{"id":"https://openalex.org/W2565690877","doi":"https://doi.org/10.1109/edcc.2016.34","title":"Software Metrics and Security Vulnerabilities: Dataset and Exploratory Study","display_name":"Software Metrics and Security Vulnerabilities: Dataset and Exploratory Study","publication_year":2016,"publication_date":"2016-09-01","ids":{"openalex":"https://openalex.org/W2565690877","doi":"https://doi.org/10.1109/edcc.2016.34","mag":"2565690877"},"language":"en","primary_location":{"id":"doi:10.1109/edcc.2016.34","is_oa":false,"landing_page_url":"https://doi.org/10.1109/edcc.2016.34","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 12th European Dependable Computing Conference (EDCC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5048235576","display_name":"Henrique Alves","orcid":null},"institutions":[{"id":"https://openalex.org/I79889768","display_name":"Universidade Federal de Alagoas","ror":"https://ror.org/00dna7t83","country_code":"BR","type":"education","lineage":["https://openalex.org/I79889768"]}],"countries":["BR"],"is_corresponding":true,"raw_author_name":"Henrique Alves","raw_affiliation_strings":["Instituto de Computa\u00e7\u00e3o, Universidade Federal de Alagoas, Macei\u00f3, AL, Brazil"],"affiliations":[{"raw_affiliation_string":"Instituto de Computa\u00e7\u00e3o, Universidade Federal de Alagoas, Macei\u00f3, AL, Brazil","institution_ids":["https://openalex.org/I79889768"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090231856","display_name":"Baldo\u00edno Fonseca","orcid":"https://orcid.org/0000-0002-0730-0319"},"institutions":[{"id":"https://openalex.org/I79889768","display_name":"Universidade Federal de Alagoas","ror":"https://ror.org/00dna7t83","country_code":"BR","type":"education","lineage":["https://openalex.org/I79889768"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Baldoino Fonseca","raw_affiliation_strings":["Instituto de Computa\u00e7\u00e3o, Universidade Federal de Alagoas, Macei\u00f3, AL, Brazil"],"affiliations":[{"raw_affiliation_string":"Instituto de Computa\u00e7\u00e3o, Universidade Federal de Alagoas, Macei\u00f3, AL, Brazil","institution_ids":["https://openalex.org/I79889768"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5030619096","display_name":"Nuno Antunes","orcid":"https://orcid.org/0000-0002-6044-4012"},"institutions":[{"id":"https://openalex.org/I76903346","display_name":"University of Coimbra","ror":"https://ror.org/04z8k9a98","country_code":"PT","type":"education","lineage":["https://openalex.org/I76903346"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Nuno Antunes","raw_affiliation_strings":["CISUC, University of Coimbra, Coimbra, Portugal"],"affiliations":[{"raw_affiliation_string":"CISUC, University of Coimbra, Coimbra, Portugal","institution_ids":["https://openalex.org/I76903346"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5048235576"],"corresponding_institution_ids":["https://openalex.org/I79889768"],"apc_list":null,"apc_paid":null,"fwci":9.2887,"has_fulltext":false,"cited_by_count":72,"citation_normalized_percentile":{"value":0.97842119,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9932000041007996,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8012436032295227},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.7324113249778748},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.6008028984069824},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5955137014389038},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5460739731788635},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.4975326359272003},{"id":"https://openalex.org/keywords/kernel","display_name":"Kernel (algebra)","score":0.4837043881416321},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4723525941371918},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.47176507115364075},{"id":"https://openalex.org/keywords/software-metric","display_name":"Software metric","score":0.4646534323692322},{"id":"https://openalex.org/keywords/hypervisor","display_name":"Hypervisor","score":0.4202726483345032},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.41692113876342773},{"id":"https://openalex.org/keywords/software-quality","display_name":"Software quality","score":0.39193016290664673},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3802623748779297},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3458960950374603},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.22722461819648743},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.19469821453094482},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1930902898311615},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.19032350182533264},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1802082359790802},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.15730074048042297},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.0812729001045227}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8012436032295227},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.7324113249778748},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.6008028984069824},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5955137014389038},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5460739731788635},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.4975326359272003},{"id":"https://openalex.org/C74193536","wikidata":"https://www.wikidata.org/wiki/Q574844","display_name":"Kernel (algebra)","level":2,"score":0.4837043881416321},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4723525941371918},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.47176507115364075},{"id":"https://openalex.org/C82214349","wikidata":"https://www.wikidata.org/wiki/Q657339","display_name":"Software metric","level":5,"score":0.4646534323692322},{"id":"https://openalex.org/C112904061","wikidata":"https://www.wikidata.org/wiki/Q1077480","display_name":"Hypervisor","level":4,"score":0.4202726483345032},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.41692113876342773},{"id":"https://openalex.org/C117447612","wikidata":"https://www.wikidata.org/wiki/Q1412670","display_name":"Software quality","level":4,"score":0.39193016290664673},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3802623748779297},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3458960950374603},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.22722461819648743},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.19469821453094482},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1930902898311615},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.19032350182533264},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1802082359790802},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.15730074048042297},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0812729001045227},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/edcc.2016.34","is_oa":false,"landing_page_url":"https://doi.org/10.1109/edcc.2016.34","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 12th European Dependable Computing Conference (EDCC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7400000095367432,"display_name":"Reduced inequalities","id":"https://metadata.un.org/sdg/10"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W1968572451","https://openalex.org/W2002664886","https://openalex.org/W2004758929","https://openalex.org/W2015729052","https://openalex.org/W2043837581","https://openalex.org/W2055765785","https://openalex.org/W2067148378","https://openalex.org/W2079753286","https://openalex.org/W2100925270","https://openalex.org/W2113693268","https://openalex.org/W2153887189","https://openalex.org/W2159610968","https://openalex.org/W2160958420","https://openalex.org/W2161407365","https://openalex.org/W2166336492","https://openalex.org/W3141989311","https://openalex.org/W4233650164"],"related_works":["https://openalex.org/W2007984522","https://openalex.org/W4213233191","https://openalex.org/W2982411552","https://openalex.org/W2123493477","https://openalex.org/W2769123984","https://openalex.org/W2518040442","https://openalex.org/W2061533417","https://openalex.org/W2885373340","https://openalex.org/W3120291408","https://openalex.org/W4308348296"],"abstract_inverted_index":{"Code":[0],"with":[1,57,75],"certain":[2],"characteristics":[3],"is":[4,21,29,64,151],"more":[5,30],"prone":[6],"to":[7,23,32,71,97,126,142,154,180],"have":[8,33,181],"security":[9,68],"vulnerabilities.":[10,61,134],"In":[11,40],"fact,":[12],"studies":[13],"show":[14,136],"that":[15,94,137,175],"code":[16],"not":[17,152],"following":[18],"best":[19],"practices":[20],"harder":[22],"verify":[24],"and":[25,27,77,84,105,114,118,131,145,161],"maintain,":[26],"consequently":[28],"probable":[31,179],"vulnerabilities":[34,78,165,183],"left":[35],"unnoticed":[36],"or":[37],"inadvertently":[38],"introduced.":[39],"this":[41],"experience":[42],"report,":[43],"we":[44],"study":[45],"whether":[46],"software":[47,109,138],"metrics":[48,76,110,123,139,160],"can":[49],"reflect":[50],"such":[51],"characteristics,":[52],"thus":[53],"having":[54],"some":[55],"correlation":[56,116],"the":[58,81,132,162,168,172,185],"existence":[59],"of":[60,86,89,164],"The":[62],"analysis":[63],"based":[65],"on":[66,121],"2875":[67],"patches,":[69],"used":[70,92,115],"build":[72],"a":[73],"dataset":[74],"for":[79],"all":[80],"functions,":[82,148],"classes":[83],"files":[85],"5750":[87],"versions":[88],"five":[90],"widely":[91],"projects":[93],"are":[95,140,178],"exposed":[96],"attacks:":[98],"Linux":[99],"Kernel,":[100],"Mozilla,":[101],"Xen":[102],"Hypervisor,":[103],"httpd":[104],"glibc.":[106],"We":[107],"calculated":[108],"from":[111],"their":[112],"sources":[113],"algorithm":[117],"statistical":[119],"tests":[120],"these":[122,159],"in":[124,167,184],"order":[125],"identify":[127],"relations":[128],"between":[129,158],"them":[130],"existing":[133,166],"Results":[135],"able":[141],"discriminate":[143],"vulnerable":[144,147,176],"non":[146],"but":[149],"it":[150],"possible":[153],"find":[155],"strong":[156],"correlations":[157],"number":[163],"analyzed":[169],"functions.":[170],"Finally,":[171],"results":[173],"indicate":[174],"functions":[177],"other":[182],"future.":[186]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":12},{"year":2022,"cited_by_count":7},{"year":2021,"cited_by_count":14},{"year":2020,"cited_by_count":13},{"year":2019,"cited_by_count":5},{"year":2018,"cited_by_count":6},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}