{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T18:52:17Z","timestamp":1776365537005,"version":"3.51.2"},"reference-count":84,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2019,6,13]],"date-time":"2019-06-13T00:00:00Z","timestamp":1560384000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2019,6,13]],"date-time":"2019-06-13T00:00:00Z","timestamp":1560384000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["EURASIP J. on Info. Security"],"published-print":{"date-parts":[[2019,12]]},"DOI":"10.1186\/s13635-019-0092-4","type":"journal-article","created":{"date-parts":[[2019,6,13]],"date-time":"2019-06-13T16:03:54Z","timestamp":1560441834000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["Towards the application of recommender systems to secure coding"],"prefix":"10.1186","volume":"2019","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4713-4885","authenticated-orcid":false,"given":"Fitzroy D.","family":"Nembhard","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2354-9640","authenticated-orcid":false,"given":"Marco M.","family":"Carvalho","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2117-5294","authenticated-orcid":false,"given":"Thomas C.","family":"Eskridge","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,6,13]]},"reference":[{"key":"92_CR1","unstructured":"Ponemon Institute LLC, 2017 cost of data breach study. Ponemon Institute and IBM Security (2017). https:\/\/www.securityupdate.net\/SU\/IBMSecurity\/IBM-Security-Cost-of-Data-Breach-Study.pdf , Accessed 30 May 2018."},{"issue":"2","key":"92_CR2","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1007\/s41019-016-0019-8","volume":"2","author":"L. B. Othmane","year":"2017","unstructured":"L. B. Othmane, G. Chehrazi, E. Bodden, P. Tsalovski, A. D. Brucker, Time for addressing software security issues: Prediction models and impacting factors. Data Sci. Eng.2(2), 107\u2013124 (2017). https:\/\/doi.org\/10.1007\/s41019-016-0019-8 .","journal-title":"Data Sci. Eng."},{"key":"92_CR3","volume-title":"Software security: building security in, vol 1","author":"G. McGraw","year":"2006","unstructured":"G. McGraw, Software security: building security in, vol 1 (Addison-Wesley Professional, Boston, 2006)."},{"key":"92_CR4","unstructured":"Tricentis, Software fail watch: 2016 in review (2017). https:\/\/tricentis-com-tricentis.netdna-ssl.com\/wpcontent\/uploads\/2017\/01\/20161231SoftwareFails2016.pdf , Accessed 30 May 2018."},{"key":"92_CR5","doi-asserted-by":"crossref","unstructured":"B. Johnson, Y. Song, E. Murphy-Hill, R. Bowdidge, Why don\u2019t software developers use static analysis tools to find bugs? (IEEE Press, Piscataway, 2013). ICSE \u201913.","DOI":"10.1109\/ICSE.2013.6606613"},{"key":"92_CR6","doi-asserted-by":"publisher","unstructured":"T. Kremenek, K. Ashcraft, J. Yang, D. Engler, in ACM SIGSOFT Software Engineering Notes. Correlation exploitation in error ranking (ACMNew York, 2004), pp. 83\u201393. SIGSOFT \u201904\/FSE-12, https:\/\/doi.org\/10.1145\/1029894.1029909 .","DOI":"10.1145\/1029894.1029909"},{"key":"92_CR7","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-85820-3","volume-title":"Introduction to Recommender Systems Handbook","author":"F. Ricci","year":"2011","unstructured":"F. Ricci, L. Rokach, B. Shapira, Introduction to Recommender Systems Handbook (Springer US, Boston, 2011)."},{"issue":"1","key":"92_CR8","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1109\/52.976940","volume":"19","author":"D. Evans","year":"2002","unstructured":"D. Evans, D. Larochelle, Improving security using extensible lightweight static analysis. IEEE Softw.19(1), 42\u201351 (2002). https:\/\/doi.org\/10.1109\/52.976940 .","journal-title":"IEEE Softw."},{"issue":"5","key":"92_CR9","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1109\/MS.2008.130","volume":"25","author":"N. Ayewah","year":"2008","unstructured":"N. Ayewah, D. Hovemeyer, J. D. Morgenthaler, J. Penix, W. Pugh, Using static analysis to find bugs. IEEE Softw.25(5), 22\u201329 (2008). https:\/\/doi.org\/10.1109\/MS.2008.130 .","journal-title":"IEEE Softw."