e_1_3_2_1_179_1","doi-asserted-by":"crossref","unstructured":"Marcel Ruoff Brad A Myers and Alexander Maedche. 2022. ONYX -User Interfaces for Assisting in Interactive Task Learning for Natural Language Interfaces of Data Visualization Tools. In CHI Conference on Human Factors in Computing Systems Extended Abstracts.","DOI":"10.1145\/3491101.3519793"},{"key":"e_1_3_2_1_180_1","doi-asserted-by":"publisher","DOI":"10.1145\/3188720"},{"key":"e_1_3_2_1_181_1","volume-title":"USENIX Security Symposium.","author":"Saha Aakanksha","year":"2025","unstructured":"Aakanksha Saha, James Mattei, Jorge Blasco, Lorenzo Cavallaro, Daniel Votipka, and Martina Lindorfer. 2025. Expert Insights into Advanced Persistent Threats: Analysis, Attribution, and Challenges. In USENIX Security Symposium."},{"key":"e_1_3_2_1_182_1","volume-title":"IEEE Conference on Software Testing, Validation and Verification (ICST).","author":"Saumya Charitha","year":"2019","unstructured":"Charitha Saumya, Jinkyu Koo, Milind Kulkarni, and Saurabh Bagchi. 2019. XSTRESSOR: Automatic Generation of Large-Scale Worst-Case Test Inputs by Inferring Path Conditions. In IEEE Conference on Software Testing, Validation and Verification (ICST)."},{"key":"e_1_3_2_1_183_1","volume-title":"European Conference on Object-Oriented Programming (ECOOP).","author":"Schemmel Daniel","year":"2022","unstructured":"Daniel Schemmel, Julian B\u00fcning, Frank Busse, Martin Nowack, and Cristian Cadar. 2022. A Deterministic Memory Allocator for Dynamic Symbolic Execution. In European Conference on Object-Oriented Programming (ECOOP)."},{"key":"e_1_3_2_1_184_1","volume-title":"Symbolic Partial-Order Execution for Testing Multi-Threaded Programs. In International Conference on Computer-Aided Verification (CAV). Springer International Publishing.","author":"Schemmel Daniel","year":"2020","unstructured":"Daniel Schemmel, Julian B\u00fcning, C\u00e9sar Rodr\u00edguez, David Laprell, and Klaus Wehrle. 2020. Symbolic Partial-Order Execution for Testing Multi-Threaded Programs. In International Conference on Computer-Aided Verification (CAV). Springer International Publishing."},{"key":"e_1_3_2_1_185_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Schm\u00fcser Juliane","year":"2025","unstructured":"Juliane Schm\u00fcser, Philip Klostermeyer, Kay Friedrich, and Sascha Fahl. 2025. \"I'm pretty expert and I still screw it up\": Qualitative Insights into Experiences and Challenges of Designing and Implementing Cryptographic Library APIs. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_186_1","volume-title":"ACM CHI Conference on Human Factors in Computing Systems (CHI).","author":"Schoop Eldon","year":"2021","unstructured":"Eldon Schoop, Forrest Huang, and Bjoern Hartmann. 2021. Umlaut: Debugging Deep Learning Programs using Program Structure and Model Behavior. In ACM CHI Conference on Human Factors in Computing Systems (CHI)."},{"key":"e_1_3_2_1_187_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Schwartz Edward J","year":"2010","unstructured":"Edward J Schwartz, Thanassis Avgerinos, and David Brumley. 2010. All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask). In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_188_1","doi-asserted-by":"publisher","DOI":"10.21236\/ADA482657"},{"key":"e_1_3_2_1_189_1","volume-title":"ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE).","author":"Sen Koushik","year":"2015","unstructured":"Koushik Sen, George Necula, Liang Gong, and Wontae Choi. 2015. MultiSE: Multi-path Symbolic Execution using Value Summaries. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)."},{"key":"e_1_3_2_1_190_1","volume-title":"USENIX Security Symposium.","author":"Sharma Tanusree","year":"2023","unstructured":"Tanusree Sharma, Zhixuan Zhou, Andrew Miller, and Yang Wang. 2023. A Mixed-Methods Study of Security Practices of Smart Contract Developers. In USENIX Security Symposium."},{"key":"e_1_3_2_1_191_1","volume-title":"ACM Conference on Computer and Communications Security (CCS).","author":"Shi Qingkai","year":"2023","unstructured":"Qingkai Shi, Junyang Shao, Yapeng Ye, Mingwei Zheng, and Xiangyu Zhang. 2023. Lifting Network Protocol Implementation to Precise Format Specification with Security Applications. