{"id":"https://openalex.org/W4211233231","doi":"https://doi.org/10.1109/tse.2022.3150302","title":"Automatic Detection of Java Cryptographic API Misuses: Are We There Yet?","display_name":"Automatic Detection of Java Cryptographic API Misuses: Are We There Yet?","publication_year":2022,"publication_date":"2022-02-12","ids":{"openalex":"https://openalex.org/W4211233231","doi":"https://doi.org/10.1109/tse.2022.3150302"},"language":"en","primary_location":{"id":"doi:10.1109/tse.2022.3150302","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2022.3150302","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5076091595","display_name":"Ying Zhang","orcid":"https://orcid.org/0000-0002-2770-9189"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Ying Zhang","raw_affiliation_strings":["Department of Computer Science, Virginia Tech, Blacksburg, VA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Virginia Tech, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051214133","display_name":"Md Mahir Asef Kabir","orcid":"https://orcid.org/0000-0001-6227-1816"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Md Mahir Asef Kabir","raw_affiliation_strings":["Department of Computer Science, Virginia Tech, Blacksburg, VA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Virginia Tech, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100765378","display_name":"Ya Xiao","orcid":"https://orcid.org/0000-0002-4030-811X"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ya Xiao","raw_affiliation_strings":["Department of Computer Science, Virginia Tech, Blacksburg, VA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Virginia Tech, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034366344","display_name":"Danfeng Yao","orcid":"https://orcid.org/0000-0001-8969-2792"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Danfeng Yao","raw_affiliation_strings":["Department of Computer Science, Virginia Tech, Blacksburg, VA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Virginia Tech, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5070152860","display_name":"Na Meng","orcid":"https://orcid.org/0000-0002-0230-5524"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Na Meng","raw_affiliation_strings":["Department of Computer Science, Virginia Tech, Blacksburg, VA, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Virginia Tech, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5076091595"],"corresponding_institution_ids":["https://openalex.org/I859038795"],"apc_list":null,"apc_paid":null,"fwci":5.5297,"has_fulltext":false,"cited_by_count":38,"citation_normalized_percentile":{"value":0.96717889,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":"49","issue":"1","first_page":"288","last_page":"303"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8617032766342163},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.7160435318946838},{"id":"https://openalex.org/keywords/correctness","display_name":"Correctness","score":0.7046831846237183},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.6876910328865051},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.6514453887939453},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5108441710472107},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.472404420375824},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4427623748779297},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.4078070819377899},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3779926002025604},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3405676484107971},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.22558334469795227},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.13637897372245789},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.11914727091789246}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8617032766342163},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.7160435318946838},{"id":"https://openalex.org/C55439883","wikidata":"https://www.wikidata.org/wiki/Q360812","display_name":"Correctness","level":2,"score":0.7046831846237183},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.6876910328865051},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.6514453887939453},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5108441710472107},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.472404420375824},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4427623748779297},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4078070819377899},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3779926002025604},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3405676484107971},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.22558334469795227},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.13637897372245789},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.11914727091789246},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tse.2022.3150302","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2022.3150302","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G4088390000","display_name":null,"funder_award_id":"1845446","funder_id":"https://openalex.org/F4320335353","funder_display_name":"National