},{"key":"92_CR10","doi-asserted-by":"publisher","unstructured":"F. Nembhard, M. Carvalho, T. Eskridge, in 2017 IEEE Symposium Series on Computational Intelligence (SSCI). A hybrid approach to improving program security, (2017), pp. 1\u20138. https:\/\/doi.org\/10.1109\/SSCI.2017.8285247 .","DOI":"10.1109\/SSCI.2017.8285247"},{"issue":"7","key":"92_CR11","first-page":"12","volume":"14","author":"M. Alenezi","year":"2016","unstructured":"M. Alenezi, Y. Javed, Developer companion: A framework to produce secure web applications. Int. J. Comput. Sci. Inf. Secur.14(7), 12 (2016).","journal-title":"Int. J. Comput. Sci. Inf. Secur."},{"key":"92_CR12","volume-title":"Improving the usefulness of alerts generated by automated static analysis tools","author":"J. Bleier","year":"2017","unstructured":"J. Bleier, Improving the usefulness of alerts generated by automated static analysis tools (Radboud University Nijmegen, Master\u2019s thesis, 2017)."},{"issue":"4","key":"92_CR13","doi-asserted-by":"publisher","first-page":"16:1","DOI":"10.1145\/3196884","volume":"21","author":"K. A. Farris","year":"2018","unstructured":"K. A. Farris, A. Shah, G. Cybenko, R. Ganesan, S. Jajodia, VULCON: A system for vulnerability prioritization, mitigation, and management. ACM Trans. Priv. Secur. 21(4), 16:1\u201316:28 (2018). https:\/\/doi.org\/10.1145\/3196884 .","journal-title":"ACM Trans. Priv. Secur"},{"key":"92_CR14","unstructured":"Tenable, Nessus professional (2018). https:\/\/www.tenable.com\/products\/nessus\/nessus-professional , Accessed 15 Feb 2018."},{"key":"92_CR15","doi-asserted-by":"publisher","unstructured":"R. Gopalakrishnan, P. Sharma, M. Mirakhorli, M. Galster, in Proceedings of the 39th International Conference on Software Engineering. Can latent topics in source code predict missing architectural tactics? (IEEE PressPiscataway, 2017), pp. 15\u201326. ICSE \u201917, https:\/\/doi.org\/10.1109\/ICSE.2017.10 .","DOI":"10.1109\/ICSE.2017.10"},{"key":"92_CR16","doi-asserted-by":"publisher","unstructured":"I. Medeiros, N. Neves, M. Correia, in Proceedings of the 25th International Symposium on Software Testing and Analysis. DEKANT: a static analysis tool that learns to detect web application vulnerabilities (ACM, 2016), pp. 1\u201311. https:\/\/doi.org\/10.1145\/2931037.2931041 .","DOI":"10.1145\/2931037.2931041"},{"issue":"4","key":"92_CR17","doi-asserted-by":"publisher","first-page":"56:1","DOI":"10.1145\/3092566","volume":"50","author":"S. M. Ghaffarian","year":"2017","unstructured":"S. M. Ghaffarian, H. R. Shahriari, Software vulnerability analysis and discovery using machine-learning and data-mining techniques: A survey. ACM Comput. Surv.50(4), 56:1\u201356:36 (2017). https:\/\/doi.org\/10.1145\/3092566 .","journal-title":"ACM Comput. Surv."},{"key":"92_CR18","doi-asserted-by":"publisher","unstructured":"F. Yamaguchi, M. Lottmann, K. Rieck, in Proceedings of the 28th Annual Computer Security Applications Conference. Generalized vulnerability extrapolation using abstract syntax trees (ACMNew York, 2012), pp. 359\u2013368. ACSAC \u201912, https:\/\/doi.org\/10.1145\/2420950.2421003 .","DOI":"10.1145\/2420950.2421003"},{"issue":"10","key":"92_CR19","doi-asserted-by":"publisher","first-page":"1767","DOI":"10.1016\/j.infsof.2013.04.002","volume":"55","author":"L. K. Shar","year":"2013","unstructured":"L. K. Shar, H. B. K. Tan, Predicting SQL injection and cross site scripting vulnerabilities through mining input sanitization patterns. Inf. Softw. Technol.55(10), 1767\u20131780 (2013). https:\/\/doi.org\/10.1016\/j.infsof.2013.04.002 .","journal-title":"Inf. Softw. Technol."},{"key":"92_CR20","doi-asserted-by":"publisher","unstructured":"L. K. Shar, H. B. K. Tan, in 2012 Proceedings of the 27th IEEE\/ACM International Conference on Automated Software Engineering. Predicting common web application vulnerabilities from input validation and sanitization code patterns (IEEE, 2012), pp. 310\u2013313. https:\/\/doi.org\/10.1145\/2351676.2351733 .","DOI":"10.1145\/2351676.2351733"},{"key":"92_CR21","first-page":"642","volume-title":"Proceedings of the 2013 International Conference on Software Engineering","author":"L. K. Shar","year":"2013","unstructured":"L. K. Shar, H. B. K. Tan, L. C. Briand, in Proceedings of the 2013 International Conference on Software Engineering. Mining sql injection and cross site scripting vulnerabilities using hybrid program analysis (IEEE Press PiscatawayNJ, USA, 2013), pp. 642\u2013651."