{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T21:09:47Z","timestamp":1769720987593,"version":"3.49.0"},"reference-count":12,"publisher":"IGI Global","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,7]]},"abstract":"<jats:p>From holding worldwide companies' information hostage to keeping several distributed systems down for hours, the last years were marked by several security attacks which are the result of complex software and its fast production. There are already tools which can be used to help companies detect vulnerabilities responsible for such attacks. However, their reliability is still not the best and well discriminated. In software testing, researchers tend to use hand-seeded test cases or mutations due to the challenges involved in the extraction or reproduction of real test cases which might not be suitable for testing techniques, since both approaches can create samples that inadvertently differ from the real vulnerabilities and thus might lead to misleading assessments of the tools' capabilities. The lack of databases of real security vulnerabilities is an issue since it hampers the tools' evaluation and categorization. To study these tools, the researchers created a database of 682 real test cases which is the outcome of mining 248 repositories for 16 different vulnerability patterns.<\/jats:p>","DOI":"10.4018\/ijsse.2017070101","type":"journal-article","created":{"date-parts":[[2018,2,19]],"date-time":"2018-02-19T17:43:39Z","timestamp":1519062219000},"page":"1-23","source":"Crossref","is-referenced-by-count":3,"title":["A Database of Existing Vulnerabilities to Enable Controlled Testing Studies"],"prefix":"10.4018","volume":"8","author":[{"given":"Sofia","family":"Rei","sequence":"first","affiliation":[{"name":"Faculty of Engineering of the University of Porto, Porto, Portugal"}]},{"given":"Rui","family":"Abreu","sequence":"additional","affiliation":[{"name":"IST, University of Lisbon & INESC-ID, Lisboa, Portugal"}]}],"member":"2432","reference":[{"key":"IJSSE.2017070101-0","doi-asserted-by":"crossref","unstructured":"Brian, L. (2007). A Critical Analysis of Empirical Research in Software Testing. In Proceedings of the First International Symposium on Empirical Software Engineering and Measurement ESEM \u201907.","DOI":"10.1109\/ESEM.2007.40"},{"key":"IJSSE.2017070101-1","doi-asserted-by":"crossref","unstructured":"Briand, L., & Labiche, Y. (2004). Empirical Studies of Software Testing Techniques: Challenges, Practical Strategies, and Future Research. ACM SIGSOFT Software Engineering Notes, 29(5).","DOI":"10.1145\/1022494.1022541"},{"key":"IJSSE.2017070101-2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-005-3861-2"},{"key":"IJSSE.2017070101-3","unstructured":"European Union Agency for Network and Information Security. (2017). ENISA Threat Landscape Report 2016."},{"key":"IJSSE.2017070101-4","doi-asserted-by":"crossref","unstructured":"Goseva-Popstojanova, K., & Perhinschi, A. (2015). On the Capability of Static Code Analysis to Detect Security Vulnerabilities. Information and Software Technology, 68, 18-33.","DOI":"10.1016\/j.infsof.2015.08.002"},{"key":"IJSSE.2017070101-5","year":"2017","journal-title":"IBM X-Force Threat Intelligence Index 2017"},{"key":"IJSSE.2017070101-6","doi-asserted-by":"publisher","DOI":"10.1145\/2610384.2628055"},{"key":"IJSSE.2017070101-7","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635929"},{"key":"IJSSE.2017070101-8","doi-asserted-by":"publisher","DOI":"10.1109\/icse.2017.62"},{"key":"IJSSE.2017070101-9","unstructured":"IBM Redbooks. (2011). IBM security solutions architecture for network, server and endpoint."},{"key":"IJSSE.2017070101-10","author":"G.Tassey","year":"2002","journal-title":"The Economic Impacts of Inadequate Infrastructure for Software Testing"},{"key":"IJSSE.2017070101-11","unstructured":"The OWASP Foundation. (2017). OWASP Top 10 \u2013 2017: The Ten Most Critical Web Application Security Risks."}],"container-title":["International Journal of Secure Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=201213","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,11]],"date-time":"2019-10-11T05:06:40Z","timestamp":1570770400000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJSSE.2017070101"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2017,7]]},"references-count":12,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.4018\/ijsse.2017070101","relation":{},"ISSN":["1947-3036","1947-3044"],"issn-type":[{"value":"1947-3036","type":"print"},{"value":"1947-3044","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,7]]}}}