{"id":"https://openalex.org/W2898270746","doi":"https://doi.org/10.1109/vlhcc.2018.8506525","title":"Supporting Effective Strategies for Resolving Vulnerabilities Reported by Static Analysis Tools","display_name":"Supporting Effective Strategies for Resolving Vulnerabilities Reported by Static Analysis Tools","publication_year":2018,"publication_date":"2018-10-01","ids":{"openalex":"https://openalex.org/W2898270746","doi":"https://doi.org/10.1109/vlhcc.2018.8506525","mag":"2898270746"},"language":"en","primary_location":{"id":"doi:10.1109/vlhcc.2018.8506525","is_oa":false,"landing_page_url":"https://doi.org/10.1109/vlhcc.2018.8506525","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5020005323","display_name":"Justin Smith","orcid":"https://orcid.org/0000-0001-6987-5196"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Justin Smith","raw_affiliation_strings":["Department of Computer Science, North Carolina State University, Raleigh, North Carolina"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, North Carolina State University, Raleigh, North Carolina","institution_ids":["https://openalex.org/I137902535"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5020005323"],"corresponding_institution_ids":["https://openalex.org/I137902535"],"apc_list":null,"apc_paid":null,"fwci":0.3927,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.71991942,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":93},"biblio":{"volume":null,"issue":null,"first_page":"267","last_page":"268"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.8374757766723633},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7878497838973999},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.6408902406692505},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6199270486831665},{"id":"https://openalex.org/keywords/plan","display_name":"Plan (archaeology)","score":0.5213857293128967},{"id":"https://openalex.org/keywords/application-security","display_name":"Application security","score":0.4851837754249573},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.4800880551338196},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.47721153497695923},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.44546759128570557},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.4435841739177704},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.42191487550735474},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.41930773854255676},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.41669929027557373},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.40525588393211365},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.3803223669528961},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3758503198623657},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.3178146481513977},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.302823007106781},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.11653807759284973},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.08992981910705566}],"concepts":[{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.8374757766723633},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7878497838973999},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.6408902406692505},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6199270486831665},{"id":"https://openalex.org/C2776505523","wikidata":"https://www.wikidata.org/wiki/Q4785468","display_name":"Plan (archaeology)","level":2,"score":0.5213857293128967},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.4851837754249573},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.4800880551338196},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.47721153497695923},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.44546759128570557},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.4435841739177704},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.42191487550735474},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.41930773854255676},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.41669929027557373},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.40525588393211365},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.3803223669528961},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3758503198623657},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3178146481513977},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.302823007106781},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.11653807759284973},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.08992981910705566},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0},{"id":"https://openalex.org/C95457728","wikidata":"https://www.wikidata.org/wiki/Q309","display_name":"History","level":0,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/vlhcc.2018.8506525","is_oa":false,"landing_page_url":"https://doi.org/10.1109/vlhcc.2018.8506525","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W1936022305","https://openalex.org/W1971690354","https://openalex.org/W2004067246","https://openalex.org/W2064296229","https://openalex.org/W2125343911","https://openalex.org/W2130758759","https://openalex.org/W2158297335","https://openalex.org/W2514084604","https://openalex.org/W2541261609","https://openalex.org/W2546866077","https://openalex.org/W2561266335","https://openalex.org/W2585818648","https://openalex.org/W2792425537","https://openalex.org/W4254666025","https://openalex.org/W6679435869","https://openalex.org/W6749077557"],"related_works":["https://openalex.org/W2560421591","https://openalex.org/W1978034799","https://openalex.org/W2796094063","https://openalex.org/W4384518368","https://openalex.org/W2537414278","https://openalex.org/W2901968602","https://openalex.org/W2809528855","https://openalex.org/W4313400739","https://openalex.org/W4388483595","https://openalex.org/W4386907269"],"abstract_inverted_index":{"Static":[0],"analysis":[1],"tools":[2,44,76,91],"detect":[3],"potentially":[4],"costly":[5],"security":[6,62,96],"defects":[7,16],"early":[8],"in":[9],"the":[10,35],"software":[11],"development":[12],"process.":[13],"However,":[14],"these":[15],"can":[17,42,92],"be":[18],"difficult":[19],"for":[20,50],"developers":[21,58,94],"to":[22,33,64,77,87],"accurately":[23,99],"and":[24,69,100],"efficiently":[25],"resolve.":[26],"The":[27],"goal":[28],"of":[29],"this":[30,54],"work":[31],"is":[32],"understand":[34,78],"vulnerability":[36],"resolution":[37],"process":[38],"so":[39],"that":[40,45],"we":[41],"build":[43],"support":[46,81],"more":[47,98],"effective":[48],"strategies":[49],"resolving":[51],"vulnerabilities.":[52],"In":[53],"work,":[55],"I":[56,73,85],"study":[57,74],"as":[59],"they":[60,80],"resolve":[61,95],"vulnerabilities":[63,97],"identify":[65],"their":[66],"information":[67],"needs":[68],"current":[70],"strategies.":[71,83],"Next,":[72],"existing":[75],"how":[79,89],"developers'":[82],"Finally,":[84],"plan":[86],"demonstrate":[88],"strategy-aware":[90],"help":[93],"efficiently.":[101]},"counts_by_year":[{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}