},{"issue":"6","key":"92_CR22","doi-asserted-by":"publisher","first-page":"688","DOI":"10.1109\/TDSC.2014.2373377","volume":"12","author":"L. K. Shar","year":"2015","unstructured":"L. K. Shar, L. C. Briand, H. B. K. Tan, Web application vulnerability prediction using hybrid program analysis and machine learning. IEEE Trans. Dependable Secure Comput.12(6), 688\u2013707 (2015). https:\/\/doi.org\/10.1109\/TDSC.2014.2373377 .","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"92_CR23","volume-title":"A recommender system for improving program security through source code mining and knowledge extraction","author":"F. Nembhard","year":"2018","unstructured":"F. Nembhard, A recommender system for improving program security through source code mining and knowledge extraction (Florida Institute of Technology, PhD thesis, 2018)."},{"issue":"4","key":"92_CR24","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1109\/MSP.2006.108","volume":"4","author":"M. Curphey","year":"2006","unstructured":"M. Curphey, R. Arawo, Web application security assessment tools. IEEE Secur. Priv.4(4), 32\u201341 (2006). https:\/\/doi.org\/10.1109\/MSP.2006.108 .","journal-title":"IEEE Secur. Priv."},{"key":"92_CR25","unstructured":"OWASP, Category:vulnerability scanning tools (2017). https:\/\/www.owasp.org\/index.php\/Category:Vulnerability_Scanning_Tools , Accessed 07 July 2017."},{"issue":"5","key":"92_CR26","doi-asserted-by":"publisher","first-page":"739","DOI":"10.1016\/j.comnet.2005.01.003","volume":"48","author":"Y. W. Huang","year":"2005","unstructured":"Y. W. Huang, C. H. Tsai, T. P. Lin, S. K. Huang, D. Lee, S. Y. Kuo, A testing framework for web application security assessment. Comput. Netw. 48(5), 739\u2013761 (2005). https:\/\/doi.org\/10.1016\/j.comnet.2005.01.003 .","journal-title":"Comput. Netw"},{"key":"92_CR27","doi-asserted-by":"publisher","unstructured":"J. Bau, E. Bursztein, D. Gupta, J. Mitchell, in Security and Privacy (SP) year=2010 IEEE Symposium on. State of the art: Automated black-box web application vulnerability testing (IEEE, 2010), pp. 332\u2013345. https:\/\/doi.org\/10.1109\/SP.2010.27 .","DOI":"10.1109\/SP.2010.27"},{"key":"92_CR28","volume-title":"Detecting security vulnerabilities in web applications using dynamic analysis with penetration testing","author":"A. Petukhov","year":"2008","unstructured":"A. Petukhov, D. Kozlov, Detecting security vulnerabilities in web applications using dynamic analysis with penetration testing (Department of Computer Science, Moscow State University, 2008)."},{"key":"92_CR29","volume-title":"Effectiveness of automated security analysis using a uniface-like architecture","author":"J. P. Jonkergouw","year":"2014","unstructured":"J. P. Jonkergouw, Effectiveness of automated security analysis using a uniface-like architecture (Master\u2019s thesis, Universiteit van Amsterdam, 2014)."},{"key":"92_CR30","first-page":"3987","volume-title":"AAAI","author":"U. Kuter","year":"2015","unstructured":"U. Kuter, M. H. Burstein, J. Benton, D. Bryce, J. T. Thayer, S. McCoy, in AAAI. HACKAR: Helpful advice for code knowledge and attack resilience (Twenty-Seventh IAAI ConferenceAustin, 2015), pp. 3987\u20133992."},{"key":"92_CR31","doi-asserted-by":"publisher","first-page":"359","DOI":"10.1016\/B978-0-12-450010-5.50026-8","volume-title":"Artificial and Mathematical Theory of Computation","author":"Raymond Reiter","year":"1991","unstructured":"R. Reiter, The frame problem in the situation calculus: A simple solution (sometimes) and a completeness result for goal regression. Artif. Intell. Math. Theory Comput. Papers Honor John McCarthy. 27:, 359\u2013380 (1991). Academic Press Professional, Inc. San Diego, CA, USA, https:\/\/doi.org\/10.1016\/B978-0-12-450010-5.50026-8 ."