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_192_1","volume-title":"Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints. In Symposium on Network and Distributed System Security (NDSS).","author":"Shiqi Shen","year":"2019","unstructured":"Shen Shiqi, Shweta Shinde, Soundarya Ramesh, Abhik Roychoudhury, and Prateek Saxena. 2019. Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints. In Symposium on Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_193_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2018.1870858"},{"key":"e_1_3_2_1_194_1","volume-title":"Firmalice -Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware. In Symposium on Network and Distributed System Security (NDSS).","author":"Shoshitaishvili Yan","year":"2015","unstructured":"Yan Shoshitaishvili, Ruoyu Wang, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. 2015. Firmalice -Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware. In Symposium on Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_195_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"e_1_3_2_1_196_1","volume-title":"Type and Interval Aware Array Constraint Solving for Symbolic Execution. In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA).","author":"Shuai Ziqi","year":"2021","unstructured":"Ziqi Shuai, Zhenbang Chen, Yufeng Zhang, Jun Sun, and Ji Wang. 2021. Type and Interval Aware Array Constraint Solving for Symbolic Execution. In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)."},{"key":"e_1_3_2_1_197_1","volume-title":"ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE).","author":"Sillito Jonathan","year":"2006","unstructured":"Jonathan Sillito, Gail C Murphy, and Kris De Volder. 2006. Questions Programmers Ask during Software Evolution Tasks. In ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE)."},{"key":"e_1_3_2_1_198_1","volume-title":"ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE).","author":"Smith Justin","year":"2015","unstructured":"Justin Smith, Brittany Johnson, Emerson Murphy-Hill, Bill Chu, and Heather Richter Lipford. 2015. Questions Developers Ask while Diagnosing Potential Security Vulnerabilities with Static Analysis. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)."},{"key":"e_1_3_2_1_199_1","volume-title":"IEEE Symposium on Visual Languages and Human-Centric Computing (VL\/HCC).","author":"Smith Justin","year":"2020","unstructured":"Justin Smith, Christopher Theisen, and Titus Barik. 2020. A Case Study of Software Security Red Teams at Microsoft. In IEEE Symposium on Visual Languages and Human-Centric Computing (VL\/HCC)."},{"key":"e_1_3_2_1_200_1","volume-title":"USENIX Security Symposium.","author":"So Sunbeom","year":"2021","unstructured":"Sunbeom So, Seongjoon Hong, and Hakjoo Oh. 2021. SMARTEST: Effectively Hunting Vulnerable Transaction Sequences in Smart Contracts through Language Model-Guided Symbolic Execution. In USENIX Security Symposium."},{"key":"e_1_3_2_1_201_1","volume-title":"Yevhen Mohylevskyy, Roshanak Zilouchian Moghaddam, and Wei Le.","author":"Steenhoek Benjamin","year":"2024","unstructured":"Benjamin Steenhoek, Kalpathy Sivaraman, Renata Saldivar Gonzalez, Yevhen Mohylevskyy, Roshanak Zilouchian Moghaddam, and Wei Le. 2024. Closing the Gap: A User Study on the Real-world Usefulness of AI-powered Vulnerability Detection & Repair in the IDE. arXiv preprint arXiv:2412.14306 (2024)."},{"key":"e_1_3_2_1_202_1","volume-title":"Driller: Augmenting Fuzzing Through Selective Symbolic Execution. In Symposium on Network and Distributed System Security (NDSS).","author":"Stephens Nick","year":"2016","unstructured":"Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2016. Driller: Augmenting Fuzzing Through Selective Symbolic Execution. In Symposium on Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_203_1","volume-title":"Basics of Qualitative Research","author":"Strauss Anselm","unstructured":"Anselm Strauss and Juliet Corbin. 1990. Basics of Qualitative Research. Vol. 15. Newbury Park, CA: Sage."},{"key":"e_1_3_2_1_204_1","volume-title":"Concolic Testing for Deep Neural Networks. In ACM\/IEEE International Conference on Automated Software Engineering (ASE).","author":"Sun Youcheng","year":"2018","unstructured":"Youcheng Sun, Min Wu, Wenjie Ruan, Xiaowei Huang, Marta Kwiatkowska, and Daniel Kroening. 2018. Concolic Testing for Deep Neural Networks. In ACM\/IEEE International Conference on Automated Software Engineering (ASE)."