{"id":"https://openalex.org/W2080505894","doi":"https://doi.org/10.1109/tr.2013.2257052","title":"Vulnerability Scrying Method for Software Vulnerability Discovery Prediction Without a Vulnerability Database","display_name":"Vulnerability Scrying Method for Software Vulnerability Discovery Prediction Without a Vulnerability Database","publication_year":2013,"publication_date":"2013-04-16","ids":{"openalex":"https://openalex.org/W2080505894","doi":"https://doi.org/10.1109/tr.2013.2257052","mag":"2080505894"},"language":"en","primary_location":{"id":"doi:10.1109/tr.2013.2257052","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tr.2013.2257052","pdf_url":null,"source":{"id":"https://openalex.org/S87725633","display_name":"IEEE Transactions on Reliability","issn_l":"0018-9529","issn":["0018-9529","1558-1721"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Reliability","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5111489218","display_name":"S. Rahimi","orcid":null},"institutions":[{"id":"https://openalex.org/I110378019","display_name":"Southern Illinois University Carbondale","ror":"https://ror.org/049kefs16","country_code":"US","type":"education","lineage":["https://openalex.org/I110378019","https://openalex.org/I2801502357"]},{"id":"https://openalex.org/I4210094983","display_name":"ScienceSouth","ror":"https://ror.org/00my6s217","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I4210094983"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"S. Rahimi","raw_affiliation_strings":["Department of Computer Science, Southern Illinois University, Carbondale, IL, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Southern Illinois University, Carbondale, IL, USA","institution_ids":["https://openalex.org/I110378019","https://openalex.org/I4210094983"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5088259960","display_name":"Mehdi R. Zargham","orcid":null},"institutions":[{"id":"https://openalex.org/I110378019","display_name":"Southern Illinois University Carbondale","ror":"https://ror.org/049kefs16","country_code":"US","type":"education","lineage":["https://openalex.org/I110378019","https://openalex.org/I2801502357"]},{"id":"https://openalex.org/I4210094983","display_name":"ScienceSouth","ror":"https://ror.org/00my6s217","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I4210094983"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"M. Zargham","raw_affiliation_strings":["Department of Computer Science, Southern Illinois University, Carbondale, IL, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Southern Illinois University, Carbondale, IL, USA","institution_ids":["https://openalex.org/I110378019","https://openalex.org/I4210094983"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5111489218"],"corresponding_institution_ids":["https://openalex.org/I110378019","https://openalex.org/I4210094983"],"apc_list":null,"apc_paid":null,"fwci":9.8878,"has_fulltext":false,"cited_by_count":62,"citation_normalized_percentile":{"value":0.9771585,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"62","issue":"2","first_page":"395","last_page":"407"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.786231517791748},{"id":"https://openalex.org/keywords/software-quality","display_name":"Software quality","score":0.5963513851165771},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5351178646087646},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5215259194374084},{"id":"https://openalex.org/keywords/codebase","display_name":"Codebase","score":0.4972997009754181},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.47161391377449036},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.4500097930431366},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.4386344254016876},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.42047154903411865},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3646745979785919},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.30606770515441895},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2188034951686859},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.11399269104003906},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.09052413702011108}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.786231517791748},{"id":"https://openalex.org/C117447612","wikidata":"https://www.wikidata.org/wiki/Q1412670","display_name":"Software quality","level":4,"score":0.5963513851165771},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5351178646087646},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5215259194374084},{"id":"https://openalex.org/C51929080","wikidata":"https://www.wikidata.org/wiki/Q2425187","display_name":"Codebase","level":3,"score":0.4972997009754181},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.47161391377449036},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.4500097930431366},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.4386344254016876},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.42047154903411865},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3646745979785919},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.30606770515441895},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2188034951686859},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.11399269104003906},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.09052413702011108},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tr.2013.2257052","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tr.2013.2257052","pdf_url":null,"source":{"id":"https://openalex.org/S87725633","display_name":"IEEE