},{"key":"92_CR32","doi-asserted-by":"publisher","unstructured":"J. H. Perkins, S. Kim, S. Larsen, S. Amarasinghe, J. Bachrach, M. Carbin, C. Pacheco, F. Sherwood, S. Sidiroglou, G. Sullivan, et al., in Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles. Automatically patching errors in deployed software (ACM, 2009), pp. 87\u2013102. https:\/\/doi.org\/10.1145\/1629575.1629585 .","DOI":"10.1145\/1629575.1629585"},{"issue":"1","key":"92_CR33","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1109\/TSE.2011.104","volume":"38","author":"C. Le Goues","year":"2012","unstructured":"C. Le Goues, T. Nguyen, S. Forrest, W. Weimer, Genprog: A generic method for automatic software repair. IEEE Trans. Softw. Eng. 38(1), 54 (2012). https:\/\/doi.org\/10.1109\/TSE.2011.104 .","journal-title":"IEEE Trans. Softw. Eng"},{"key":"92_CR34","doi-asserted-by":"publisher","unstructured":"W. Weimer, Z. P. Fry, S. Forrest, in 2013 28th IEEE\/ACM International Conference on Automated Software Engineering (ASE). Leveraging program equivalence for adaptive program repair: Models and first results, (2013), pp. 356\u2013366. https:\/\/doi.org\/10.1109\/ASE.2013.6693094 .","DOI":"10.1109\/ASE.2013.6693094"},{"key":"92_CR35","doi-asserted-by":"crossref","first-page":"166","DOI":"10.1145\/2786805.2786811","volume-title":"Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering","author":"F. Long","year":"2015","unstructured":"F. Long, M. Rinard, in Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering. Staged program repair with condition synthesis (ACMNew York, 2015), pp. 166\u2013178. ESEC\/FSE, 2015."},{"key":"92_CR36","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1145\/2771783.2771791","volume-title":"Proceedings of the 2015 International Symposium on Software Testing and Analysis","author":"Z. Qi","year":"2015","unstructured":"Z. Qi, F. Long, S. Achour, M. Rinard, in Proceedings of the 2015 International Symposium on Software Testing and Analysis. An analysis of patch plausibility and correctness for generate-and-validate patch generation systems (ACM New YorkNY, USA, 2015), pp. 24\u201336."},{"issue":"1","key":"92_CR37","doi-asserted-by":"publisher","first-page":"298","DOI":"10.1145\/2914770.2837617","volume":"51","author":"F. Long","year":"2016","unstructured":"F. Long, M. Rinard, Automatic patch generation by learning correct code. SIGPLAN Not. 51(1), 298\u2013312 (2016). https:\/\/doi.org\/10.1145\/2837614.2837617 .","journal-title":"SIGPLAN Not"},{"key":"92_CR38","first-page":"802","volume-title":"Proceedings of the 2013 International Conference on Software Engineering","author":"D. Kim","year":"2013","unstructured":"D. Kim, J. Nam, J. Song, S. Kim, in Proceedings of the 2013 International Conference on Software Engineering. Automatic patch generation learned from human-written patches (IEEE Press PiscatawayNJ, USA, 2013), pp. 802\u2013811."},{"key":"92_CR39","doi-asserted-by":"publisher","unstructured":"Y. Wei, Y. Pei, C. A. Furia, L. S. Silva, S. Buchholz, B. Meyer, A. Zeller, in Proceedings of the 19th International Symposium on Software Testing and Analysis. Automated fixing of programs with contracts (ACMNew York, 2010), pp. 61\u201372. ISSTA \u201910, https:\/\/doi.org\/10.1145\/1831708.1831716 .","DOI":"10.1145\/1831708.1831716"},{"key":"92_CR40","doi-asserted-by":"publisher","unstructured":"V. Debroy, W. E. Wong, in 2010 Third International Conference on Software Testing, Verification and Validation. Using mutation to automatically suggest fixes for faulty programs, (2010), pp. 65\u201374. https:\/\/doi.org\/10.1109\/ICST.2010.66 .","DOI":"10.1109\/ICST.2010.66"},{"key":"92_CR41","doi-asserted-by":"publisher","unstructured":"H. D. T. Nguyen, D. Qi, A. Roychoudhury, S. Chandra, in 2013 35th International Conference on Software Engineering (ICSE). Semfix: Program repair via semantic analysis (IEEE, 2013), pp. 772\u2013781. https:\/\/doi.org\/10.1109\/ICSE.2013.6606623 .","DOI":"10.1109\/ICSE.2013.6606623"},{"key":"92_CR42","doi-asserted-by":"publisher","unstructured":"G. Jin, L. Song, W. Zhang, S. Lu, B. Liblit, in Proceedings of the 32Nd ACM SIGPLAN Conference on Programming Language Design and Implementation. Automated atomicity-violation fixing (ACMNew York, 2011), pp. 389\u2013400. PLDI \u201911, https:\/\/doi.org\/10.1145\/1993498.1993544 .","DOI":"10.1145\/1993498.1993544"},{"key":"92_CR43","doi-asserted-by":"publisher","unstructured":"D. J. Musliner, J. M. Rye, D. Thomsen, D. D. McDonald, M. H. Burstein, P. Robertson, in 2011 Fifth IEEE Conference on Self-Adaptive and Self-Organizing Systems Workshops. Fuzzbuster: Towards adaptive immunity from cyber threats (IEEE, 2011), pp. 137\u2013140. https:\/\/doi.org\/10.1109\/SASOW.2011.26 .","DOI":"10.1109\/SASOW.2011.26"},{"key":"92_CR44","first-page":"2015","volume-title":"Fourth International Conference on Communications, Computation, Networks and Technologies (INNOV)","author":"D. J. Musliner","year":"2015","unstructured":"D. J. Musliner, S. E. Friedman, M. Boldt, J. Benton, M. Schuchard, P. Keller, S. McCamant, in Fourth International Conference on Communications, Computation, Networks and Technologies (INNOV). Fuzzbomb: Autonomous cyber vulnerability detection and repair (Fourth International Conference on Communications, University of BonnBonn, 2015), p. 2015."