{"id":"https://openalex.org/W4412529754","doi":"https://doi.org/10.1007/s10270-025-01300-6","title":"Automatic security-flaw detection - towards a fair evaluation and comparison","display_name":"Automatic security-flaw detection - towards a fair evaluation and comparison","publication_year":2025,"publication_date":"2025-07-21","ids":{"openalex":"https://openalex.org/W4412529754","doi":"https://doi.org/10.1007/s10270-025-01300-6"},"language":"en","primary_location":{"id":"doi:10.1007/s10270-025-01300-6","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10270-025-01300-6","pdf_url":null,"source":{"id":"https://openalex.org/S64245694","display_name":"Software & Systems Modeling","issn_l":"1619-1366","issn":["1619-1366","1619-1374"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Software and Systems Modeling","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1007/s10270-025-01300-6","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5074604321","display_name":"Bernhard Berger","orcid":"https://orcid.org/0000-0001-6093-9229"},"institutions":[{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]},{"id":"https://openalex.org/I884043246","display_name":"Hamburg University of Technology","ror":"https://ror.org/04bs1pb34","country_code":"DE","type":"education","lineage":["https://openalex.org/I884043246"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Bernhard J. Berger","raw_affiliation_strings":["School of Electrical Engineering, Computer Science and Mathematics, Hamburg University of Technology, Am Schwarzenberg-Campus 3 (E), Hamburg, 21073, Germany"],"raw_orcid":"https://orcid.org/0000-0001-6093-9229","affiliations":[{"raw_affiliation_string":"School of Electrical Engineering, Computer Science and Mathematics, Hamburg University of Technology, Am Schwarzenberg-Campus 3 (E), Hamburg, 21073, Germany","institution_ids":["https://openalex.org/I159176309","https://openalex.org/I884043246"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5043224413","display_name":"Christina Plump","orcid":"https://orcid.org/0000-0003-0392-6397"},"institutions":[{"id":"https://openalex.org/I180437899","display_name":"University of Bremen","ror":"https://ror.org/04ers2y35","country_code":"DE","type":"education","lineage":["https://openalex.org/I180437899"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Christina Plump","raw_affiliation_strings":["Faculty 3 \u2013 Mathematics and Computer Science, University of Bremen, Bibliotheksstra\u00dfe 1, Bremen, 28359, Germany"],"raw_orcid":"https://orcid.org/0000-0003-0392-6397","affiliations":[{"raw_affiliation_string":"Faculty 3 \u2013 Mathematics and Computer Science, University of Bremen, Bibliotheksstra\u00dfe 1, Bremen, 28359, Germany","institution_ids":["https://openalex.org/I180437899"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5074604321"],"corresponding_institution_ids":["https://openalex.org/I159176309","https://openalex.org/I884043246"],"apc_list":{"value":2290,"currency":"EUR","value_usd":2890},"apc_paid":{"value":2290,"currency":"EUR","value_usd":2890},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.17258163,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"24","issue":"6","first_page":"1763","last_page":"1796"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.4920782446861267},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4867691993713379}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4920782446861267},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4867691993713379}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/s10270-025-01300-6","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10270-025-01300-6","pdf_url":null,"source":{"id":"https://openalex.org/S64245694","display_name":"Software & Systems Modeling","issn_l":"1619-1366","issn":["1619-1366","1619-1374"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Software and Systems Modeling","raw_type":"journal-article"},{"id":"pmh:doi:10.15480/882.15788","is_oa":true,"landing_page_url":"https://hdl.handle.net/11420/57043","pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Journal Article"}],"best_oa_location":{"id":"doi:10.1007/s10270-025-01300-6","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10270-025-01300-6","pdf_url":null,"source":{"id":"https://openalex.org/S64245694","display_name":"Software & Systems Modeling","issn_l":"1619-1366","issn":["1619-1366","1619-1374"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Software and Systems Modeling","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F3025293123","display_name":"Technische