{"id":"https://openalex.org/W2057356642","doi":"https://doi.org/10.1145/1016998.1017004","title":"Security is Harder than You Think","display_name":"Security is Harder than You Think","publication_year":2004,"publication_date":"2004-07-01","ids":{"openalex":"https://openalex.org/W2057356642","doi":"https://doi.org/10.1145/1016998.1017004","mag":"2057356642"},"language":"en","primary_location":{"id":"doi:10.1145/1016998.1017004","is_oa":true,"landing_page_url":"https://doi.org/10.1145/1016998.1017004","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/1016998.1017004","source":{"id":"https://openalex.org/S45584542","display_name":"Queue","issn_l":"1542-7730","issn":["1542-7730","1542-7749"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Queue","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/1016998.1017004","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5027349084","display_name":"John Viega","orcid":"https://orcid.org/0000-0003-1500-6408"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"John Viega","raw_affiliation_strings":["Secure Software"],"affiliations":[{"raw_affiliation_string":"Secure Software","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5007882867","display_name":"Matt Messier","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Matt Messier","raw_affiliation_strings":["Secure Software"],"affiliations":[{"raw_affiliation_string":"Secure Software","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5027349084"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.8593,"has_fulltext":true,"cited_by_count":8,"citation_normalized_percentile":{"value":0.73421997,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":"2","issue":"5","first_page":"60","last_page":"65"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9434999823570251,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9434999823570251,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9125000238418579,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9021999835968018,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7499154806137085},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7290972471237183},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.6580034494400024},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.6482119560241699},{"id":"https://openalex.org/keywords/simple","display_name":"Simple (philosophy)","score":0.5312644839286804},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5221010446548462},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5124703049659729},{"id":"https://openalex.org/keywords/buffer-overflow","display_name":"Buffer overflow","score":0.4879874587059021},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.4426974356174469},{"id":"https://openalex.org/keywords/transport-layer-security","display_name":"Transport Layer Security","score":0.4322354197502136},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.42622411251068115},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.42619869112968445},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.1642269790172577},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.11150321364402771},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.10330259799957275}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7499154806137085},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7290972471237183},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.6580034494400024},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.6482119560241699},{"id":"https://openalex.org/C2780586882","wikidata":"https://www.wikidata.org/wiki/Q7520643","display_name":"Simple (philosophy)","level":2,"score":0.5312644839286804},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5221010446548462},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5124703049659729},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.4879874587059021},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.4426974356174469},{"id":"https://openalex.org/C148176105","wikidata":"https://www.wikidata.org/wiki/Q206494","display_name":"Transport Layer Security","level":3,"score":0.4322354197502136},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.42622411251068115},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.42619869112968445},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.1642269790172577},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.11150321364402771},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.10330259799957275},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1016998.1017004","is_oa":true,"landing_page_url":"https://doi.org/10.1145/1016998.1017004","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/1016998.1017004","source":{"id":"https://openalex.org/S45584542","display_name":"Queue","issn_l":"1542-7730","issn":["1542-7730","1542-7749"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Queue","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/1016998.1017004","is_oa":true,"landing_page_url":"https://doi.org/10.1145/1016998.1017004","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/1016998.1017004","source":{"id":"https://openalex.org/S45584542","display_name":"Queue","issn_l":"1542-7730","issn":["1542-7730","1542-7749"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Queue","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2057356642.pdf","grobid_xml":"https://content.openalex.org/works/W2057356642.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W2773767792","https://openalex.org/W2155206946","https://openalex.org/W4248500578","https://openalex.org/W2186797211","https://openalex.org/W1861216818","https://openalex.org/W153726547","https://openalex.org/W65810077","https://openalex.org/W2910240574","https://openalex.org/W2057356642","https://openalex.org/W3015380456"],"abstract_inverted_index":{"Many":[0],"developers":[1],"see":[2],"buffer":[3],"overflows":[4],"as":[5],"the":[6,66],"biggest":[7],"security":[8,58],"threat":[9],"to":[10,21,29,38],"software":[11,57],"and":[12],"believe":[13],"that":[14,45],"there":[15],"is":[16,59],"a":[17],"simple":[18],"two-step":[19],"process":[20],"secure":[22],"software:":[23],"switch":[24],"from":[25],"C":[26],"or":[27],"C++":[28],"Java,":[30],"then":[31],"start":[32],"using":[33],"SSL":[34],"(Secure":[35],"Sockets":[36],"Layer)":[37],"protect":[39],"data":[40],"communications.":[41],"It":[42],"turns":[43],"out":[44],"this":[46,52],"na\u00efve":[47],"tactic":[48],"isn\u2019t":[49],"sufficient.":[50],"In":[51],"article,":[53],"we":[54],"explore":[55],"why":[56],"harder":[60],"than":[61],"people":[62],"expect,":[63],"focusing":[64],"on":[65],"example":[67],"of":[68],"SSL.":[69]},"counts_by_year":[{"year":2020,"cited_by_count":1},{"year":2015,"cited_by_count":1}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}