},{"key":"92_CR45","doi-asserted-by":"publisher","unstructured":"V. Raychev, M. Vechev, A. Krause, in Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. Predicting program properties from \u201cbig code\u201d (ACMNew York, 2015), pp. 111\u2013124. POPL \u201915, https:\/\/doi.org\/10.1145\/2676726.2677009 .","DOI":"10.1145\/2676726.2677009"},{"key":"92_CR46","volume-title":"Thirty-First AAAI Conference on Artificial Intelligence","author":"R. Gupta","year":"2017","unstructured":"R. Gupta, S. Pal, A. Kanade, S. Shevade, in Thirty-First AAAI Conference on Artificial Intelligence. Deepfix: Fixing common c language errors by deep learning (Thirty-First AAAI Conference on Artificial IntelligenceSan Francisco, 2017)."},{"key":"92_CR47","unstructured":"SonarSource, Get the power to write better code (2019). https:\/\/www.sonarlint.org\/features\/ , Accessed 15 Feb 2019."},{"key":"92_CR48","doi-asserted-by":"publisher","unstructured":"J. Xie, B. Chu, H. R. Lipford, J. T. Melton, in Proceedings of the 27th Annual Computer Security Applications Conference. Aside: IDE support for web application security (ACMNew York, 2011), pp. 267\u2013276. ACSAC \u201911, https:\/\/doi.org\/10.1145\/2076732.2076770 .","DOI":"10.1145\/2076732.2076770"},{"key":"92_CR49","doi-asserted-by":"publisher","unstructured":"Y. Dang, D. Zhang, S. Ge, C. Chu, Y. Qiu, T. Xie, in Proceedings of the 28th Annual Computer Security Applications Conference. Xiao: tuning code clones at hands of engineers in practice (ACM, 2012), pp. 369\u2013378. https:\/\/doi.org\/10.1145\/2420950.2421004 .","DOI":"10.1145\/2420950.2421004"},{"key":"92_CR50","volume-title":"A static analysis tool for detecting security vulnerabilities in python web applications","author":"S. Micheelsen","year":"2016","unstructured":"S. Micheelsen, B. Thalmann, A static analysis tool for detecting security vulnerabilities in python web applications (Aalborg University, Master\u2019s thesis, 2016)."},{"key":"92_CR51","doi-asserted-by":"publisher","unstructured":"A. Z. Baset, T. Denning, in Security and Privacy Workshops (SPW) 2017 IEEE. IDE plugins for detecting input-validation vulnerabilities (IEEE, 2017), pp. 143\u2013146. https:\/\/doi.org\/10.1109\/SPW.2017.37 .","DOI":"10.1109\/SPW.2017.37"},{"key":"92_CR52","doi-asserted-by":"publisher","unstructured":"V. Raychev, M. Vechev, E. Yahav, in Acm Sigplan Notices, vol 49. Code completion with statistical language models (ACM, 2014), pp. 419\u2013428. https:\/\/doi.org\/10.1145\/2594291.2594321 .","DOI":"10.1145\/2594291.2594321"},{"key":"92_CR53","first-page":"859","volume-title":"Proceedings of the 34th International Conference on Software Engineering","author":"C. Omar","year":"2012","unstructured":"C. Omar, Y. Yoon, T. D. LaToza, B. A. Myers, in Proceedings of the 34th International Conference on Software Engineering. Active code completion (IEEE Press PiscatawayNJ, USA, 2012), pp. 859\u2013869."},{"issue":"8","key":"92_CR54","doi-asserted-by":"publisher","first-page":"1978","DOI":"10.1016\/j.jss.2013.02.061","volume":"86","author":"S. Anand","year":"2013","unstructured":"S. Anand, E. K. Burke, T. Y. Chen, J. Clark, M. B. Cohen, W. Grieskamp, M. Harman, M. J. Harrold, P. McMinn, An orchestrated survey of methodologies for automated software test case generation. J. Syst. Softw.86(8), 1978\u20132001 (2013). https:\/\/doi.org\/10.1016\/j.jss.2013.02.061 .","journal-title":"J. Syst. Softw."