{"id":"https://openalex.org/W2069268700","doi":"https://doi.org/10.1145/2810103.2813604","title":"VCCFinder","display_name":"VCCFinder","publication_year":2015,"publication_date":"2015-10-06","ids":{"openalex":"https://openalex.org/W2069268700","doi":"https://doi.org/10.1145/2810103.2813604","mag":"2069268700"},"language":"en","primary_location":{"id":"doi:10.1145/2810103.2813604","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2810103.2813604","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5081153002","display_name":"Henning Perl","orcid":null},"institutions":[{"id":"https://openalex.org/I4210166245","display_name":"Fraunhofer Institute for Communication, Information Processing and Ergonomics","ror":"https://ror.org/05nn0gw40","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210166245","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Henning Perl","raw_affiliation_strings":["Fraunhofer FKIE, Bonn, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer FKIE, Bonn, Germany","institution_ids":["https://openalex.org/I4210166245"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069280200","display_name":"Sergej Dechand","orcid":null},"institutions":[{"id":"https://openalex.org/I135140700","display_name":"University of Bonn","ror":"https://ror.org/041nas322","country_code":"DE","type":"education","lineage":["https://openalex.org/I135140700"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sergej Dechand","raw_affiliation_strings":["University of Bonn, Bonn, Germany"],"affiliations":[{"raw_affiliation_string":"University of Bonn, Bonn, Germany","institution_ids":["https://openalex.org/I135140700"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5000498964","display_name":"Matthew Smith","orcid":"https://orcid.org/0000-0002-2724-1379"},"institutions":[{"id":"https://openalex.org/I135140700","display_name":"University of Bonn","ror":"https://ror.org/041nas322","country_code":"DE","type":"education","lineage":["https://openalex.org/I135140700"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Matthew Smith","raw_affiliation_strings":["University of Bonn, Bonn, Germany"],"affiliations":[{"raw_affiliation_string":"University of Bonn, Bonn, Germany","institution_ids":["https://openalex.org/I135140700"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029169901","display_name":"Daniel J. Arp","orcid":"https://orcid.org/0000-0003-3628-794X"},"institutions":[{"id":"https://openalex.org/I74656192","display_name":"University of G\u00f6ttingen","ror":"https://ror.org/01y9bpm73","country_code":"DE","type":"education","lineage":["https://openalex.org/I74656192"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Daniel Arp","raw_affiliation_strings":["University of G\u00f6ttingen, G\u00f6ttingen, Germany"],"affiliations":[{"raw_affiliation_string":"University of G\u00f6ttingen, G\u00f6ttingen, Germany","institution_ids":["https://openalex.org/I74656192"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089184320","display_name":"Fabian Yamaguchi","orcid":null},"institutions":[{"id":"https://openalex.org/I74656192","display_name":"University of G\u00f6ttingen","ror":"https://ror.org/01y9bpm73","country_code":"DE","type":"education","lineage":["https://openalex.org/I74656192"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Fabian Yamaguchi","raw_affiliation_strings":["University of G\u00f6ttingen, G\u00f6ttingen, Germany"],"affiliations":[{"raw_affiliation_string":"University of G\u00f6ttingen, G\u00f6ttingen, Germany","institution_ids":["https://openalex.org/I74656192"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066077721","display_name":"Konrad Rieck","orcid":"https://orcid.org/0000-0002-5054-8758"},"institutions":[{"id":"https://openalex.org/I74656192","display_name":"University of G\u00f6ttingen","ror":"https://ror.org/01y9bpm73","country_code":"DE","type":"education","lineage":["https://openalex.org/I74656192"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Konrad Rieck","raw_affiliation_strings":["University of G\u00f6ttingen, G\u00f6ttingen, Germany"],"affiliations":[{"raw_affiliation_string":"University of G\u00f6ttingen, G\u00f6ttingen, Germany","institution_ids":["https://openalex.org/I74656192"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087356408","display_name":"Sascha Fahl","orcid":"https://orcid.org/0000-0002-5644-3316"},"institutions":[{"id":"https://openalex.org/I91712215","display_name":"Saarland University","ror":"https://ror.org/01jdpyv68","country_code":"DE","type":"education","lineage":["https://openalex.org/I91712215"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sascha Fahl","raw_affiliation_strings":["Saarland University, Saarbr\u00fccken, Germany"],"affiliations":[{"raw_affiliation_string":"Saarland