Transactions on Reliability","issn_l":"0018-9529","issn":["0018-9529","1558-1721"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Reliability","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7699999809265137,"id":"https://metadata.un.org/sdg/13","display_name":"Climate action"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":40,"referenced_works":["https://openalex.org/W207286245","https://openalex.org/W1490452695","https://openalex.org/W1964962870","https://openalex.org/W1971733255","https://openalex.org/W1978034799","https://openalex.org/W1979810153","https://openalex.org/W1979872195","https://openalex.org/W1982950099","https://openalex.org/W1999879211","https://openalex.org/W2004584049","https://openalex.org/W2022695357","https://openalex.org/W2050489281","https://openalex.org/W2050764671","https://openalex.org/W2054257010","https://openalex.org/W2055765785","https://openalex.org/W2057994388","https://openalex.org/W2060602490","https://openalex.org/W2065598226","https://openalex.org/W2078283664","https://openalex.org/W2085141123","https://openalex.org/W2096274199","https://openalex.org/W2114712239","https://openalex.org/W2116243202","https://openalex.org/W2118392938","https://openalex.org/W2120703352","https://openalex.org/W2121354092","https://openalex.org/W2126513985","https://openalex.org/W2131937798","https://openalex.org/W2142105636","https://openalex.org/W2145056331","https://openalex.org/W2149764216","https://openalex.org/W2162373348","https://openalex.org/W2163593802","https://openalex.org/W2164519300","https://openalex.org/W2165172361","https://openalex.org/W2166884436","https://openalex.org/W2168479209","https://openalex.org/W3145932680","https://openalex.org/W6629447159","https://openalex.org/W6684845054"],"related_works":["https://openalex.org/W2393340519","https://openalex.org/W2390459954","https://openalex.org/W3043810321","https://openalex.org/W4220885008","https://openalex.org/W2057803998","https://openalex.org/W4298219515","https://openalex.org/W2980220905","https://openalex.org/W2021298062","https://openalex.org/W1613146948","https://openalex.org/W2185499427"],"abstract_inverted_index":{"Predicting":[0],"software":[1,11,85,157,200,214],"vulnerability":[2,49,71,111,117,174,186,209,230,234],"discovery":[3,25,118,187,210,235],"trends":[4,188],"can":[5,232],"help":[6],"improve":[7],"secure":[8,148],"deployment":[9],"of":[10,69,93,101,128,155,181,197],"applications":[12],"and":[13,21,96,141,239],"facilitate":[14],"backup":[15],"provisioning,":[16],"disaster":[17],"recovery,":[18],"diversity":[19],"planning,":[20],"maintenance":[22],"scheduling.":[23],"Vulnerability":[24],"models":[26],"(VDMs)":[27],"have":[28,52,98,177,203],"been":[29,53],"studied":[30,178],"in":[31,103,211,227],"the":[32,39,45,61,91,152,179,185,194],"literature":[33],"as":[34,136,169],"a":[35,47,66,74,82,113,129,156,162],"means":[36],"to":[37,81,172,207],"capture":[38],"underlying":[40],"stochastic":[41,163],"process.":[42],"Based":[43],"on":[44,90,121,184,193],"VDMs,":[46],"few":[48],"prediction":[50,119],"schemes":[51,58],"proposed.":[54],"Unfortunately,":[55],"all":[56],"these":[57],"suffer":[59],"from":[60,73,151],"same":[62],"weaknesses:":[63],"they":[64,77,97],"require":[65],"large":[67],"amount":[68,92,100],"historical":[70,225],"data":[72,226],"database":[75],"(hence":[76],"are":[78],"not":[79],"applicable":[80],"newly":[83],"released":[84],"application),":[86],"their":[87,104],"precision":[88,238],"depends":[89],"training":[94],"data,":[95],"significant":[99],"error":[102],"estimates.":[105],"In":[106],"this":[107],"work,":[108],"we":[109,131,160,222],"propose":[110,161],"scrying,":[112],"new":[114],"paradigm":[115],"for":[116],"based":[120],"code":[122,133,137,144,154,167,182,196],"properties.":[123],"Using":[124],"compiler-based":[125],"static":[126,191],"analysis":[127,192],"codebase,":[130],"extract":[132],"properties":[134,168,183],"such":[135],"complexity":[138],"(cyclomatic":[139],"complexity),":[140],"more":[142],"importantly":[143],"quality":[145],"(compliance":[146],"with":[147,236],"coding":[149],"rules),":[150],"source":[153,195],"application.":[158],"Then":[159],"model":[164],"which":[165],"uses":[166],"its":[170],"parameters":[171],"predict":[173,208,233],"discovery.":[175],"We":[176,202],"impact":[180],"by":[189],"performing":[190],"four":[198],"real-world":[199],"applications.":[201,215],"used":[204],"our":[205,228],"scheme":[206],"three":[212],"other":[213],"The":[216],"results":[217],"show":[218],"that":[219],"even":[220],"though":[221],"use":[223],"no":[224],"prediction,":[229],"scrying":[231],"better":[237],"less":[240],"divergence":[241],"over":[242],"time.":[243]},"counts_by_year":[{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":9},{"year":2019,"cited_by_count":11},{"year":2018,"cited_by_count":4},{"year":2017,"cited_by_count":7},{"year":2016,"cited_by_count":4},{"year":2015,"cited_by_count":6},{"year":2014,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}