},{"key":"e_1_3_2_1_205_1","volume-title":"ACM\/IEEE International Conference on Automated Software Engineering (ASE).","author":"Sung Chungha","year":"2018","unstructured":"Chungha Sung, Brandon Paulsen, and Chao Wang. 2018. CANAL: A Cache Timing Analysis Framework via LLVM Transformation. In ACM\/IEEE International Conference on Automated Software Engineering (ASE)."},{"key":"e_1_3_2_1_206_1","volume-title":"IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).","author":"Tahaei Mohammad","year":"2019","unstructured":"Mohammad Tahaei and Kami Vaniea. 2019. A Survey on Developer-Centred Security. In IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)."},{"key":"e_1_3_2_1_207_1","volume-title":"ACM CHI Conference on Human Factors in Computing Systems (CHI).","author":"Tahaei Mohammad","year":"2021","unstructured":"Mohammad Tahaei, Kami Vaniea, Konstantin Beznosov, and Maria K Wolters. 2021. Security Notifications in Static Analysis Tools: Developers' Attitudes, Comprehension, and Ability to Act on Them. In ACM CHI Conference on Human Factors in Computing Systems (CHI)."},{"key":"e_1_3_2_1_208_1","volume-title":"An Empirical Study of Developer Behaviors for Validating and Repairing AI-generated Code. In Workshop on the Intersection of HCI and PL.","author":"Tang Ningzhi","year":"2023","unstructured":"Ningzhi Tang, Meng Chen, Zheng Ning, Aakash Bansal, Yu Huang, Collin McMillan, and T Li. 2023. An Empirical Study of Developer Behaviors for Validating and Repairing AI-generated Code. In Workshop on the Intersection of HCI and PL."},{"key":"e_1_3_2_1_209_1","volume-title":"IEEE Symposium on Visual Languages and Human-Centric Computing (VL\/HCC).","author":"Thomas Tyler","year":"2015","unstructured":"Tyler Thomas, Bill Chu, Heather Lipford, Justin Smith, and Emerson Murphy- Hill. 2015. A Study of Interactive Code Annotation for Access Control Vulnerabilities. In IEEE Symposium on Visual Languages and Human-Centric Computing (VL\/HCC)."},{"key":"e_1_3_2_1_210_1","volume-title":"Symposium on Usable Privacy and Security (SOUPS).","author":"Thomas Tyler W","year":"2016","unstructured":"Tyler W Thomas, Heather Lipford, Bill Chu, Justin Smith, and Emerson Murphy-Hill. 2016. What Questions Remain? An Examination of how Developers Understand an Interactive Static Analysis Tool. In Symposium on Usable Privacy and Security (SOUPS)."},{"key":"e_1_3_2_1_211_1","volume-title":"USENIX Security Symposium.","author":"Thompson Ronald E.","year":"2024","unstructured":"Ronald E. Thompson, Madline McLaughlin, Carson Powers, and Daniel Votipka. 2024. \"There are rabbit holes I want to go down that I'm not allowed to go down\": An Investigation of Security Expert Threat Modeling Practices for Medical Devices. In USENIX Security Symposium."},{"key":"e_1_3_2_1_212_1","volume-title":"ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE).","author":"Trabish David","year":"2021","unstructured":"David Trabish, Shachar Itzhaky, and Noam Rinetzky. 2021. A Bounded Symbolic-size Model for Symbolic Execution. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)."},{"key":"e_1_3_2_1_213_1","volume-title":"Pastsensitive Pointer Analysis for Symbolic Execution. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE).","author":"Trabish David","year":"2020","unstructured":"David Trabish, Timotej Kapus, Noam Rinetzky, and Cristian Cadar. 2020. Pastsensitive Pointer Analysis for Symbolic Execution. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)."},{"key":"e_1_3_2_1_214_1","volume-title":"Chopped Symbolic Execution. In International Conference on Software Engineering (ICSE).","author":"Trabish David","year":"2018","unstructured":"David Trabish, Andrea Mattavelli, Noam Rinetzky, and Cristian Cadar. 2018. Chopped Symbolic Execution. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_215_1","volume-title":"Relocatable Addressing Model for Symbolic Execution. In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA).","author":"Trabish David","year":"2020","unstructured":"David Trabish and Noam Rinetzky. 2020. Relocatable Addressing Model for Symbolic Execution. In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)."