{"id":"https://openalex.org/W4416961944","doi":"https://doi.org/10.1109/pst65910.2025.11268853","title":"A Static Analysis of Popular C Packages in Linux","display_name":"A Static Analysis of Popular C Packages in Linux","publication_year":2025,"publication_date":"2025-08-26","ids":{"openalex":"https://openalex.org/W4416961944","doi":"https://doi.org/10.1109/pst65910.2025.11268853"},"language":"en","primary_location":{"id":"doi:10.1109/pst65910.2025.11268853","is_oa":false,"landing_page_url":"https://doi.org/10.1109/pst65910.2025.11268853","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://portal.findresearcher.sdu.dk/files/300667851/2409.18530v2.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5045061250","display_name":"Jukka Ruohonen","orcid":"https://orcid.org/0000-0001-5147-3084"},"institutions":[{"id":"https://openalex.org/I177969490","display_name":"University of Southern Denmark","ror":"https://ror.org/03yrrjy16","country_code":"DK","type":"education","lineage":["https://openalex.org/I177969490"]}],"countries":["DK"],"is_corresponding":true,"raw_author_name":"Jukka Ruohonen","raw_affiliation_strings":["University of Southern,Denmark"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Southern,Denmark","institution_ids":["https://openalex.org/I177969490"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100494657","display_name":"Mubashrah Saddiqa","orcid":null},"institutions":[{"id":"https://openalex.org/I177969490","display_name":"University of Southern Denmark","ror":"https://ror.org/03yrrjy16","country_code":"DK","type":"education","lineage":["https://openalex.org/I177969490"]}],"countries":["DK"],"is_corresponding":false,"raw_author_name":"Mubashrah Saddiqa","raw_affiliation_strings":["University of Southern,Denmark"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Southern,Denmark","institution_ids":["https://openalex.org/I177969490"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5004029205","display_name":"Krzysztof Sierszecki","orcid":null},"institutions":[{"id":"https://openalex.org/I177969490","display_name":"University of Southern Denmark","ror":"https://ror.org/03yrrjy16","country_code":"DK","type":"education","lineage":["https://openalex.org/I177969490"]}],"countries":["DK"],"is_corresponding":false,"raw_author_name":"Krzysztof Sierszecki","raw_affiliation_strings":["University of Southern,Denmark"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Southern,Denmark","institution_ids":["https://openalex.org/I177969490"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5045061250"],"corresponding_institution_ids":["https://openalex.org/I177969490"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.19096977,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.388700008392334,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.388700008392334,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.1703999936580658,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.09470000118017197,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.6567000150680542},{"id":"https://openalex.org/keywords/memory-safety","display_name":"Memory safety","score":0.5562000274658203},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5479000210762024},{"id":"https://openalex.org/keywords/software-quality","display_name":"Software quality","score":0.5379999876022339},{"id":"https://openalex.org/keywords/compiler","display_name":"Compiler","score":0.52920001745224},{"id":"https://openalex.org/keywords/static-program-analysis","display_name":"Static program analysis","score":0.49900001287460327},{"id":"https://openalex.org/keywords/pointer","display_name":"Pointer (user interface)","score":0.48399999737739563},{"id":"https://openalex.org/keywords/spectrum-analyzer","display_name":"Spectrum analyzer","score":0.44440001249313354}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8036999702453613},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.6567000150680542},{"id":"https://openalex.org/C28180684","wikidata":"https://www.wikidata.org/wiki/Q4080983","display_name":"Memory safety","level":3,"score":0.5562000274658203},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5479000210762024},{"id":"https://openalex.org/C117447612","wikidata":"https://www.wikidata.org/wiki/Q1412670","display_name":"Software