},{"key":"92_CR55","doi-asserted-by":"publisher","unstructured":"A. Z. Baset, T. Denning, in Security and Privacy (SP) 2017 IEEE Symposium on. Ide plugins for detecting input-validation vulnerabilities, (2017), pp. 143\u2013146. https:\/\/doi.org\/10.1109\/SPW.2017.37 .","DOI":"10.1109\/SPW.2017.37"},{"key":"92_CR56","unstructured":"The MITRE Corporation, Common vulnerabilities and exposures (CVE) (2017). https:\/\/cve.mitre.org\/about\/ , Accessed 29 Dec 2017."},{"key":"92_CR57","unstructured":"StandardsandTechnology(NIST) National Institute for, National vulnerability database (2017). https:\/\/nvd.nist.gov\/home , Accessed 12 Dec 2017."},{"key":"92_CR58","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1016\/j.scico.2012.04.008","volume":"79","author":"S. Bajracharya","year":"2014","unstructured":"S. Bajracharya, J. Ossher, C. Lopes, Sourcerer: An infrastructure for large-scale collection and analysis of open-source code. Sci. Comput. Prog.79:, 241\u2013259 (2014). https:\/\/doi.org\/10.1016\/j.scico.2012.04.008 .","journal-title":"Sci. Comput. Prog."},{"key":"92_CR59","unstructured":"RogueWave Software, Abstract syntax tree (AST) (2018). https:\/\/docs.roguewave.com\/en\/klocwork\/current\/abstractsyntaxtreeast , Accessed 25 Jan 2018."},{"key":"92_CR60","volume-title":"JavaParser: Visited; Analyse, transform and generate your Java code base","author":"N. Smith","year":"2017","unstructured":"N. Smith, D. van Bruggen, F. Tomassetti, JavaParser: Visited; Analyse, transform and generate your Java code base (Leanpub, British Columbia, 2017)."},{"issue":"1","key":"92_CR61","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1145\/1327452.1327492","volume":"51","author":"J. Dean","year":"2008","unstructured":"J. Dean, S. Ghemawat, Mapreduce: simplified data processing on large clusters. Commun. ACM. 51(1), 107\u2013113 (2008). https:\/\/doi.org\/10.1145\/1327452.1327492 .","journal-title":"Commun. ACM"},{"key":"92_CR62","doi-asserted-by":"publisher","unstructured":"A. B. Patel, M. Birla, U. Nair, in 2012 Nirma University International Conference on Engineering (NUiCONE). Addressing big data problem using hadoop and map reduce, (2012), pp. 1\u20135. https:\/\/doi.org\/10.1109\/NUICONE.2012.6493198 .","DOI":"10.1109\/NUICONE.2012.6493198"},{"key":"92_CR63","doi-asserted-by":"publisher","unstructured":"G. Buehrer, B. W. Weide, P. A. G. Sivilotti, in Proceedings of the 5th International Workshop on Software Engineering and Middleware. Using parse tree validation to prevent SQL injection attacks (ACMNew York, 2005), pp. 106\u2013113. SEM \u201905, https:\/\/doi.org\/10.1145\/1108473.1108496 .","DOI":"10.1145\/1108473.1108496"},{"key":"92_CR64","unstructured":"J. Williams, D. Wichers. OWASP top 10-2010 the ten most critical web application security risks. Tech. rep. (OWASPBel Air, 2010). https:\/\/www.owasp.org\/images\/0\/0f\/OWASP_T10_-_2010_rc1.pdf ."},{"key":"92_CR65","volume-title":"The ten most critical web application security risks","author":"J. Williams","year":"2017","unstructured":"J. Williams, D. Wichers, The ten most critical web application security risks (OWASP Foundation, Bel Air, 2017)."},{"key":"92_CR66","unstructured":"MITRE, 2011 CWE\/SANS top 25 most dangerous software errors (2011). http:\/\/cwe.mitre.org\/top25\/ , Accessed 06 Dec 2017."},{"key":"92_CR67","volume-title":"Improving software security with precise static and runtime analysis. PhD thesis","author":"B. Livshits","year":"2006","unstructured":"B. Livshits, Improving software security with precise static and runtime analysis. PhD thesis (Stanford University, Stanford, 2006)."},{"key":"92_CR68","unstructured":"MITRE, CWE-89: Improper neutralization of special elements used in an SQL command (\u2019SQL injection\u2019) (2018). http:\/\/cwe.mitre.org\/top25\/ , Accessed 8 Feb 2018."},{"key":"92_CR69","unstructured":"B. Flood, Find-sec-bugs injection sinks (2017). https:\/\/github.com\/find-sec-bugs\/find-sec-bugs\/tree\/master\/findsecbugs-plugin\/src\/main\/resources\/injection-sinks , Accessed 8 Feb 2018."},{"key":"92_CR70","unstructured":"L. Sampaio, Which methods should be considered \u201csources\u201d, \u201csinks\u201d or \u201csanitization\u201d? (2014). http:\/\/thecodemaster.net\/methods-considered-sources-sinks-sanitization\/ , Accessed 8 Feb 2018."},{"key":"92_CR71","unstructured":"OWASP, Searching for code in J2EE\/Java (2016a). https:\/\/www.owasp.org\/index.php\/Searching_for_Code_in_J2EE\/Java , accessed: 8 Feb 2018."