},{"key":"e_1_3_2_1_216_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-023-10411-x"},{"key":"e_1_3_2_1_217_1","volume-title":"IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER).","author":"Vassallo Carmine","year":"2018","unstructured":"Carmine Vassallo, Sebastiano Panichella, Fabio Palomba, Sebastian Proksch, Andy Zaidman, and Harald C Gall. 2018. Context is King: The Developer Perspective on the Usage of Static Analysis Tools. In IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)."},{"key":"e_1_3_2_1_218_1","volume-title":"Sydr: Cutting Edge Dynamic Symbolic Execution. In Ivannikov Ispras Open Conference (ISPRAS). IEEE.","author":"Vishnyakov Alexey","year":"2020","unstructured":"Alexey Vishnyakov, Andrey Fedotov, Daniil Kuts, Alexander Novikov, Darya Parygina, Eli Kobrin, Vlada Logunova, Pavel Belecky, and Shamil Kurmangaleev. 2020. Sydr: Cutting Edge Dynamic Symbolic Execution. In Ivannikov Ispras Open Conference (ISPRAS). IEEE."},{"key":"e_1_3_2_1_219_1","volume-title":"Sydr-Fuzz: Continuous Hybrid Fuzzing and Dynamic Analysis for Security Development Lifecycle. In Ivannikov Ispras Open Conference (ISPRAS).","author":"Vishnyakov Alexey","year":"2022","unstructured":"Alexey Vishnyakov, Daniil Kuts, Vlada Logunova, Darya Parygina, Eli Kobrin, Georgy Savidov, and Andrey Fedotov. 2022. Sydr-Fuzz: Continuous Hybrid Fuzzing and Dynamic Analysis for Security Development Lifecycle. In Ivannikov Ispras Open Conference (ISPRAS)."},{"key":"e_1_3_2_1_220_1","volume-title":"Symbolic Security Predicates: Hunt Program Weaknesses. In Ivannikov Ispras Open Conference (ISPRAS).","author":"Vishnyakov Alexey","year":"2021","unstructured":"Alexey Vishnyakov, Vlada Logunova, Eli Kobrin, Daniil Kuts, Darya Parygina, and Andrey Fedotov. 2021. Symbolic Security Predicates: Hunt Program Weaknesses. In Ivannikov Ispras Open Conference (ISPRAS)."},{"key":"e_1_3_2_1_221_1","volume-title":"Fix It. In USENIX Security Symposium.","author":"Votipka Daniel","year":"2020","unstructured":"Daniel Votipka, Kelsey R Fulton, James Parker, Matthew Hou, Michelle L Mazurek, and Michael Hicks. 2020. Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It. In USENIX Security Symposium."},{"key":"e_1_3_2_1_222_1","volume-title":"An Observational Investigation of Reverse Engineers' Processes. In USENIX Security Symposium.","author":"Votipka Daniel","unstructured":"Daniel Votipka, Seth Rabin, Kristopher Micinski, Jeffrey S. Foster, and Michelle L. Mazurek. 2020. An Observational Investigation of Reverse Engineers' Processes. In USENIX Security Symposium."},{"key":"e_1_3_2_1_223_1","volume-title":"Testers: A Comparison of Software Vulnerability Discovery Processes. In IEEE Symposium on Security and Privacy (S&P).","author":"Votipka Daniel","year":"2018","unstructured":"Daniel Votipka, Rock Stevens, Elissa Redmiles, Jeremy Hu, and Michelle Mazurek. 2018. Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_224_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3385897","article-title":"KLEESpectre: Detecting Information Leakage through Speculative Cache Attacks via Symbolic Execution","volume":"29","author":"Wang Guanhua","year":"2020","unstructured":"Guanhua Wang, Sudipta Chattopadhyay, Arnab Kumar Biswas, Tulika Mitra, and Abhik Roychoudhury. 2020. KLEESpectre: Detecting Information Leakage through Speculative Cache Attacks via Symbolic Execution. ACM Transactions on Software Engineering and Methodology 29, 3 (2020), 1-31.","journal-title":"ACM Transactions on Software Engineering and Methodology"},{"key":"e_1_3_2_1_225_1","volume-title":"ACM Conference on Computer and Communications Security (CCS).","author":"Wang Yuanpeng","year":"2023","unstructured":"Yuanpeng Wang, Ziqi Zhang, Ningyu He, Zhineng Zhong, Shengjian Guo, Qinkun Bao, Ding Li, Yao Guo, and Xiangqun Chen. 2023. SymGX: Detecting Cross-boundary Pointer Vulnerabilities of SGX Applications via Static Symbolic Execution. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_226_1","volume-title":"SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery. In Symposium on Network and Distributed System Security (NDSS).","author":"Wang Zhongjie","unstructured":"Zhongjie Wang, Shitong Zhu, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy, Kevin S. Chan, and Tracy D. Braun. 2020. SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery. In Symposium on Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_227_1","volume-title":"Compiling Parallel Symbolic Execution with Continuations. In International Conference on Software Engineering (ICSE).","author":"Wei Guannan","year":"2023","unstructured":"Guannan Wei, Songlin Jia, Ruiqi Gao, Haotian Deng, Shangyin Tan, Oliver Bra\u010devac, and Tiark Rompf. 