{"id":"https://openalex.org/W4394862968","doi":"https://doi.org/10.1109/access.2024.3389955","title":"Comprehensive Evaluation of Static Analysis Tools for Their Performance in Finding Vulnerabilities in Java Code","display_name":"Comprehensive Evaluation of Static Analysis Tools for Their Performance in Finding Vulnerabilities in Java Code","publication_year":2024,"publication_date":"2024-01-01","ids":{"openalex":"https://openalex.org/W4394862968","doi":"https://doi.org/10.1109/access.2024.3389955"},"language":"en","primary_location":{"id":"doi:10.1109/access.2024.3389955","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3389955","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10500698.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10500698.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015101417","display_name":"Midya Alqaradaghi","orcid":"https://orcid.org/0000-0001-9881-5854"},"institutions":[{"id":"https://openalex.org/I106118109","display_name":"E\u00f6tv\u00f6s Lor\u00e1nd University","ror":"https://ror.org/01jsq2704","country_code":"HU","type":"education","lineage":["https://openalex.org/I106118109"]}],"countries":["HU"],"is_corresponding":false,"raw_author_name":"Midya Alqaradaghi","raw_affiliation_strings":["Department of Programming Languages and Compilers, E&#x00F6;tv&#x00F6;s Lor&#x00E1;nd University (ELTE), Budapest, Hungary"],"raw_orcid":"https://orcid.org/0000-0001-9881-5854","affiliations":[{"raw_affiliation_string":"Department of Programming Languages and Compilers, E&#x00F6;tv&#x00F6;s Lor&#x00E1;nd University (ELTE), Budapest, Hungary","institution_ids":["https://openalex.org/I106118109"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5009713228","display_name":"Tam\u00e1s Kozsik","orcid":"https://orcid.org/0000-0003-4484-9172"},"institutions":[{"id":"https://openalex.org/I106118109","display_name":"E\u00f6tv\u00f6s Lor\u00e1nd University","ror":"https://ror.org/01jsq2704","country_code":"HU","type":"education","lineage":["https://openalex.org/I106118109"]}],"countries":["HU"],"is_corresponding":false,"raw_author_name":"Tam\u00e1s Kozsik","raw_affiliation_strings":["Department of Programming Languages and Compilers, E&#x00F6;tv&#x00F6;s Lor&#x00E1;nd University (ELTE), Budapest, Hungary"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Programming Languages and Compilers, E&#x00F6;tv&#x00F6;s Lor&#x00E1;nd University (ELTE), Budapest, Hungary","institution_ids":["https://openalex.org/I106118109"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":12.4115,"has_fulltext":true,"cited_by_count":18,"citation_normalized_percentile":{"value":0.98527825,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":"12","issue":null,"first_page":"55824","last_page":"55842"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8695411682128906},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.8411317467689514},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.8101810216903687},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.8063615560531616},{"id":"https://openalex.org/keywords/test-suite","display_name":"Test suite","score":0.7674945592880249},{"id":"https://openalex.org/keywords/suite","display_name":"Suite","score":0.6944777369499207},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.6081482172012329},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5649286508560181},{"id":"https://openalex.org/keywords/static-program-analysis","display_name":"Static program analysis","score":0.524506688117981},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.458008736371994},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4419853389263153},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.43276065587997437},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.42320147156715393},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.40362584590911865},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.4013328552246094},{"id":"https://openalex.org/keywords/test-case","display_name":"Test case","score":0.35153278708457947},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.2660314738750458},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.26247966289520264},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.14375290274620056},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.13976815342903137},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.08710741996765137}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8695411682128906},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.8411317467689514},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.8101810216903687},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.8063615560531616},{"id":"https://openalex.org/C151552104","wikidata":"https://www.wikidata.org/wiki/Q7705809","display_name":"Test suite","level":4,"score":0.7674945592880249},{"id":"https://openalex.org/C79581498","wikidata":"https://www.wikidata.org/wiki/Q1367530","display_name":"Suite","level":2,"score":0.6944777369499207},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.6081482172012329},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5649286508560181},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.524506688117981},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.458008736371994},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4419853389263153},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.43276065587997437},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.42320147156715393},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.40362584590911865},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4013328552246094},{"id":"https://openalex.org/C128942645","wikidata":"https://www.wikidata.org/wiki/Q1568346","display_name":"Test