},{"key":"92_CR72","unstructured":"OWASP, Command injection (2016b). https:\/\/www.owasp.org\/index.php\/Command_Injection , Accessed 24 Feb 2018."},{"key":"92_CR73","unstructured":"MIP Center, Windows commands (2016). https:\/\/docs.microsoft.com\/en-us\/windows-server\/administration\/windows-commands\/windows-commands , Accessed 6 Mar 2018."},{"key":"92_CR74","volume-title":"Basics of qualitative research techniques 2nd Edition","author":"A. Strauss","year":"1998","unstructured":"A. Strauss, J. Corbin, Basics of qualitative research techniques 2nd Edition (SAGE publications Thousand Oaks CA, Thousand Oaks, 1998)."},{"key":"92_CR75","unstructured":"Foundation The Eclipse, Code recommenders: The intelligent development environment (2017). http:\/\/www.eclipse.org\/recommenders\/ . Accessed 15 Nov 2017."},{"key":"92_CR76","unstructured":"The Apache Software Foundation, Welcome to apache lucene (2018). https:\/\/lucene.apache.org\/ , Accessed 9 Feb 2018."},{"key":"92_CR77","volume-title":"Sub-linear privacy-preserving near-neighbor search with untrusted server on large-scale datasets. arXiv preprint","author":"M. Sadegh Riazi","year":"2016","unstructured":"M. Sadegh Riazi, B. Chen, A. Shrivastava, Wallach D., Koushanfar F., Sub-linear privacy-preserving near-neighbor search with untrusted server on large-scale datasets. arXiv preprint (Cornell University, Hurston Ave., Ithaca, 2016). arXiv:1612.01835, 2016."},{"key":"92_CR78","doi-asserted-by":"publisher","unstructured":"N. Ayewah, W. Pugh, J. D. Morgenthaler, J. Penix, Y. Zhou, in Companion to the 22nd ACM SIGPLAN Conference on Object-oriented Programming Systems and Applications Companion. Using FindBugs on production software (ACMNew York, 2007), pp. 805\u2013806. OOPSLA \u201907, https:\/\/doi.org\/10.1145\/1297846.1297897 .","DOI":"10.1145\/1297846.1297897"},{"key":"92_CR79","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1049\/ic.2011.0018","volume":"9","author":"A. Vetro","year":"2011","unstructured":"A. Vetro, A. Morisio, A. Torchiano, An empirical validation of findbugs issues related to defects. IET Conf. Proc. 9:, 144\u2013153 (2011). https:\/\/doi.org\/10.1049\/ic.2011.0018 .","journal-title":"IET Conf. Proc"},{"key":"92_CR80","doi-asserted-by":"publisher","unstructured":"N. Ayewah, W. Pugh, in Proceedings of the 19th International Symposium on Software Testing and Analysis. The google FindBugs fixit (ACMNew York, 2010), pp. 241\u2013252. ISSTA \u201910, https:\/\/doi.org\/10.1145\/1831708.1831738 .","DOI":"10.1145\/1831708.1831738"},{"key":"92_CR81","unstructured":"M. Dhruv, Ids00-j. prevent sql injection (2017). https:\/\/wiki.sei.cmu.edu\/confluence\/display\/java\/IDS00-J.+Prevent+SQL+injection , Accessed 15 Nov 2017."},{"key":"92_CR82","unstructured":"OWASP, Command injection in java (2017). https:\/\/www.owasp.org\/index.php\/Command_injection_in_Java , accessed: 15 Nov 2017."},{"key":"92_CR83","volume-title":"Usability inspection methods","author":"R. L. Mack","year":"1994","unstructured":"R. L. Mack, J. Nielsen, Usability inspection methods (Wiley, New York, 1994)."},{"issue":"2","key":"92_CR84","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1016\/S0004-3702(98)00100-3","volume":"106","author":"J. L. Pollock","year":"1998","unstructured":"J. L. Pollock, The logical foundations of goal-regression planning in autonomous agents. Artif. Intell.106(2), 267\u2013334 (1998). https:\/\/doi.org\/10.1016\/S0004-3702(98)00100-3 .","journal-title":"Artif. Intell."}],"container-title":["EURASIP Journal on Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-019-0092-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1186\/s13635-019-0092-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-019-0092-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,1,6]],"date-time":"2021-01-06T00:35:14Z","timestamp":1609893314000},"score":1,"resource":{"primary":{"URL":"https:\/\/jis-eurasipjournals.springeropen.com\/articles\/10.1186\/s13635-019-0092-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,6,13]]},"references-count":84,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2019,12]]}},"alternative-id":["92"],"URL":"https:\/\/doi.org\/10.1186\/s13635-019-0092-4","relation":{},"ISSN":["2510-523X"],"issn-type":[{"value":"2510-523X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,6,13]]},"assertion":[{"value":"15 