{"id":"https://openalex.org/W2294407885","doi":"https://doi.org/10.1109/msecp.2004.1281254","title":"Software security","display_name":"Software security","publication_year":2004,"publication_date":"2004-03-01","ids":{"openalex":"https://openalex.org/W2294407885","doi":"https://doi.org/10.1109/msecp.2004.1281254","mag":"2294407885"},"language":"en","primary_location":{"id":"doi:10.1109/msecp.2004.1281254","is_oa":false,"landing_page_url":"https://doi.org/10.1109/msecp.2004.1281254","pdf_url":null,"source":{"id":"https://openalex.org/S61906035","display_name":"IEEE Security & Privacy","issn_l":"1540-7993","issn":["1540-7993","1558-4046"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Security &amp; Privacy Magazine","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5028925951","display_name":"Gary McGraw","orcid":"https://orcid.org/0000-0003-2307-2739"},"institutions":[{"id":"https://openalex.org/I36326968","display_name":"InterDigital (United States)","ror":"https://ror.org/02w335z67","country_code":"US","type":"company","lineage":["https://openalex.org/I36326968"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"G. Mcgraw","raw_affiliation_strings":["Cigital, Inc"],"affiliations":[{"raw_affiliation_string":"Cigital, Inc","institution_ids":["https://openalex.org/I36326968"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5028925951"],"corresponding_institution_ids":["https://openalex.org/I36326968"],"apc_list":null,"apc_paid":null,"fwci":14.8622,"has_fulltext":false,"cited_by_count":500,"citation_normalized_percentile":{"value":0.99425167,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":99,"max":100},"biblio":{"volume":"2","issue":"2","first_page":"80","last_page":"83"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.8267863988876343},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.745274007320404},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7033272385597229},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6306944489479065},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5130223631858826},{"id":"https://openalex.org/keywords/buffer-overflow","display_name":"Buffer overflow","score":0.4751967191696167},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.46788305044174194},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.46477749943733215},{"id":"https://openalex.org/keywords/social-software-engineering","display_name":"Social software engineering","score":0.4643894135951996},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.4640677571296692},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.46340179443359375},{"id":"https://openalex.org/keywords/backporting","display_name":"Backporting","score":0.4591604471206665},{"id":"https://openalex.org/keywords/software-construction","display_name":"Software construction","score":0.45362889766693115},{"id":"https://openalex.org/keywords/software-system","display_name":"Software system","score":0.41778475046157837},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.414894700050354},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.3089616298675537},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.28454262018203735},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.2249312698841095},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.20704525709152222},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.14347752928733826},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.12974950671195984}],"concepts":[{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.8267863988876343},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.745274007320404},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7033272385597229},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6306944489479065},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5130223631858826},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.4751967191696167},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.46788305044174194},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.46477749943733215},{"id":"https://openalex.org/C182500959","wikidata":"https://www.wikidata.org/wiki/Q7551380","display_name":"Social software engineering","level":5,"score":0.4643894135951996},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.4640677571296692},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.46340179443359375},{"id":"https://openalex.org/C21491501","wikidata":"https://www.wikidata.org/wiki/Q430253","display_name":"Backporting","level":5,"score":0.4591604471206665},{"id":"https://openalex.org/C186846655","wikidata":"https://www.wikidata.org/wiki/Q3398377","display_name":"Software construction","level":4,"score":0.45362889766693115},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.41778475046157837},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.414894700050354},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.3089616298675537},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.28454262018203735},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.2249312698841095},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.20704525709152222},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.14347752928733826},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.12974950671195984}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/msecp.2004.1281254","is_oa":false,"landing_page_url":"https://doi.org/10.1109/msecp.2004.1281254","pdf_url":null,"source":{"id":"https://openalex.org/S61906035","display_name":"IEEE Security & Privacy","issn_l":"1540-7993","issn":["1540-7993","1558-4046"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Security &amp; Privacy Magazine","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":8,"referenced_works":["https://openalex.org/W1566733061","https://openalex.org/W1987302212","https://openalex.org/W1989449504","https://openalex.org/W1995421397","https://openalex.org/W2017484176","https://openalex.org/W2071245556","https://openalex.org/W2139810625","https://openalex.org/W4230725563"],"related_works":["https://openalex.org/W2155353733","https://openalex.org/W2293245356","https://openalex.org/W1983248291","https://openalex.org/W125279808","https://openalex.org/W2062583373","https://openalex.org/W1566131087","https://openalex.org/W2155206946","https://openalex.org/W2773767792","https://openalex.org/W2181627506","https://openalex.org/W4240401768"],"abstract_inverted_index":{"Software":[0,62],"security":[1,45,56,65,109,128],"is":[2,58,137],"the":[3,54,106,123,135],"idea":[4],"of":[5,53],"engineering":[6],"software":[7,44,60,100,103,131],"so":[8],"that":[9,40],"it":[10],"continues":[11],"to":[12,32,38,83,122],"function":[13],"correctly":[14],"under":[15],"malicious":[16,92],"attack.":[17],"Most":[18],"technologists":[19],"acknowledge":[20],"this":[21],"undertaking's":[22],"importance,":[23],"but":[24],"they":[25],"need":[26],"some":[27],"help":[28,41],"in":[29,130],"understanding":[30],"how":[31],"tackle":[33],"it.":[34],"The":[35],"article":[36],"aims":[37],"provide":[39],"by":[42,98],"exploring":[43],"best":[46],"practices.":[47],"A":[48],"central":[49],"and":[50,74,117,134],"critical":[51],"aspect":[52],"computer":[55],"problem":[57,136],"a":[59],"problem.":[61],"defects":[63],"with":[64,85,113],"ramifications,":[66],"including":[67],"implementation":[68],"bugs":[69],"such":[70,77],"as":[71,78],"buffer":[72],"overflows":[73],"design":[75],"flaws":[76],"inconsistent":[79],"error":[80],"handling,":[81],"promise":[82],"be":[84],"us":[86],"for":[87],"years.":[88],"All":[89],"too":[90],"often,":[91],"intruders":[93],"can":[94],"hack":[95],"into":[96],"systems":[97],"exploiting":[99],"defects.":[101],"Internet-enabled":[102],"applications":[104],"present":[105],"most":[107],"common":[108],"risk":[110],"encountered":[111],"today,":[112],"software's":[114],"ever-expanding":[115],"complexity":[116],"extensibility":[118],"adding":[119],"further":[120],"fuel":[121],"fire.":[124],"By":[125],"any":[126],"measure,":[127],"holes":[129],"are":[132],"common,":[133],"growing.":[138]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":43},{"year":2024,"cited_by_count":25},{"year":2023,"cited_by_count":22},{"year":2022,"cited_by_count":21},{"year":2021,"cited_by_count":30},{"year":2020,"cited_by_count":27},{"year":2019,"cited_by_count":32},{"year":2018,"cited_by_count":17},{"year":2017,"cited_by_count":19},{"year":2016,"cited_by_count":22},{"year":2015,"cited_by_count":24},{"year":2014,"cited_by_count":28},{"year":2013,"cited_by_count":26},{"year":2012,"cited_by_count":21}],"updated_date":"2026-04-20T07:46:08.049788","created_date":"2016-06-24T00:00:00"}