{"id":"https://openalex.org/W2088498570","doi":"https://doi.org/10.1109/esem.2009.5314215","title":"Security of open source web applications","display_name":"Security of open source web applications","publication_year":2009,"publication_date":"2009-10-01","ids":{"openalex":"https://openalex.org/W2088498570","doi":"https://doi.org/10.1109/esem.2009.5314215","mag":"2088498570"},"language":"en","primary_location":{"id":"doi:10.1109/esem.2009.5314215","is_oa":false,"landing_page_url":"https://doi.org/10.1109/esem.2009.5314215","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2009 3rd International Symposium on Empirical Software Engineering and Measurement","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5111856348","display_name":"James Wal","orcid":null},"institutions":[{"id":"https://openalex.org/I168416876","display_name":"Northern Kentucky University","ror":"https://ror.org/01k44g025","country_code":"US","type":"education","lineage":["https://openalex.org/I168416876"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"James Wal","raw_affiliation_strings":["Department of Computer Science Northern Kentucky University, Highland Heights, KY 41099#TAB#"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science Northern Kentucky University, Highland Heights, KY 41099#TAB#","institution_ids":["https://openalex.org/I168416876"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078849415","display_name":"Maureen Doyle","orcid":"https://orcid.org/0000-0001-7997-0939"},"institutions":[{"id":"https://openalex.org/I168416876","display_name":"Northern Kentucky University","ror":"https://ror.org/01k44g025","country_code":"US","type":"education","lineage":["https://openalex.org/I168416876"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Maureen Doyle","raw_affiliation_strings":["Department of Computer Science, Northern Kentucky University, Highland Heights, KY, USA","Department of Computer Science Northern Kentucky University, Highland Heights, KY 41099#TAB#"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Northern Kentucky University, Highland Heights, KY, USA","institution_ids":["https://openalex.org/I168416876"]},{"raw_affiliation_string":"Department of Computer Science Northern Kentucky University, Highland Heights, KY 41099#TAB#","institution_ids":["https://openalex.org/I168416876"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086745875","display_name":"Grant A. Welch","orcid":null},"institutions":[{"id":"https://openalex.org/I168416876","display_name":"Northern Kentucky University","ror":"https://ror.org/01k44g025","country_code":"US","type":"education","lineage":["https://openalex.org/I168416876"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Grant A. Welch","raw_affiliation_strings":["Department of Computer Science, Northern Kentucky University, Highland Heights, KY, USA","Department of Computer Science Northern Kentucky University, Highland Heights, KY 41099#TAB#"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Northern Kentucky University, Highland Heights, KY, USA","institution_ids":["https://openalex.org/I168416876"]},{"raw_affiliation_string":"Department of Computer Science Northern Kentucky University, Highland Heights, KY 41099#TAB#","institution_ids":["https://openalex.org/I168416876"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5056825882","display_name":"Michael Whelan","orcid":"https://orcid.org/0000-0003-1530-4528"},"institutions":[{"id":"https://openalex.org/I168416876","display_name":"Northern Kentucky University","ror":"https://ror.org/01k44g025","country_code":"US","type":"education","lineage":["https://openalex.org/I168416876"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael Whelan","raw_affiliation_strings":["Department of Computer Science, Northern Kentucky University, Highland Heights, KY, USA","Department of Computer Science Northern Kentucky University, Highland Heights, KY 41099#TAB#"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Northern Kentucky University, Highland Heights, KY, USA","institution_ids":["https://openalex.org/I168416876"]},{"raw_affiliation_string":"Department of Computer Science Northern Kentucky University, Highland Heights, KY 41099#TAB#","institution_ids":["https://openalex.org/I168416876"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5111856348"],"corresponding_institution_ids":["https://openalex.org/I168416876"],"apc_list":null,"apc_paid":null,"fwci":8.1433,"has_fulltext":false,"cited_by_count":54,"citation_normalized_percentile":{"value":0.97357414,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"545","last_page":"553"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cyclomatic-complexity","display_name":"Cyclomatic complexity","score":0.8843718767166138},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.8082830905914307},{"id":"https://openalex.org/keywords/open-source","display_name":"Open source","score":0.7005882263183594},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6699578166007996},{"id":"https://openalex.org/keywords/metric","display_name":"Metric (unit)","score":0.5342159867286682},{"id":"https://openalex.org/keywords/open-source-software","display_name":"Open source