November 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"8 May 2019","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 June 2019","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Fitzroy D. Nembhard is currently working as a Post-Doctoral Researcher in the Harris Institute for Assured Information at Florida Institute of Technology. He received the Ph.D. in Computer Science from Florida Institute of Technology in 2018 under the advisorship of Marco M. Carvalho. He also received a MS in Bioinformatics and BS in Computer Science from Morgan State University in 2012 and 2009, respectively. Prior to completing his doctoral studies, Dr. Nembhard worked as an adjunct faculty in the Computer Science Department at Morgan State University. His interests include using Machine Learning and Data Mining to solve problems in Cyber Security and Bioinformatics (particularly in designing and improving sequence-based algorithms using parallel and distributed methodologies), designing tools to improve software and information security, and designing visualizations for cyber specialists to solve critical problems in the cyber domain.Marco M. Carvalho is a Professor at the Florida Institute of Technology (Florida Tech) and a Research Scholar\/Scientist at the Institute for Human and Machine Cognition. At Florida Tech, Dr. Carvalho serves as the Dean of the College of Engineering and Sciences, Director of Research of the Harris Institute for Assured Information, and Director of the Intelligent Communications and Information Systems Laboratory. Dr. Carvalho graduated with a M.Sc. in Mechanical Engineering with specialization in dynamic systems and control theory from the University Brasilia (UnB\u2013Brazil). He also holds a M.Sc. in Computer Science from the University of West Florida and a Ph.D. in Computer Science from Tulane University, with specialization in Machine Learning and Data Mining. Dr. Carvalho currently leads several research efforts in the areas of cyber security, moving target defense, critical infrastructure protection, and tactical communication systems, primarily sponsored by the Department of Defense, the U.S. Army Research Laboratory, the U.S. Air Force Research Laboratory, ONR, the National Science Foundation, DoE and Industry. He is the Principal Investigator of a DoD\/AFRL sponsored project focused on Systems Behavior Approach to Moving Target Command and Control, and the Principal Investigator of an AFRL sponsored effort on Resilient Airborne Networks. Dr. Carvalho\u2019s research interests include resilient distributed systems, multi-agent systems and emergent approaches to systems optimization and security.Thomas C. Eskridge is an Associate Professor of Information Assurance and Cybersecurity in the Harris Institute for Assured Information at the Florida Institute of Technology. Dr. Eskridge has a Ph.D. in Philosophy from Binghamton University and an MS and BS in Computer Science from Southern Illinois University. His research focuses on amplifying human performance through intelligent assistance and innovative visualizations, both of which require developing a deep understanding of operator goals and mental task models to represent, reason, and visually display. He is currently developing tools that enable software agents and human operators to collaboratively represent and reason about networks, user actions, and cyber security events. Previous projects include developing a hybrid connectionist-symbolic knowledge \u0103representation system to model human analogical reasoning, case-based reasoning systems supporting milling-machine operators, formal knowledge representation editors, distributed multi-agent systems, fixed-wing and rotary-wing cockpit displays, visualizations for cyber situation awareness, defense posture, and mission management.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Authors\u2019 information"}},{"value":"The authors declare that they have no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}},{"value":"Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Publisher\u2019s Note"}}],"article-number":"9"}}