University, Saarbr\u00fccken, Germany","institution_ids":["https://openalex.org/I91712215"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5074668699","display_name":"Yasemin Acar","orcid":"https://orcid.org/0000-0001-7167-7383"},"institutions":[{"id":"https://openalex.org/I91712215","display_name":"Saarland University","ror":"https://ror.org/01jdpyv68","country_code":"DE","type":"education","lineage":["https://openalex.org/I91712215"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Yasemin Acar","raw_affiliation_strings":["Saarland University, Saarbr\u00fccken, Germany"],"affiliations":[{"raw_affiliation_string":"Saarland University, Saarbr\u00fccken, Germany","institution_ids":["https://openalex.org/I91712215"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5081153002"],"corresponding_institution_ids":["https://openalex.org/I4210166245"],"apc_list":null,"apc_paid":null,"fwci":30.6792,"has_fulltext":false,"cited_by_count":221,"citation_normalized_percentile":{"value":0.99558297,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"426","last_page":"437"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8351544141769409},{"id":"https://openalex.org/keywords/commit","display_name":"Commit","score":0.6725621223449707},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.5645273327827454},{"id":"https://openalex.org/keywords/metadata","display_name":"Metadata","score":0.5568973422050476},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5283763408660889},{"id":"https://openalex.org/keywords/code-review","display_name":"Code review","score":0.5252606272697449},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.48005446791648865},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.46318790316581726},{"id":"https://openalex.org/keywords/static-program-analysis","display_name":"Static program analysis","score":0.440888375043869},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.42011791467666626},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.2965679168701172},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.2794715464115143},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.2210058569908142},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.20770254731178284},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.15154379606246948},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.10846912860870361}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8351544141769409},{"id":"https://openalex.org/C153180980","wikidata":"https://www.wikidata.org/wiki/Q19776675","display_name":"Commit","level":2,"score":0.6725621223449707},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.5645273327827454},{"id":"https://openalex.org/C93518851","wikidata":"https://www.wikidata.org/wiki/Q180160","display_name":"Metadata","level":2,"score":0.5568973422050476},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5283763408660889},{"id":"https://openalex.org/C150292731","wikidata":"https://www.wikidata.org/wiki/Q1342704","display_name":"Code review","level":5,"score":0.5252606272697449},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.48005446791648865},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.46318790316581726},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.440888375043869},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.42011791467666626},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.2965679168701172},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.2794715464115143},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.2210058569908142},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.20770254731178284},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.15154379606246948},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.10846912860870361},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/2810103.2813604","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2810103.2813604","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:publica.fraunhofer.de:publica/395094","is_oa":false,"landing_page_url":"https://publica.fraunhofer.de/handle/publica/395094","pdf_url":null,"source":{"id":"https://openalex.org/S4306400318","display_name":"Fraunhofer-Publica (Fraunhofer-Gesellschaft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4923324","host_organization_name":"Fraunhofer-Gesellschaft","host_organization_lineage":["https://openalex.org/I4923324"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"conference