software","score":0.5167697668075562},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.5135231614112854},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4693630337715149},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.46828576922416687},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.4663272202014923},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.46584972739219666},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.43851515650749207},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.312772274017334},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1599988341331482},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.10439223051071167}],"concepts":[{"id":"https://openalex.org/C187303228","wikidata":"https://www.wikidata.org/wiki/Q867330","display_name":"Cyclomatic complexity","level":3,"score":0.8843718767166138},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.8082830905914307},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.7005882263183594},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6699578166007996},{"id":"https://openalex.org/C176217482","wikidata":"https://www.wikidata.org/wiki/Q860554","display_name":"Metric (unit)","level":2,"score":0.5342159867286682},{"id":"https://openalex.org/C2988343187","wikidata":"https://www.wikidata.org/wiki/Q1130645","display_name":"Open source software","level":3,"score":0.5167697668075562},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.5135231614112854},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4693630337715149},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.46828576922416687},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.4663272202014923},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.46584972739219666},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.43851515650749207},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.312772274017334},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1599988341331482},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.10439223051071167},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/esem.2009.5314215","is_oa":false,"landing_page_url":"https://doi.org/10.1109/esem.2009.5314215","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2009 3rd International Symposium on Empirical Software Engineering and Measurement","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W172316423","https://openalex.org/W1840884391","https://openalex.org/W1964962870","https://openalex.org/W1986736724","https://openalex.org/W2037124948","https://openalex.org/W2069205948","https://openalex.org/W2082314767","https://openalex.org/W2085925880","https://openalex.org/W2100945416","https://openalex.org/W2105300539","https://openalex.org/W2137789775","https://openalex.org/W2201842861","https://openalex.org/W4252675558","https://openalex.org/W4296394699","https://openalex.org/W4300870773","https://openalex.org/W6607023274"],"related_works":["https://openalex.org/W4376877853","https://openalex.org/W1493891899","https://openalex.org/W4250928611","https://openalex.org/W166480398","https://openalex.org/W1612808768","https://openalex.org/W2113128227","https://openalex.org/W2491403535","https://openalex.org/W632256878","https://openalex.org/W2104915799","https://openalex.org/W4311938462"],"abstract_inverted_index":{"In":[0],"an":[1],"empirical":[2],"study":[3],"of":[4,19,52,59,68],"fourteen":[5,70],"widely":[6],"used":[7],"open":[8],"source":[9,140],"PHP":[10],"Web":[11],"applications,":[12],"we":[13,84],"found":[14,85],"that":[15],"the":[16,20,50,53,56,69,73,138],"vulnerability":[17,42,63,99,131],"density":[18,64,100,134],"aggregate":[21],"code":[22,108,141],"base":[23],"decreased":[24],"from":[25,30,45],"8.88":[26],"vulnerabilities/KLOC":[27],"to":[28,33,47,86],"3.30":[29],"Summer":[31,34],"2006":[32],"2008.":[35],"Individual":[36],"web":[37],"applications":[38,71],"varied":[39],"widely,":[40],"with":[41,96,130],"densities":[43],"ranging":[44],"0":[46],"121.4":[48],"at":[49,128],"beginning":[51],"study.":[54],"While":[55],"total":[57],"number":[58],"security":[60,79],"problems":[61],"decreased,":[62],"increased":[65],"in":[66,98],"eight":[67],"over":[72,101],"analysis":[74,144],"period.":[75],"We":[76],"developed":[77],"a":[78],"resources":[80],"indicator":[81],"metric,":[82],"which":[83],"be":[87],"strongly":[88],"correlated":[89],"(rho":[90,125],"=":[91,126],"0.67,":[92],"p":[93],"<":[94,119],"0.05)":[95,120],"change":[97],"time.":[102],"Traditional":[103],"software":[104],"metrics,":[105],"such":[106],"as":[107],"size,":[109],"cyclomatic":[110],"complexity,":[111,113],"nesting":[112],"and":[114],"churn,":[115],"had":[116],"significant":[117],"(p":[118],"but":[121],"much":[122],"smaller":[123],"correlations":[124],"0.31":[127],"best)":[129],"density.":[132],"Vulnerability":[133],"was":[135],"measured":[136],"using":[137],"fortify":[139],"analyzer":[142],"static":[143],"tool.":[145]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":4},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":3},{"year":2018,"cited_by_count":8},{"year":2017,"cited_by_count":4},{"year":2016,"cited_by_count":3},{"year":2015,"cited_by_count":2},{"year":2014,"cited_by_count":7},{"year":2013,"cited_by_count":6},{"year":2012,"cited_by_count":5}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}