case","level":3,"score":0.35153278708457947},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2660314738750458},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.26247966289520264},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.14375290274620056},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.13976815342903137},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.08710741996765137},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C13280743","wikidata":"https://www.wikidata.org/wiki/Q131089","display_name":"Geodesy","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C152877465","wikidata":"https://www.wikidata.org/wiki/Q208042","display_name":"Regression analysis","level":2,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C95457728","wikidata":"https://www.wikidata.org/wiki/Q309","display_name":"History","level":0,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/access.2024.3389955","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3389955","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10500698.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:edit.elte.hu:10831/113263","is_oa":true,"landing_page_url":"http://hdl.handle.net/10831/113263","pdf_url":"https://edit.elte.hu/xmlui/bitstream/10831/113263/1/34962519.pdf","source":{"id":"https://openalex.org/S4306400126","display_name":"ELTE Digital Institutional Repository (EDIT) (E\u00f6tv\u00f6s Lor\u00e1nd University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I106118109","host_organization_name":"E\u00f6tv\u00f6s Lor\u00e1nd University","host_organization_lineage":["https://openalex.org/I106118109"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/article"},{"id":"pmh:oai:doaj.org/article:7e3ab213ac024fafa106288506c5eb01","is_oa":true,"landing_page_url":"https://doaj.org/article/7e3ab213ac024fafa106288506c5eb01","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 12, Pp 55824-55842 (2024)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2024.3389955","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3389955","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10500698.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.6100000143051147,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4394862968.pdf","grobid_xml":"https://content.openalex.org/works/W4394862968.grobid-xml"},"referenced_works_count":39,"referenced_works":["https://openalex.org/W1486481742","https://openalex.org/W1541063262","https://openalex.org/W1554355587","https://openalex.org/W1761184020","https://openalex.org/W1952428424","https://openalex.org/W2017905406","https://openalex.org/W2027707376","https://openalex.org/W2106371080","https://openalex.org/W2107024044","https://openalex.org/W2170558780","https://openalex.org/W2290790037","https://openalex.org/W2624697062","https://openalex.org/W2769151743","https://openalex.org/W2804267743","https://openalex.org/W2811320115","https://openalex.org/W2937413037","https://openalex.org/W2982436708","https://openalex.org/W3026203297","https://openalex.org/W3033053557","https://openalex.org/W3100459919","https://openalex.org/W3106007553","https://openalex.org/W3124034595","https://openalex.org/W3132910239","https://openalex.org/W3201290592","https://openalex.org/W4200028713","https://openalex.org/W4230356182","https://openalex.org/W4233410239","https://openalex.org/W4240399292","https://openalex.org/W4285211649","https://openalex.org/W4285490477","https://openalex.org/W4301430471","https://openalex.org/W4313242379","https://openalex.org/W4319452871","https://openalex.org/W4360995220","https://openalex.org/W6751601040","https://openalex.org/W6769882938","https://openalex.org/W6789727051","https://openalex.org/W6849193571","https://openalex.org/W6892554611"],"related_works":["https://openalex.org/W1981466760","https://openalex.org/W2292865721","https://openalex.org/W2106371080","https://openalex.org/W4321227771","https://openalex.org/W2809528855","https://openalex.org/W2504614904","https://openalex.org/W1486481742","https://openalex.org/W2052691027","https://openalex.org/W3142482686","https://openalex.org/W3132910239"],"abstract_inverted_index":{"Various":[0],"static":[1,37,62,85,147],"code":[2],"analysis":[3,38,86,148],"tools":[4,39,109,127,149],"have":[5],"been":[6,103],"designed":[7],"with":[8],"the":[9,30,54,67,78,113,125,131,155],"aim":[10],"of":[11,32,80,112,124],"detecting":[12,41],"software":[13],"faults":[14],"and":[15,35,48],"security":[16,43,156],"vulnerabilities":[17,44,55,89,132,157],"automatically.":[18],"This":[19],"paper":[20],"aims":[21],"to":[22,28,76],"1)":[23],"Conduct":[24],"an":[25],"empirical":[26],"evaluation":[27],"assess":[29,77],"performance":[31],"five":[33,81,126],"free":[34],"state-of-the-art":[36,146],"in":[40,72,118,133,142,159],"Java":[42,63,84,114],"using":[45],"a":[46,73,160],"well-defined":[47],"repeatable":[49],"approach.":[50],"2)":[51],"Report":[52],"on":[53],"that":[56],"are":[57,150],"best":[58],"andworst":[59],"detected":[60,92,104],"by":[61,93,105],"analyzers.":[64],"We":[65,136],"used":[66,83],"Juliet":[68],"benchmark":[69],"test":[70,163],"suite":[71],"controlled":[74],"experiment":[75],"effectiveness":[79],"widely":[82],"tools.":[87,98,107],"The":[88,108],"were":[90],"successfully":[91],"one,":[94],"two,":[95],"or":[96],"three":[97],"Only":[99],"one":[100],"vulnerability":[101,115],"has":[102],"four":[106],"missed":[110],"13%":[111],"categories":[116],"appearing":[117],"our":[119,134],"experiment.":[120,135],"More":[121],"critically,":[122],"none":[123],"could":[128],"identify":[129],"all":[130],"conclude":[137],"that,":[138],"despite":[139],"recent":[140],"improvements":[141],"their":[143],"methodologies,":[144],"current":[145],"still":[151],"ineffective":[152],"for":[153],"identifying":[154],"occurring":[158],"small-scale,":[161],"artificial":[162],"suite.":[164]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":11},{"year":2024,"cited_by_count":4}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}