2023. Compiling Parallel Symbolic Execution with Continuations. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_228_1","volume-title":"Comparing and Contrasting Expert Views. In Symposium on Usable Privacy and Security (SOUPS).","author":"Weir Charles","year":"2016","unstructured":"Charles Weir, Awais Rashid, and James Noble. 2016. How to Improve the Security Skills of Mobile App Developers? Comparing and Contrasting Expert Views. In Symposium on Usable Privacy and Security (SOUPS)."},{"key":"e_1_3_2_1_229_1","volume-title":"ACM Conference on Computer and Communications Security (CCS).","author":"Wen Hongbo","year":"2024","unstructured":"Hongbo Wen, Hanzhi Liu, Jiaxin Song, Yanju Chen, Wenbo Guo, and Yu Feng. 2024. FORAY: Towards Effective Attack Synthesis against Deep Logical Vulnerabilities in DeFi Protocols. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_230_1","volume-title":"Intelligent Constraint Classification for Symbolic Execution. In IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER).","author":"Wen Junye","year":"2023","unstructured":"Junye Wen, Tarek Mahmud, Meiru Che, Yan Yan, and Guowei Yang. 2023. Intelligent Constraint Classification for Symbolic Execution. In IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)."},{"key":"e_1_3_2_1_231_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Wermke Dominik","year":"2022","unstructured":"Dominik Wermke, Noah W\u00f6hler, Jan H Klemmer, Marcel Fourn\u00e9, Yasemin Acar, and Sascha Fahl. 2022. Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_232_1","volume-title":"Technical and Personal Factors Influencing Developers' Adoption of Security Tools. In ACM Workshop on Security Information Workers.","author":"Witschey Jim","year":"2014","unstructured":"Jim Witschey, Shundan Xiao, and Emerson Murphy-Hill. 2014. Technical and Personal Factors Influencing Developers' Adoption of Security Tools. In ACM Workshop on Security Information Workers."},{"key":"e_1_3_2_1_233_1","volume-title":"DASE: Document-Assisted Symbolic Execution for Improving Automated Software Testing. In International Conference on Software Engineering (ICSE).","author":"Wong Edmund","year":"2015","unstructured":"Edmund Wong, Lei Zhang, Song Wang, Taiyue Liu, and Lin Tan. 2015. DASE: Document-Assisted Symbolic Execution for Improving Automated Software Testing. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_234_1","volume-title":"Symposium on Usable Privacy and Security (SOUPS).","author":"Wong Miuyin Yong","year":"2024","unstructured":"Miuyin Yong Wong, Matthew Landen, Frank Li, Fabian Monrose, and Mustaque Ahamad. 2024. Comparing Malware Evasion Theory with Practice: Results from Interviews with Expert Analysts. In Symposium on Usable Privacy and Security (SOUPS)."},{"key":"e_1_3_2_1_235_1","volume-title":"ACM CHI Conference on Human Factors in Computing Systems (CHI).","author":"Wong Novia","unstructured":"Novia Wong, Nai-Yu Cheng, Bruna Oewel, Katherine E Genuario, SarahElizabeth Stoeckl, Stephen M Schueller, Iftekhar Ahmed, Andr\u00e9 van der Hoek, and Madhu Reddy. 2025. 'It's a spectrum': Exploring Autonomy, Competence, and Relatedness in Software Development Processes and Tools. In ACM CHI Conference on Human Factors in Computing Systems (CHI)."},{"key":"e_1_3_2_1_236_1","volume-title":"Symposium on Network and Distributed System Security (NDSS).","author":"Wu Hongwei","year":"2025","unstructured":"Hongwei Wu, Jianliang Wu, Ruoyu Wu, Ayushi Sharma, Aravind Machiry, and Antonio Bianchi. 2025. VeriBin: Adaptive Verification of Patches at the Binary Level. In Symposium on Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_237_1","volume-title":"International Conference on Software Engineering (ICSE).","author":"Wu Mingyuan","year":"2024","unstructured":"Mingyuan Wu, Jiahong Xiang, Kunqiu Chen, Peng Di, Shin Hwei Tan, Heming Cui, and Yuqun Zhang. 2024. Tumbling Down the Rabbit Hole: How do Assisting Exploration Strategies Facilitate Grey-box Fuzzing?. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_238_1","volume-title":"FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities. In USENIX Security Symposium.","author":"Wu Wei","year":"2018","unstructured":"Wei Wu, Yueqi Chen, Jun Xu, Xinyu Xing, Xiaorui Gong, and Wei Zou. 2018. FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities. In USENIX Security Symposium."