Science Foundation of Sri Lanka"},{"id":"https://openalex.org/G4694986598","display_name":null,"funder_award_id":"1929701","funder_id":"https://openalex.org/F4320335353","funder_display_name":"National Science Foundation of Sri Lanka"}],"funders":[{"id":"https://openalex.org/F4320335353","display_name":"National Science Foundation of Sri Lanka","ror":"https://ror.org/010xaa060"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":41,"referenced_works":["https://openalex.org/W1008898928","https://openalex.org/W1517949462","https://openalex.org/W2008810193","https://openalex.org/W2027538101","https://openalex.org/W2084864601","https://openalex.org/W2087527532","https://openalex.org/W2103370348","https://openalex.org/W2138110817","https://openalex.org/W2145994642","https://openalex.org/W2171683886","https://openalex.org/W2336008669","https://openalex.org/W2357927175","https://openalex.org/W2400329213","https://openalex.org/W2405678927","https://openalex.org/W2541261609","https://openalex.org/W2745087117","https://openalex.org/W2759023773","https://openalex.org/W2767943400","https://openalex.org/W2781491433","https://openalex.org/W2796472165","https://openalex.org/W2804267743","https://openalex.org/W2807181794","https://openalex.org/W2907964905","https://openalex.org/W2956006111","https://openalex.org/W2963900765","https://openalex.org/W2964144088","https://openalex.org/W2965003867","https://openalex.org/W2973035781","https://openalex.org/W2984297109","https://openalex.org/W2985320478","https://openalex.org/W2995340752","https://openalex.org/W3030957512","https://openalex.org/W3031272488","https://openalex.org/W3048278527","https://openalex.org/W3092327956","https://openalex.org/W3101228802","https://openalex.org/W3155647500","https://openalex.org/W3158315407","https://openalex.org/W4200634422","https://openalex.org/W6766499734","https://openalex.org/W6794697330"],"related_works":["https://openalex.org/W4286859242","https://openalex.org/W4206646452","https://openalex.org/W2990618290","https://openalex.org/W4293696969","https://openalex.org/W2002568488","https://openalex.org/W3211894641","https://openalex.org/W4230352667","https://openalex.org/W3015380456","https://openalex.org/W2135328446","https://openalex.org/W4380354609"],"abstract_inverted_index":{"The":[0],"Java":[1],"platform":[2],"provides":[3],"various":[4],"cryptographic":[5,50,66],"APIs":[6,15,31],"to":[7,46,64,75,97,129,134,146,155,200],"facilitate":[8],"secure":[9],"coding.":[10],"However,":[11,53],"correctly":[12],"using":[13],"these":[14],"is":[16,55],"challenging":[17],"for":[18,157],"developers":[19,29,82,156,187],"who":[20,193],"lack":[21],"cybersecurity":[22],"training.":[23],"Prior":[24],"work":[25,74],"shows":[26],"that":[27],"many":[28],"misused":[30],"and":[32,79,114,150,182,211,227],"consequently":[33],"introduced":[34],"vulnerabilities":[35],"into":[36],"their":[37,116,158,201],"software.":[38],"To":[39],"eliminate":[40],"such":[41],"vulnerabilities,":[42],"people":[43],"created":[44],"tools":[45,61,73,113,128,145,171,226],"detect":[47,65],"and/or":[48],"fix":[49],"API":[51,67,77],"misuses.":[52],"it":[54,230],"still":[56],"unknown":[57],"(1)":[58],"how":[59,70,81],"current":[60],"are":[62],"designed":[63],"misuses,":[68,78],"(2)":[69],"effectively":[71],"the":[72,84,99,127,144,169,177,206,212,224],"locate":[76],"(3)":[80],"perceive":[83],"usefulness":[85],"of":[86,126,138,168,208,214],"tools\u2019":[87,136,189,204],"outputs.":[88],"For":[89,165],"this":[90],"paper,":[91],"we":[92,105,123,142],"conducted":[93,107],"an":[94],"empirical":[95],"study":[96,161,218],"investigate":[98],"research":[100,235],"questions":[101],"mentioned":[102],"above.":[103],"Specifically,":[104],"first":[106],"a":[108,220],"literature":[109],"survey":[110],"on":[111,203,233],"existing":[112],"compared":[115],"approach":[117],"design":[118],"from":[119],"different":[120],"angles.":[121],"Then":[122],"applied":[124,143],"six":[125,170],"three":[130],"popularly":[131],"used":[132],"benchmarks":[133],"measure":[135],"effectiveness":[137],"API-misuse":[139],"detection.":[140,238],"Next,":[141],"200":[147],"Apache":[148],"projects":[149],"sent":[151],"57":[152],"vulnerability":[153,237],"reports":[154,190,195],"feedback.":[159],"Our":[160],"revealed":[162],"interesting":[163],"phenomena.":[164],"instance,":[166],"none":[167],"was":[172],"found":[173],"universally":[174],"better":[175],"than":[176,191],"others;":[178],"however,":[179],"CogniCrypt,":[180],"CogniGuard,":[181],"Xanitizer":[183],"outperformed":[184],"SonarQube.":[185],"More":[186],"rejected":[188],"those":[192],"accepted":[194],"(30":[196],"versus":[197],"9)":[198],"due":[199],"concerns":[202],"capabilities,":[205],"correctness":[207],"suggested":[209],"fixes,":[210],"exploitability":[213],"reported":[215],"issues.":[216],"This":[217],"reveals":[219],"significant":[221],"gap":[222],"between":[223],"state-of-the-art":[225],"developers\u2019":[228],"expectations;":[229],"sheds":[231],"light":[232],"future":[234],"in":[236]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":13},{"year":2023,"cited_by_count":9},{"year":2022,"cited_by_count":5}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2025-10-10T00:00:00"}