{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T05:04:45Z","timestamp":1750309485351,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":34,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,11,26]],"date-time":"2024-11-26T00:00:00Z","timestamp":1732579200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"FCT - Foundation for Science and Technology","award":["CISUC R&D Unit - UIDB\/00326\/2020 or project code UIDP\/00326\/2020"],"award-info":[{"award-number":["CISUC R&D Unit - UIDB\/00326\/2020 or project code UIDP\/00326\/2020"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,11,26]]},"DOI":"10.1145\/3697090.3697103","type":"proceedings-article","created":{"date-parts":[[2024,12,11]],"date-time":"2024-12-11T07:06:08Z","timestamp":1733900768000},"page":"11-16","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Mining Vulnerability and Code Repositories to Study Software Security"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-7118-9987","authenticated-orcid":false,"given":"Jo\u00e3o Rafael","family":"Henriques","sequence":"first","affiliation":[{"name":"University of Coimbra, CISUC, DEI, Coimbra, Coimbra, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0717-3396","authenticated-orcid":false,"given":"Jos\u00e9","family":"D'Abruzzo Pereira","sequence":"additional","affiliation":[{"name":"University of Coimbra, CISUC, DEI, Coimbra, Coimbra, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5103-8541","authenticated-orcid":false,"given":"Marco","family":"Vieira","sequence":"additional","affiliation":[{"name":"UNC Charlotte, Charlotte, North Carolina, USA"}]}],"member":"320","published-online":{"date-parts":[[2024,12,10]]},"reference":[{"unstructured":"2004. CVE-2004-2228. https:\/\/www.cvedetails.com\/cve\/CVE-2004-2228. Accessed: 2023-05-22.","key":"e_1_3_3_1_2_2"},{"unstructured":"2006. An Analysis of the Use After Free Vulnerability (CWE-416). https:\/\/soul-of-a-nameless-bard.medium.com\/an-analysis-of-the-use-after-free-vulnerability-cwe-416-511a71c8ec57. Accessed: 2023-10-20.","key":"e_1_3_3_1_3_2"},{"unstructured":"2006. CWE-17: CWE CATEGORY: DEPRECATED: Code. https:\/\/cwe.mitre.org\/data\/definitions\/17.html. Accessed: 2024-07-03.","key":"e_1_3_3_1_4_2"},{"unstructured":"2006. CWE-264: Permissions Privileges and Access Controls. https:\/\/cwe.mitre.org\/data\/definitions\/264.html. Accessed: 2022-01-16.","key":"e_1_3_3_1_5_2"},{"unstructured":"2006. CWE TOP 25 Most Dangerous Software Errors. https:\/\/www.sans.org\/top25-software-errors\/. Accessed: 2023-10-20.","key":"e_1_3_3_1_6_2"},{"unstructured":"2007. CVE-2007-4723. https:\/\/www.cvedetails.com\/cve\/CVE-2007-4723. Accessed: 2023-05-22.","key":"e_1_3_3_1_7_2"},{"unstructured":"2012. crontab(5) \u2014 Linux manual page. https:\/\/man7.org\/linux\/man-pages\/man5\/crontab.5.html. Accessed: 2023-11-17.","key":"e_1_3_3_1_8_2"},{"unstructured":"2015. CVE-2015-8960. https:\/\/www.cvedetails.com\/cve\/CVE-2015-8960. Accessed: 2023-05-22.","key":"e_1_3_3_1_9_2"},{"unstructured":"2023. Cppcheck - A tool for static C\/C++ code analysis. https:\/\/cppcheck.sourceforge.io. Accessed: 2023-05-14.","key":"e_1_3_3_1_10_2"},{"unstructured":"2023. CVE Details - The ultimate security vulnerability datasource. https:\/\/www.cvedetails.com\/. Accessed: 2023-05-11.","key":"e_1_3_3_1_11_2"},{"unstructured":"2023. Flawfinder. https:\/\/dwheeler.com\/flawfinder\/. Accessed: 2023-05-14.","key":"e_1_3_3_1_12_2"},{"unstructured":"2023. Open Hub the open source network. https:\/\/openhub.net. Accessed: 2023-10-20.","key":"e_1_3_3_1_13_2"},{"unstructured":"2023. Understand: The Software Developer\u2019s Multi-Tool. https:\/\/scitools.com. Accessed: 2023-06-09.","key":"e_1_3_3_1_14_2"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_15_2","DOI":"10.1145\/3475960.3475985"},{"unstructured":"Saikat Chakraborty Rahul Krishna Yangruibo Ding and Baishakhi Ray. 2021. Deep learning based vulnerability detection: Are we there yet. IEEE Transactions on Software Engineering (2021).","key":"e_1_3_3_1_16_2"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_17_2","DOI":"10.1109\/PRDC55274.2022.00029"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_18_2","DOI":"10.1109\/EDCC53658.2021.00008"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_19_2","DOI":"10.1109\/EDCC51268.2020.00025"},{"key":"e_1_3_3_1_20_2","first-page":"18","volume-title":"The art of software security assessment: Identifying and preventing software vulnerabilities","author":"Dowd Mark","year":"2006","unstructured":"Mark Dowd, John McDonald, and Justin Schuh. 