},{"key":"e_1_3_2_1_239_1","volume-title":"Accurate and Efficient Recurring Vulnerability Detection for IoT Firmware. In ACM Conference on Computer and Communications Security (CCS).","author":"Xiao Haoyu","year":"2024","unstructured":"Haoyu Xiao, Yuan Zhang, Minghang Shen, Chaoyang Lin, Can Zhang, Shengli Liu, and Min Yang. 2024. Accurate and Efficient Recurring Vulnerability Detection for IoT Firmware. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_240_1","volume-title":"ASIDE: IDE Support for Web Application Security. In Annual Computer Security Applications Conference (ACSAC).","author":"Xie Jing","year":"2011","unstructured":"Jing Xie, Bill Chu, Heather Richter Lipford, and John Melton. 2011. ASIDE: IDE Support for Web Application Security. In Annual Computer Security Applications Conference (ACSAC)."},{"key":"e_1_3_2_1_241_1","volume-title":"IEEE Symposium on Visual Languages and Human Centric Computing (VL\/HCC).","author":"Xie Jing","year":"2011","unstructured":"Jing Xie, Heather Richter Lipford, and Bill Chu. 2011. Why Do Programmers Make Security Errors?. In IEEE Symposium on Visual Languages and Human Centric Computing (VL\/HCC)."},{"key":"e_1_3_2_1_242_1","unstructured":"XMUsuny. 2025. Symbolic Execution Papers. https:\/\/github.com\/XMUsuny\/ symbolic-execution-papers Accessed: 2025-04-08."},{"key":"e_1_3_2_1_243_1","article-title":"Benchmarking the Capability of Symbolic Execution Tools with Logic Bombs","volume":"17","author":"Xu Hui","year":"2020","unstructured":"Hui Xu, Zirui Zhao, Yangfan Zhou, and Michael R. Lyu. 2020. Benchmarking the Capability of Symbolic Execution Tools with Logic Bombs. IEEE Transactions on Dependable and Secure Computing 17, 6 (2020).","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_2_1_244_1","volume-title":"Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels. In IEEE Symposium on Security and Privacy (S&P).","author":"Xu Meng","year":"2018","unstructured":"Meng Xu, Chenxiong Qian, Kangjie Lu, Michael Backes, and Taesoo Kim. 2018. Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_245_1","volume-title":"Symbolic Execution of Obfuscated Code. In ACM Conference on Computer and Communications Security (CCS).","author":"Yadegari Babak","year":"2015","unstructured":"Babak Yadegari and Saumya Debray. 2015. Symbolic Execution of Obfuscated Code. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_246_1","volume-title":"Automated Bug Hunting with Data-driven Symbolic Root Cause Analysis. In ACM Conference on Computer and Communications Security (CCS).","author":"Yagemann Carter","year":"2021","unstructured":"Carter Yagemann, Simon P Chung, Brendan Saltaformaggio, and Wenke Lee. 2021. Automated Bug Hunting with Data-driven Symbolic Root Cause Analysis. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_247_1","volume-title":"ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems. In USENIX Security Symposium.","author":"Yagemann Carter","year":"2021","unstructured":"Carter Yagemann, Matthew Pruett, Simon P Chung, Kennon Bittick, Brendan Saltaformaggio, and Wenke Lee. 2021. ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems. In USENIX Security Symposium."},{"key":"e_1_3_2_1_248_1","volume-title":"Collaborative Work in Malware Analysis: Understanding the Roles and Challenges of Malware Analysts. In ACM CHI Conference on Human Factors in Computing Systems (CHI).","author":"Yamagishi Rei","unstructured":"Rei Yamagishi, Shota Fujii, Shingo Yasuda, Takayuki Sato, and Ayako A. Hasegawa. 2025. Collaborative Work in Malware Analysis: Understanding the Roles and Challenges of Malware Analysts. In ACM CHI Conference on Human Factors in Computing Systems (CHI)."},{"key":"e_1_3_2_1_249_1","volume-title":"A Synergistic Approach to Improving Symbolic Execution using Test Ranges. Innovations in Systems and Software Engineering 15, 3","author":"Yang Guowei","year":"2019","unstructured":"Guowei Yang, Rui Qiu, Sarfraz Khurshid, Corina S. P\u0103s\u0103reanu, and Junye Wen. 2019. A Synergistic Approach to Improving Symbolic Execution using Test Ranges. Innovations in Systems and Software Engineering 15, 3 (2019)."