paper"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.41999998688697815,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":34,"referenced_works":["https://openalex.org/W76990466","https://openalex.org/W77946476","https://openalex.org/W179367048","https://openalex.org/W281855447","https://openalex.org/W1429964360","https://openalex.org/W1505648523","https://openalex.org/W1531203382","https://openalex.org/W1710734607","https://openalex.org/W1887482550","https://openalex.org/W1956559956","https://openalex.org/W1964962870","https://openalex.org/W1987436126","https://openalex.org/W1992114977","https://openalex.org/W1994718921","https://openalex.org/W2003315002","https://openalex.org/W2018766970","https://openalex.org/W2028820179","https://openalex.org/W2041174350","https://openalex.org/W2049736950","https://openalex.org/W2071088932","https://openalex.org/W2079753286","https://openalex.org/W2117321536","https://openalex.org/W2118585731","https://openalex.org/W2123493477","https://openalex.org/W2131182686","https://openalex.org/W2150874999","https://openalex.org/W2154398797","https://openalex.org/W2157353183","https://openalex.org/W2166336492","https://openalex.org/W2350778671","https://openalex.org/W6630328912","https://openalex.org/W6631721891","https://openalex.org/W6677656871","https://openalex.org/W6679486309"],"related_works":["https://openalex.org/W1986222079","https://openalex.org/W4399460644","https://openalex.org/W4389156480","https://openalex.org/W3153702491","https://openalex.org/W2969257295","https://openalex.org/W1486481742","https://openalex.org/W3008981372","https://openalex.org/W1761184020","https://openalex.org/W2206096527","https://openalex.org/W4214596491"],"abstract_inverted_index":{"Despite":[0],"the":[1,6,25,28,36,47,102,162,199,209,231,236],"security":[2,19],"community's":[3],"best":[4],"effort,":[5],"number":[7],"of":[8,39,49,119,166,201,212,223],"serious":[9],"vulnerabilities":[10,26,61,108],"discovered":[11],"in":[12,124,171],"software":[13],"is":[14,56,69],"increasing":[15],"rapidly.":[16],"In":[17,111],"theory,":[18],"audits":[20],"should":[21],"find":[22,107],"and":[23,51,220,226,244],"remove":[24],"before":[27],"code":[29,40,55,73,84,123,125,144,148],"ever":[30],"gets":[31],"deployed.":[32],"However,":[33,92],"due":[34],"to":[35,70,80,106,146,168,173,189,194],"enormous":[37],"amount":[38,200],"being":[41],"produced,":[42],"as":[43,45,78,238,251],"well":[44],"a":[46,72,97,116,128,175,186,217,239,252],"lack":[48],"manpower":[50],"expertise,":[52],"not":[53],"all":[54],"sufficiently":[57],"audited.":[58],"Thus,":[59],"many":[60],"slip":[62],"into":[63],"production":[64],"systems.":[65,135],"A":[66],"best-practice":[67],"approach":[68,197,225],"use":[71],"metric":[74],"analysis":[75,139,222,249],"tool,":[76],"such":[77],"Flawfinder,":[79,195],"flag":[81,190],"potentially":[82,121],"dangerous":[83,122],"so":[85],"that":[86],"it":[87],"can":[88],"receive":[89],"special":[90],"attention.":[91],"because":[93],"these":[94],"tools":[95],"have":[96],"very":[98],"high":[99],"false-positive":[100,131],"rate,":[101],"manual":[103],"effort":[104],"needed":[105],"remains":[109],"overwhelming.":[110],"this":[112,182],"paper,":[113],"we":[114,160,184,215],"present":[115,216],"new":[117],"method":[118],"finding":[120],"repositories":[126,145],"with":[127,140],"significantly":[129],"lower":[130],"rate":[132],"than":[133],"comparable":[134],"We":[136,233],"combine":[137],"code-metric":[138],"metadata":[141],"gathered":[142],"from":[143,230],"help":[147],"review":[149],"teams":[150],"prioritize":[151],"their":[152],"work.":[153],"The":[154],"paper":[155],"makes":[156],"three":[157],"contributions.":[158],"First,":[159],"conducted":[161],"first":[163],"large-scale":[164],"mapping":[165],"CVEs":[167],"GitHub":[169],"commits":[170],"order":[172],"create":[174],"vulnerable":[176],"commit":[177],"database.":[178],"Second,":[179],"based":[180],"on":[181],"database,":[183],"trained":[185],"SVM":[187],"classifier":[188],"suspicious":[191],"commits.":[192],"Compared":[193],"our":[196,224,248],"reduces":[198],"false":[202],"alarms":[203],"by":[204],"over":[205],"99":[206],"%":[207],"at":[208],"same":[210],"level":[211],"recall.":[213],"Finally,":[214],"thorough":[218],"quantitative":[219],"qualitative":[221],"discuss":[227],"lessons":[228],"learned":[229],"results.":[232],"will":[234,245],"share":[235],"database":[237],"benchmark":[240],"for":[241],"future":[242],"research":[243],"also":[246],"provide":[247],"tool":[250],"web":[253],"service.":[254]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":27},{"year":2024,"cited_by_count":32},{"year":2023,"cited_by_count":27},{"year":2022,"cited_by_count":23},{"year":2021,"cited_by_count":33},{"year":2020,"cited_by_count":23},{"year":2019,"cited_by_count":18},{"year":2018,"cited_by_count":16},{"year":2017,"cited_by_count":10},{"year":2016,"cited_by_count":10},{"year":2015,"cited_by_count":1}],"updated_date":"2026-03-12T08:34:05.389933","created_date":"2016-06-24T00:00:00"}