{"id":"https://openalex.org/W2105131482","doi":"https://doi.org/10.1109/scam.2015.7335423","title":"Improving prioritization of software weaknesses using security models with AVUS","display_name":"Improving prioritization of software weaknesses using security models with AVUS","publication_year":2015,"publication_date":"2015-09-01","ids":{"openalex":"https://openalex.org/W2105131482","doi":"https://doi.org/10.1109/scam.2015.7335423","mag":"2105131482"},"language":"en","primary_location":{"id":"doi:10.1109/scam.2015.7335423","is_oa":false,"landing_page_url":"https://doi.org/10.1109/scam.2015.7335423","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IEEE 15th International Working Conference on Source Code Analysis and Manipulation (SCAM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5089581724","display_name":"Stephan Renatus","orcid":null},"institutions":[{"id":"https://openalex.org/I4210136922","display_name":"Fraunhofer Institute for Applied and Integrated Security","ror":"https://ror.org/03w0bbr97","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210136922","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Stephan Renatus","raw_affiliation_strings":["Fraunhofer Institute for Applied and Integrated Security AISEC, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer Institute for Applied and Integrated Security AISEC, Germany","institution_ids":["https://openalex.org/I4210136922"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001496266","display_name":"Corrie Bartelheimer","orcid":null},"institutions":[{"id":"https://openalex.org/I4210136922","display_name":"Fraunhofer Institute for Applied and Integrated Security","ror":"https://ror.org/03w0bbr97","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210136922","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Corrie Bartelheimer","raw_affiliation_strings":["Fraunhofer Institute for Applied and Integrated Security AISEC, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer Institute for Applied and Integrated Security AISEC, Germany","institution_ids":["https://openalex.org/I4210136922"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102942428","display_name":"J\u00f6rn Eichler","orcid":null},"institutions":[{"id":"https://openalex.org/I4210136922","display_name":"Fraunhofer Institute for Applied and Integrated Security","ror":"https://ror.org/03w0bbr97","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210136922","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Jorn Eichler","raw_affiliation_strings":["Fraunhofer Institute for Applied and Integrated Security AISEC, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer Institute for Applied and Integrated Security AISEC, Germany","institution_ids":["https://openalex.org/I4210136922"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5089581724"],"corresponding_institution_ids":["https://openalex.org/I4210136922"],"apc_list":null,"apc_paid":null,"fwci":1.1061,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.79793914,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"259","last_page":"264"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/prioritization","display_name":"Prioritization","score":0.7924443483352661},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7743790149688721},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.734291136264801},{"id":"https://openalex.org/keywords/strengths-and-weaknesses","display_name":"Strengths and weaknesses","score":0.6388500332832336},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.548978328704834},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5434387922286987},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.45471569895744324},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4365730285644531},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3127855658531189},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.2987824082374573},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.21791493892669678},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.21125787496566772},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.15225747227668762},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.13374024629592896},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.12719807028770447}],"concepts":[{"id":"https://openalex.org/C2777615720","wikidata":"https://www.wikidata.org/wiki/Q11888847","display_name":"Prioritization","level":2,"score":0.7924443483352661},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7743790149688721},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.734291136264801},{"id":"https://openalex.org/C63882131","wikidata":"https://www.wikidata.org/wiki/Q17122954","display_name":"Strengths and weaknesses","level":2,"score":0.6388500332832336},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.548978328704834},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5434387922286987},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.45471569895744324},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4365730285644531},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3127855658531189},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2987824082374573},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.21791493892669678},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.21125787496566772},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.15225747227668762},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.13374024629592896},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.12719807028770447},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/scam.2015.7335423","is_oa":false,"landing_page_url":"https://doi.org/10.1109/scam.2015.7335423","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IEEE 15th International Working Conference on Source Code Analysis and Manipulation (SCAM)","raw_type":"proceedings-article"},{"id":"pmh:oai:publica.fraunhofer.de:publica/392652","is_oa":false,"landing_page_url":"https://publica.fraunhofer.de/handle/publica/392652","pdf_url":null,"source":{"id":"https://openalex.org/S4306400318","display_name":"Fraunhofer-Publica (Fraunhofer-Gesellschaft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4923324","host_organization_name":"Fraunhofer-Gesellschaft","host_organization_lineage":["https://openalex.org/I4923324"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"conference paper"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320321114","display_name":"Bundesministerium f\u00fcr Bildung und Forschung","ror":"https://ror.org/04pz7b180"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W384698140","https://openalex.org/W1556536463","https://openalex.org/W1614831649","https://openalex.org/W1973468708","https://openalex.org/W1985324839","https://openalex.org/W2021672791","https://openalex.org/W2044625105","https://openalex.org/W2055825418","https://openalex.org/W2064296229","https://openalex.org/W2078393527","https://openalex.org/W2119736157","https://openalex.org/W2137549954","https://openalex.org/W2137726309","https://openalex.org/W2166336492","https://openalex.org/W2344058806","https://openalex.org/W2484718575","https://openalex.org/W2544312844","https://openalex.org/W2620244897","https://openalex.org/W3016326598","https://openalex.org/W4231021522","https://openalex.org/W4232746323","https://openalex.org/W4233410239","https://openalex.org/W4242640931","https://openalex.org/W4254666025","https://openalex.org/W6636530626","https://openalex.org/W6704699803"],"related_works":["https://openalex.org/W2120086576","https://openalex.org/W4232396753","https://openalex.org/W2252827360","https://openalex.org/W2369652520","https://openalex.org/W2204102791","https://openalex.org/W2349004912","https://openalex.org/W2126513753","https://openalex.org/W2164920192","https://openalex.org/W2164556837","https://openalex.org/W2028922190"],"abstract_inverted_index":{"Testing":[0],"tools":[1,32,43],"for":[2],"application":[3,118],"security":[4,52,94,119],"have":[5],"become":[6],"an":[7],"integral":[8],"part":[9],"of":[10,25,54,67,87,113],"secure":[11],"development":[12],"life-cycles.":[13],"Despite":[14],"their":[15],"ability":[16],"to":[17,36,50,91,104],"spot":[18],"important":[19],"software":[20,88],"weaknesses,":[21],"the":[22,51,70,111],"high":[23],"number":[24],"findings":[26,112],"require":[27],"rigorous":[28],"prioritization.":[29,38],"Most":[30],"testing":[31,120],"provide":[33],"generic":[34],"ratings":[35,40,86],"support":[37],"Unfortunately,":[39],"from":[41],"established":[42],"lack":[44],"context":[45],"information":[46],"especially":[47],"with":[48],"regard":[49],"requirements":[53],"respective":[55],"components":[56],"or":[57],"source":[58,108],"code.":[59],"Thus":[60],"experts":[61],"often":[62],"spend":[63],"a":[64,92,99,105,114],"great":[65],"deal":[66],"time":[68],"re-assessing":[69],"prioritization":[71],"provided":[72],"by":[73],"these":[74],"tools.":[75],"This":[76],"paper":[77],"introduces":[78],"our":[79],"lightweight":[80],"tool":[81],"AVUS":[82,103],"that":[83],"adjusts":[84],"context-free":[85],"weaknesses":[89],"according":[90],"user-defined":[93],"model.":[95],"We":[96],"also":[97],"present":[98],"first":[100],"evaluation":[101],"applying":[102],"well-known":[106],"open":[107],"project":[109],"and":[110],"popular,":[115],"commercially":[116],"available":[117],"tool.":[121]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2018,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}