2006. The art of software security assessment: Identifying and preventing software vulnerabilities. Pearson Education, 18\u201324."},{"doi-asserted-by":"publisher","unstructured":"Jos\u00e9 D\u2019Abruzzo\u00a0Pereira Naghmeh Ivaki and Marco Vieira. 2021. Characterizing Buffer Overflow Vulnerabilities in Large C\/C++ Projects. IEEE Access 9 (2021) 142879\u2013142892. 10.1109\/ACCESS.2021.3120349","key":"e_1_3_3_1_21_2","DOI":"10.1109\/ACCESS.2021.3120349"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_22_2","DOI":"10.1145\/3379597.3387501"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_23_2","DOI":"10.1145\/3379597.3387501"},{"unstructured":"The Open Web Application Security\u00a0Project Foundation. 2021. Welcome to the OWASP Top 10 - 2021. https:\/\/owasp.org\/www-project-top-ten\/2017\/. Accessed: 2023-10-22.","key":"e_1_3_3_1_24_2"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_25_2","DOI":"10.14722\/ndss.2018.23158"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_26_2","DOI":"10.1109\/MINES.2012.202"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_27_2","DOI":"10.1109\/ISSRE.2017.11"},{"unstructured":"MITRE. 2006. CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer. https:\/\/cwe.mitre.org\/data\/definitions\/119.html. Accessed: 2021-05-03.","key":"e_1_3_3_1_28_2"},{"unstructured":"MITRE. 2006. CWE-416: Use After Free. https:\/\/cwe.mitre.org\/data\/definitions\/416.html. Accessed: 2022-05-19.","key":"e_1_3_3_1_29_2"},{"unstructured":"MITRE. 2006. CWE-787: Out-of-bounds Write. https:\/\/cwe.mitre.org\/data\/definitions\/787.html. Accessed: 2023-10-20.","key":"e_1_3_3_1_30_2"},{"key":"e_1_3_3_1_31_2","first-page":"69","volume-title":"SecSE@ ESORICS","author":"Reis Sofia","year":"2017","unstructured":"Sofia Reis and Rui Abreu. 2017. SECBENCH: A Database of Real Security Vulnerabilities.. In SecSE@ ESORICS. 69\u201385."},{"doi-asserted-by":"publisher","unstructured":"Mario\u00a0Cal\u00edn S\u00e1nchez Juan Manuel\u00a0Carrillo de Gea Jos\u00e9\u00a0Luis Fern\u00e1ndez-Alem\u00e1n Jes\u00fas Garceran and Ambrosio Toval. 2020. Software vulnerabilities overview: A descriptive study. Tsinghua Science and Technology 25 2 (2020) 270\u2013280. 10.26599\/TST.2019.9010003","key":"e_1_3_3_1_32_2","DOI":"10.26599\/TST.2019.9010003"},{"unstructured":"Keith Turpin. 2010. OWASP Secure Coding Practices - Quick Reference Guide. https:\/\/www.owasp.org\/images\/0\/08\/OWASP_SCP_Quick_Reference_Guide_v2.pdf. Accessed: 2019-06-20.","key":"e_1_3_3_1_33_2"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_34_2","DOI":"10.1109\/ICSE-SEIP52600.2021.00020"},{"unstructured":"Yaqin Zhou Shangqing Liu Jingkai Siow Xiaoning Du and Yang Liu. 2019. Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks. Advances in neural information processing systems 32 (2019).","key":"e_1_3_3_1_35_2"}],"event":{"acronym":"LADC 2024","name":"LADC 2024: 13th Latin-American Symposium on Dependable and Secure Computing","location":"Recife Brazil"},"container-title":["Proceedings of the 13th Latin-American Symposium on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3697090.3697103","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3697090.3697103","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:17:33Z","timestamp":1750295853000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3697090.3697103"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,26]]},"references-count":34,"alternative-id":["10.1145\/3697090.3697103","10.1145\/3697090"],"URL":"https:\/\/doi.org\/10.1145\/3697090.3697103","relation":{},"subject":[],"published":{"date-parts":[[2024,11,26]]},"assertion":[{"value":"2024-12-10","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}