},{"key":"e_1_3_2_1_250_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Yao Mingxuan","year":"2024","unstructured":"Mingxuan Yao, Runze Zhang, Haichuan Xu, Shih-Huan Chou, Varun Chowdhary Paturi, Amit Kumar Sikder, and Brendan Saltaformaggio. 2024. Pulling off the Mask: Forensic Analysis of the Deceptive Creator Wallets behind Smart Contract Fraud. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_251_1","volume-title":"Fast Bitvector Satisfiability. In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA).","author":"Yao Peisen","year":"2020","unstructured":"Peisen Yao, Qingkai Shi, Heqing Huang, and Charles Zhang. 2020. Fast Bitvector Satisfiability. In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)."},{"key":"e_1_3_2_1_252_1","volume-title":"SIFT: A Tool for Property Directed Symbolic Execution of Multithreaded Software. In IEEE Conference on Software Testing, Verification and Validation (ICST).","author":"Yavuz Tuba","year":"2022","unstructured":"Tuba Yavuz. 2022. SIFT: A Tool for Property Directed Symbolic Execution of Multithreaded Software. In IEEE Conference on Software Testing, Verification and Validation (ICST)."},{"key":"e_1_3_2_1_253_1","volume-title":"Concurrency Verification with Maximal Path Causality. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE).","author":"Yi Qiuping","year":"2018","unstructured":"Qiuping Yi and Jeff Huang. 2018. Concurrency Verification with Maximal Path Causality. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)."},{"key":"e_1_3_2_1_254_1","article-title":"Eliminating Path Redundancy via Postconditioned Symbolic Execution","volume":"44","author":"Yi Qiuping","year":"2018","unstructured":"Qiuping Yi, Zijiang Yang, Shengjian Guo, Chao Wang, Jian Liu, and Chen Zhao. 2018. Eliminating Path Redundancy via Postconditioned Symbolic Execution. IEEE Transactions on Software Engineering 44, 1 (2018).","journal-title":"IEEE Transactions on Software Engineering"},{"key":"e_1_3_2_1_255_1","volume-title":"ACM Conference on Computer and Communications Security (CCS).","author":"Wong Miuyin Yong","year":"2021","unstructured":"Miuyin Yong Wong, Matthew Landen, Manos Antonakakis, Douglas M. Blough, Elissa M. Redmiles, and Mustaque Ahamad. 2021. An Inside Look into the Practice of Malware Analysis. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_256_1","volume-title":"Symbolic Verification of Regular Properties. In International Conference on Software Engineering (ICSE).","author":"Yu Hengbiao","year":"2018","unstructured":"Hengbiao Yu, Zhenbang Chen, Ji Wang, Zhendong Su, and Wei Dong. 2018. Symbolic Verification of Regular Properties. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_257_1","volume-title":"RGSE: A Regular Property Guided Symbolic Executor for Java. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE).","author":"Yu Hengbiao","year":"2017","unstructured":"Hengbiao Yu, Zhenbang Chen, Yufeng Zhang, Ji Wang, and Wei Dong. 2017. RGSE: A Regular Property Guided Symbolic Executor for Java. In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)."},{"key":"e_1_3_2_1_258_1","volume-title":"USENIX Security Symposium.","author":"Yun Insu","year":"2018","unstructured":"Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim. 2018. QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. In USENIX Security Symposium."},{"key":"e_1_3_2_1_259_1","volume-title":"SIFOL: Solving Implicit Flows in Loops for Concolic Execution","author":"Zeng Yicheng","year":"2022","unstructured":"Yicheng Zeng, Jiaqian Peng, Zhihui Zhao, Zhanwei Song, Hongsong Zhu, and Limin Sun. 2022. SIFOL: Solving Implicit Flows in Loops for Concolic Execution. In IEEE International Performance, Computing, and Communications Conference (IPCCC)."},{"key":"e_1_3_2_1_260_1","volume-title":"Nyx: Detecting Exploitable Front-running Vulnerabilities in Smart Contracts. In IEEE Symposium on Security and Privacy (S&P).","author":"Zhang Wuqi","year":"2024","unstructured":"Wuqi Zhang, Zhuo Zhang, Qingkai Shi, Lu Liu, Lili Wei, Yepang Liu, Xiangyu Zhang, and Shing-Chi Cheung. 2024. Nyx: Detecting Exploitable Front-running Vulnerabilities in Smart Contracts. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_261_1","volume-title":"ACM\/IEEE International Conference on Automated Software Engineering (ASE).","author":"Zhang Yufeng","year":"2020","unstructured":"Yufeng Zhang, Zhenbang Chen, Ziqi Shuai, Tianqi Zhang, Kenli Li, and Ji Wang. 2020. Multiplex Symbolic Execution: Exploring Multiple Paths by Solving Once. In ACM\/IEEE International Conference on Automated Software Engineering (ASE)."