Universit\u00e4t Hamburg","ror":"https://ror.org/04bs1pb34"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":38,"referenced_works":["https://openalex.org/W127874700","https://openalex.org/W1505287734","https://openalex.org/W1524147119","https://openalex.org/W1604301660","https://openalex.org/W1983872353","https://openalex.org/W2005397165","https://openalex.org/W2023801057","https://openalex.org/W2028430752","https://openalex.org/W2043914943","https://openalex.org/W2060602490","https://openalex.org/W2062313296","https://openalex.org/W2064595642","https://openalex.org/W2081418638","https://openalex.org/W2088297136","https://openalex.org/W2098634112","https://openalex.org/W2109540106","https://openalex.org/W2153019760","https://openalex.org/W2154486111","https://openalex.org/W2161527051","https://openalex.org/W2472351859","https://openalex.org/W2649501556","https://openalex.org/W2799059383","https://openalex.org/W2809689731","https://openalex.org/W2901284348","https://openalex.org/W2971927483","https://openalex.org/W2995852737","https://openalex.org/W3091426345","https://openalex.org/W4205192141","https://openalex.org/W4239602184","https://openalex.org/W4242704521","https://openalex.org/W4253678082","https://openalex.org/W4294768537","https://openalex.org/W4312250199","https://openalex.org/W4366830932","https://openalex.org/W4389630090","https://openalex.org/W4402193282","https://openalex.org/W4403318507","https://openalex.org/W4409967415"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Abstract":[0],"Threat":[1],"Modeling":[2],"is":[3,13],"an":[4,185,197,227],"essential":[5],"step":[6],"in":[7,137],"secure":[8],"software":[9,30],"system":[10],"development.":[11],"It":[12],"a":[14,48,103,114,142,171,176,203,209,266],"(so":[15],"far)":[16],"manual,":[17],"attacker-centric":[18],"approach":[19,109,130,178],"for":[20,67,74,123,163,179,269],"identifying":[21],"architecture-level":[22],"security":[23,52,59,91,181,221],"flaws":[24,53,182],"during":[25,98],"the":[26,72,86,120,124,138,215,239,246,253,260],"planning":[27],"phase":[28],"of":[29,51,57,88,158,208,219,230,241,252],"systems.":[31],"In":[32,81],"recent":[33],"years,":[34],"academia":[35],"has":[36],"presented":[37,64],"ideas":[38,65],"to":[39,110,126,147,160,190,205,213,258,264],"automate":[40],"threat":[41,69,210],"detection":[42,70,93,211,223,232],"that":[43],"do":[44],"not":[45],"focus":[46],"on":[47],"particular":[49],"class":[50],"but":[54],"offer":[55],"means":[56],"pattern-based":[58],"flaw":[60,92,222],"descriptions.":[61],"However,":[62],"comparing":[63,89],"(tools)":[66],"automated":[68],"contains":[71],"potential":[73],"unwilling":[75],"bias":[76],"or":[77],"restricted":[78],"information":[79],"content.":[80],"this":[82,99,129,191,231],"work,":[83],"we":[84,173,195],"investigate":[85],"process":[87,199,236],"automatic":[90,220,243],"tools,":[94],"clarify":[95],"common":[96,267],"pitfalls":[97],"process,":[100],"and":[101,106,131,135,154,183,217,234,263],"propose":[102,174],"fair,":[104],"reproducible,":[105],"informative":[107],"comparison":[108,152,159],"be":[111,161],"used":[112,162],"as":[113,166],"community":[115,125,262],"standard.":[116],"We":[117,140,225],"additionally":[118],"discuss":[119],"necessary":[121],"steps":[122],"effectively":[127],"implement":[128],"support":[132,259],"improved":[133],"comparisons":[134,218],"evaluations":[136],"future.":[139],"use":[141],"previously":[143],"published":[144],"case":[145,248],"study":[146],"determine":[148],"problems":[149],"with":[150],"current":[151],"techniques":[153],"classify":[155],"different":[156],"levels":[157],"future":[164,270],"reference":[165],"our":[167],"main":[168],"contribution.":[169],"As":[170],"consequence,":[172],"using":[175],"model-based":[177,192],"specifying":[180],"apply":[184],"existing":[186],"natural":[187],"language-based":[188],"catalogue":[189],"approach.":[193],"Furthermore,":[194],"introduce":[196],"inspection":[198,235],"model":[200,237],"(for":[201],"providing":[202],"standard":[204],"specify":[206],"findings":[207],"process)":[212],"streamline":[214],"evaluation":[216,229],"tools.":[224],"provide":[226],"exemplary":[228],"guideline":[233],"along":[238],"lines":[240],"both":[242],"approaches":[244],"from":[245],"original":[247],"study.":[249],"All":[250],"artefacts":[251],"work":[254],"are":[255],"publicly":[256],"available":[257],"research":[261],"create":[265],"baseline":[268],"tool":[271],"comparisons.":[272]},"counts_by_year":[],"updated_date":"2025-11-16T23:07:24.559242","created_date":"2025-10-10T00:00:00"}