quality","level":4,"score":0.5379999876022339},{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.52920001745224},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.49900001287460327},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.4846999943256378},{"id":"https://openalex.org/C150202949","wikidata":"https://www.wikidata.org/wiki/Q107602","display_name":"Pointer (user interface)","level":2,"score":0.48399999737739563},{"id":"https://openalex.org/C158007255","wikidata":"https://www.wikidata.org/wiki/Q1055222","display_name":"Spectrum analyzer","level":2,"score":0.44440001249313354},{"id":"https://openalex.org/C7263679","wikidata":"https://www.wikidata.org/wiki/Q5978076","display_name":"Pointer analysis","level":3,"score":0.429500013589859},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.3840000033378601},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.350600004196167},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.33059999346733093},{"id":"https://openalex.org/C2779530757","wikidata":"https://www.wikidata.org/wiki/Q1207505","display_name":"Quality (philosophy)","level":2,"score":0.32249999046325684},{"id":"https://openalex.org/C156731835","wikidata":"https://www.wikidata.org/wiki/Q751740","display_name":"Memory leak","level":4,"score":0.32089999318122864},{"id":"https://openalex.org/C2780654840","wikidata":"https://www.wikidata.org/wiki/Q333341","display_name":"Abstract interpretation","level":2,"score":0.3140999972820282},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.2890999913215637},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.2827000021934509},{"id":"https://openalex.org/C199519371","wikidata":"https://www.wikidata.org/wiki/Q942695","display_name":"Source lines of code","level":3,"score":0.2721000015735626},{"id":"https://openalex.org/C178059732","wikidata":"https://www.wikidata.org/wiki/Q1982529","display_name":"Software performance testing","level":5,"score":0.26759999990463257},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.2615000009536743},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.2597000002861023}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/pst65910.2025.11268853","is_oa":false,"landing_page_url":"https://doi.org/10.1109/pst65910.2025.11268853","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)","raw_type":"proceedings-article"},{"id":"pmh:oai:sdu.dk:openaire/a2ff2ca8-dc28-4835-a704-e24e230ebc2a","is_oa":true,"landing_page_url":"https://portal.findresearcher.sdu.dk/da/publications/a2ff2ca8-dc28-4835-a704-e24e230ebc2a","pdf_url":"https://portal.findresearcher.sdu.dk/files/300667851/2409.18530v2.pdf","source":{"id":"https://openalex.org/S4306400423","display_name":"University of Southern Denmark Research Portal (University of Southern Denmark)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I177969490","host_organization_name":"University of Southern Denmark","host_organization_lineage":["https://openalex.org/I177969490"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Ruohonen, J, Saddiqa, M & Sierszecki, K 2025, A Static Analysis of Popular C Packages in Linux. in 2025 22nd Annual International Conference on Privacy, Security, and Trust (PST). IEEE, Proceedings - Annual International Conference on Privacy, Security, and Trust. https://doi.org/10.1109/PST65910.2025.11268853","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"pmh:oai:sdu.dk:openaire/a2ff2ca8-dc28-4835-a704-e24e230ebc2a","is_oa":true,"landing_page_url":"https://portal.findresearcher.sdu.dk/da/publications/a2ff2ca8-dc28-4835-a704-e24e230ebc2a","pdf_url":"https://portal.findresearcher.sdu.dk/files/300667851/2409.18530v2.pdf","source":{"id":"https://openalex.org/S4306400423","display_name":"University of Southern Denmark Research Portal (University of Southern Denmark)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I177969490","host_organization_name":"University of Southern Denmark","host_organization_lineage":["https://openalex.org/I177969490"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Ruohonen, J, Saddiqa, M & Sierszecki, K 2025, A Static Analysis of Popular C Packages in Linux. in 2025 22nd Annual International Conference on Privacy, Security, and Trust (PST). IEEE, Proceedings - Annual International Conference on Privacy, Security, and