{"id":"https://openalex.org/W2022203852","doi":"https://doi.org/10.1145/2652524.2652533","title":"Discovering buffer overflow vulnerabilities in the wild","display_name":"Discovering buffer overflow vulnerabilities in the wild","publication_year":2014,"publication_date":"2014-09-05","ids":{"openalex":"https://openalex.org/W2022203852","doi":"https://doi.org/10.1145/2652524.2652533","mag":"2022203852"},"language":"en","primary_location":{"id":"doi:10.1145/2652524.2652533","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2652524.2652533","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 8th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101638065","display_name":"Ming Fang","orcid":"https://orcid.org/0000-0003-4007-7777"},"institutions":[{"id":"https://openalex.org/I82497590","display_name":"Auburn University","ror":"https://ror.org/02v80fc35","country_code":"US","type":"education","lineage":["https://openalex.org/I82497590"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ming Fang","raw_affiliation_strings":["Auburn University, Auburn, AL","Auburn University Auburn, AL"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Auburn University, Auburn, AL","institution_ids":["https://openalex.org/I82497590"]},{"raw_affiliation_string":"Auburn University Auburn, AL","institution_ids":["https://openalex.org/I82497590"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5060527236","display_name":"Munawar Hafiz","orcid":null},"institutions":[{"id":"https://openalex.org/I82497590","display_name":"Auburn University","ror":"https://ror.org/02v80fc35","country_code":"US","type":"education","lineage":["https://openalex.org/I82497590"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Munawar Hafiz","raw_affiliation_strings":["Auburn University, Auburn, AL","Auburn University Auburn, AL"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Auburn University, Auburn, AL","institution_ids":["https://openalex.org/I82497590"]},{"raw_affiliation_string":"Auburn University Auburn, AL","institution_ids":["https://openalex.org/I82497590"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":5.7427,"has_fulltext":false,"cited_by_count":18,"citation_normalized_percentile":{"value":0.95758902,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9511011838912964},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7839933037757874},{"id":"https://openalex.org/keywords/buffer-overflow","display_name":"Buffer overflow","score":0.7573487758636475},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.7450268268585205},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7354182600975037},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7000091671943665},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.6257208585739136},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5876145362854004},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5859419703483582},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5490081310272217},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.517734944820404},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.47962841391563416},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.4757528007030487},{"id":"https://openalex.org/keywords/crash","display_name":"Crash","score":0.45765718817710876},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.40055838227272034},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.3979683518409729},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.3810999095439911},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3666614890098572},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.2428368628025055},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.08936017751693726}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9511011838912964},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7839933037757874},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.7573487758636475},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.7450268268585205},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7354182600975037},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7000091671943665},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.6257208585739136},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5876145362854004},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5859419703483582},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5490081310272217},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.517734944820404},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.47962841391563416},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.4757528007030487},{"id":"https://openalex.org/C183469790","wikidata":"https://www.wikidata.org/wiki/Q333501","display_name":"Crash","level":2,"score":0.45765718817710876},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.40055838227272034},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3979683518409729},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.3810999095439911},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3666614890098572},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2428368628025055},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.08936017751693726},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2652524.2652533","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2652524.2652533","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 8th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W110007310","https://openalex.org/W141628768","https://openalex.org/W1427242644","https://openalex.org/W1489243061","https://openalex.org/W1527311855","https://openalex.org/W1541063262","https://openalex.org/W1554355587","https://openalex.org/W1572092804","https://openalex.org/W1587981097","https://openalex.org/W1603939896","https://openalex.org/W1803273808","https://openalex.org/W1948712562","https://openalex.org/W1979820341","https://openalex.org/W1986222079","https://openalex.org/W1998029707","https://openalex.org/W2004685423","https://openalex.org/W2008626182","https://openalex.org/W2037802710","https://openalex.org/W2078283664","https://openalex.org/W2078393527","https://openalex.org/W2098681705","https://openalex.org/W2100196534","https://openalex.org/W2119871945","https://openalex.org/W2125487889","https://openalex.org/W2126513985","https://openalex.org/W2135599336","https://openalex.org/W2153222072","https://openalex.org/W2156444395","https://openalex.org/W2168234580","https://openalex.org/W3023547676"],"related_works":["https://openalex.org/W2062583373","https://openalex.org/W2367489380","https://openalex.org/W2293245356","https://openalex.org/W1983248291","https://openalex.org/W2155206946","https://openalex.org/W2773767792","https://openalex.org/W2181627506","https://openalex.org/W949730309","https://openalex.org/W2344257842","https://openalex.org/W3183415891"],"abstract_inverted_index":{"Context:":[0],"Reporters":[1],"of":[2,21,43,74,142],"security":[3,10],"vulnerabilities":[4,24,170],"possess":[5],"rich":[6],"information":[7],"about":[8],"the":[9,27,33,38,41,57,103,123,130,140,148,164,169,208],"engineering":[11],"process.":[12,126,209],"Goal:":[13],"We":[14,36,69,116],"performed":[15],"an":[16,44],"empirical":[17],"study":[18,39],"on":[19,160],"reporters":[20,54,78,83],"buffer":[22,194],"overflow":[23],"to":[25,101,162,173,178,190,204],"understand":[26],"methods":[28],"and":[29,109,135,192,196,200,206],"tools":[30,90,100,112],"used":[31],"during":[32,60],"discovery.":[34],"Method:":[35],"ran":[37],"in":[40,56,72,122,167],"form":[42],"email":[45],"questionnaire":[46],"with":[47,139],"open":[48],"ended":[49],"questions.":[50],"The":[51,182],"participants":[52],"were":[53],"featured":[55],"SecurityFocus":[58],"repository":[59],"two":[61],"six-month":[62],"periods;":[63],"we":[64],"collected":[65],"58":[66],"responses.":[67],"Results:":[68],"found":[70,118],"that":[71,147],"spite":[73],"many":[75],"apparent":[76],"choices,":[77],"follow":[79],"similar":[80],"approaches.":[81],"Most":[82,127],"typically":[84],"use":[85,96],"fuzzing,":[86],"but":[87],"their":[88],"fuzzing":[89],"are":[91,113,175,184],"created":[92],"ad":[93],"hoc;":[94],"they":[95],"a":[97,107,119,154],"few":[98],"debugging":[99],"analyze":[102],"crash":[104],"introduced":[105],"by":[106,153],"fuzzer;":[108],"static":[110],"analysis":[111],"rarely":[114],"used.":[115],"also":[117],"serious":[120],"problem":[121],"vulnerability":[124],"reporting":[125],"reporters,":[128],"especially":[129],"experienced":[131],"ones,":[132],"favor":[133],"full-disclosure":[134],"do":[136],"not":[137,171],"collaborate":[138],"vendors":[141,161,174,199],"vulnerable":[143],"software.":[144],"They":[145],"think":[146],"public":[149],"disclosure,":[150],"sometimes":[151],"supported":[152],"detailed":[155],"exploit,":[156],"will":[157],"put":[158],"pressure":[159],"fix":[163,207],"vulnerabilities.":[165],"But,":[166],"practice,":[168],"reported":[172],"less":[176],"likely":[177],"be":[179],"fixed.":[180],"Conclusions:":[181],"results":[183],"valuable":[185],"for":[186,197],"beginners":[187],"exploring":[188,202],"how":[189,203],"detect":[191],"report":[193],"overflows":[195],"tool":[198],"researchers":[201],"automate":[205]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":3},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":3},{"year":2014,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}