},{"key":"e_1_3_2_1_262_1","volume-title":"Regular Property Guided Dynamic Symbolic Execution. In International Conference on Software Engineering (ICSE).","author":"Zhang Yufeng","year":"2015","unstructured":"Yufeng Zhang, Zhenbang Chen, Ji Wang, Wei Dong, and Zhiming Liu. 2015. Regular Property Guided Dynamic Symbolic Execution. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_263_1","volume-title":"Gopher: High-Precision and Deep-Dive Detection of Cryptographic API Misuse in the Go Ecosystem. In ACM Conference on Computer and Communications Security (CCS).","author":"Zhang Yuexi","year":"2024","unstructured":"Yuexi Zhang, Bingyu Li, Jingqiang Lin, Linghui Li, Jiaju Bai, Shijie Jia, and Qianhong Wu. 2024. Gopher: High-Precision and Deep-Dive Detection of Cryptographic API Misuse in the Go Ecosystem. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_264_1","volume-title":"Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing. In Symposium on Network and Distributed System Security (NDSS).","author":"Zhao Lei","year":"2019","unstructured":"Lei Zhao, Yue Duan, Heng Yin, and Jifeng Xuan. 2019. Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing. In Symposium on Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_265_1","volume-title":"ACM Conference on Computer and Communications Security (CCS).","author":"Zhao Yunze","unstructured":"Yunze Zhao, Wentao Guo, Harrison Goldestin, Daniel Votipka, Kelsey R. Fulton, and Michelle L. Mazurek. 2025. A Qualitative Analysis of Fuzzing Tool Usability and Challenges. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_266_1","volume-title":"Ferry: State-Aware Symbolic Execution for Exploring State-Dependent Program Paths. In USENIX Security Symposium.","author":"Zhou Shunfan","year":"2022","unstructured":"Shunfan Zhou, Zhemin Yang, Dan Qiao, Peng Liu, Min Yang, Zhe Wang, and Chenggang Wu. 2022. Ferry: State-Aware Symbolic Execution for Exploring State-Dependent Program Paths. In USENIX Security Symposium."},{"key":"e_1_3_2_1_267_1","volume-title":"USENIX Security Symposium.","author":"Zhou Wei","year":"2021","unstructured":"Wei Zhou, Le Guan, Peng Liu, and Yuqing Zhang. 2021. Automatic Firmware Emulation through Invalidity-guided Knowledge Inference. In USENIX Security Symposium."},{"key":"e_1_3_2_1_268_1","volume-title":"Interactive Support for Secure Programming Education. In ACM Technical Symposium on Computer Science Education (SIGCSE).","author":"Zhu Jun","year":"2013","unstructured":"Jun Zhu, Heather Richter Lipford, and Bill Chu. 2013. Interactive Support for Secure Programming Education. In ACM Technical Symposium on Computer Science Education (SIGCSE)."},{"key":"e_1_3_2_1_269_1","volume-title":"POPL","author":"Zimmerman Conrad","year":"2024","unstructured":"Conrad Zimmerman, Jenna DiVincenzo, and Jonathan Aldrich. 2024. Sound Gradual Verification with Symbolic Execution. ACM on Programming Languages 8, POPL (2024), 85:2547-85:2576."},{"key":"e_1_3_2_1_270_1","volume-title":"SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux Kernel. In USENIX Security Symposium.","author":"Zou Xiaochen","year":"2022","unstructured":"Xiaochen Zou, Guoren Li, Weiteng Chen, Hang Zhang, and Zhiyun Qian. 2022. SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux Kernel. In USENIX Security Symposium."}],"event":{"name":"SecDev '26: 2026 ACM Secure Development Conference","location":"Montreal QC Canada","acronym":"SecDev '26","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 2026 ACM Secure Development Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3805773.3805996","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3805773.3805996","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T05:31:09Z","timestamp":1782883869000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3805773.3805996"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,6,30]]},"references-count":270,"alternative-id":["10.1145\/3805773.3805996","10.1145\/3805773"],"URL":"https:\/\/doi.org\/10.1145\/3805773.3805996","relation":{},"subject":[],"published":{"date-parts":[[2026,6,30]]},"assertion":[{"value":"2026-06-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}