Trust. https://doi.org/10.1109/PST65910.2025.11268853","raw_type":"info:eu-repo/semantics/publishedVersion"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4416961944.pdf","grobid_xml":"https://content.openalex.org/works/W4416961944.grobid-xml"},"referenced_works_count":57,"referenced_works":["https://openalex.org/W814172419","https://openalex.org/W1554355587","https://openalex.org/W1577168383","https://openalex.org/W1761184020","https://openalex.org/W1970656444","https://openalex.org/W1979912570","https://openalex.org/W1989657183","https://openalex.org/W2007425631","https://openalex.org/W2022779154","https://openalex.org/W2036398651","https://openalex.org/W2040739365","https://openalex.org/W2049992102","https://openalex.org/W2137726309","https://openalex.org/W2169503241","https://openalex.org/W2529650839","https://openalex.org/W2612883158","https://openalex.org/W2646484260","https://openalex.org/W2767357856","https://openalex.org/W2783240554","https://openalex.org/W2795566764","https://openalex.org/W2804267743","https://openalex.org/W2809507965","https://openalex.org/W2903126489","https://openalex.org/W2905224986","https://openalex.org/W2936268283","https://openalex.org/W2963531473","https://openalex.org/W2990685757","https://openalex.org/W3006186133","https://openalex.org/W3013132547","https://openalex.org/W3093633035","https://openalex.org/W3104759514","https://openalex.org/W3111143909","https://openalex.org/W3117078320","https://openalex.org/W3153018678","https://openalex.org/W3162016526","https://openalex.org/W3173990398","https://openalex.org/W3187000578","https://openalex.org/W3199348584","https://openalex.org/W3202871865","https://openalex.org/W3214263053","https://openalex.org/W3216707822","https://openalex.org/W4247009034","https://openalex.org/W4247128285","https://openalex.org/W4285987996","https://openalex.org/W4308115407","https://openalex.org/W4384026546","https://openalex.org/W4384345657","https://openalex.org/W4386232322","https://openalex.org/W4388240263","https://openalex.org/W4388568365","https://openalex.org/W4388857107","https://openalex.org/W4389544206","https://openalex.org/W4400976386","https://openalex.org/W4402457571","https://openalex.org/W4405846199","https://openalex.org/W4407248304","https://openalex.org/W6959659194"],"related_works":[],"abstract_inverted_index":{"Static":[0],"analysis":[1],"is":[2,45,162],"a":[3,17,103,110,160],"classical":[4],"technique":[5],"for":[6,121],"improving":[7],"software":[8,11,154],"security":[9],"and":[10,78,156],"quality":[12,155],"in":[13,23,50,59],"general.":[14],"Fairly":[15],"recently,":[16],"new":[18],"static":[19],"analyzer":[20,35],"was":[21],"implemented":[22],"the":[24,33,51,74,84,90,108,128,131,143,147,168],"GNU":[25],"Compiler":[26],"Collection":[27],"(GCC).":[28],"The":[29,42,99],"present":[30,120],"paper":[31,144],"uses":[32],"GCC\u2019s":[34],"to":[36,73,89,146],"empirically":[37],"examine":[38],"popular":[39],"Linux":[40,53],"packages.":[41,129],"dataset":[43],"used":[44],"based":[46],"on":[47,153],"those":[48],"packages":[49,69,112],"Gentoo":[52],"distribution":[54,106],"that":[55],"are":[56,70,83,96,113,119],"either":[57],"written":[58],"C":[60,63],"or":[61],"contain":[62],"code.":[64],"In":[65,158],"total,":[66],"3,538":[67],"such":[68],"covered.":[71],"According":[72],"results,":[75,142],"uninitialized":[76],"variables":[77],"NULL":[79],"pointer":[80],"dereference":[81],"issues":[82,95],"most":[85],"common":[86],"problems":[87],"according":[88],"analyzer.":[91],"Classical":[92],"memory":[93],"management":[94],"relatively":[97],"rare.":[98],"warnings":[100,118,132],"also":[101],"follow":[102],"long-tailed":[104],"probability":[105],"across":[107,136],"packages;":[109],"few":[111],"highly":[114],"warning-prone,":[115],"whereas":[116],"no":[117],"as":[122,124],"much":[123],"$89":[125],"\\%$":[126],"of":[127,149,167],"Furthermore,":[130],"do":[133],"not":[134],"vary":[135],"different":[137],"application":[138],"domains.":[139],"With":[140],"these":[141],"contributes":[145],"domain":[148],"large-scale":[150],"empirical":[151],"research":[152],"security.":[157],"addition,":[159],"discussion":[161],"presented":[163],"about":[164],"practical":[165],"implications":[166],"results.":[169]},"counts_by_year":[],"updated_date":"2026-05-09T13:55:54.758798","created_date":"2025-12-03T00:00:00"}