{"id":"https://openalex.org/W2738028777","doi":"https://doi.org/10.1145/3102980.3102991","title":"A Clairvoyant Approach to Evaluating Software (In)Security","display_name":"A Clairvoyant Approach to Evaluating Software (In)Security","publication_year":2017,"publication_date":"2017-05-07","ids":{"openalex":"https://openalex.org/W2738028777","doi":"https://doi.org/10.1145/3102980.3102991","mag":"2738028777"},"language":"en","primary_location":{"id":"doi:10.1145/3102980.3102991","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3102980.3102991","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th Workshop on Hot Topics in Operating Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5079044187","display_name":"Bhushan Jain","orcid":null},"institutions":[{"id":"https://openalex.org/I114027177","display_name":"University of North Carolina at Chapel Hill","ror":"https://ror.org/0130frc33","country_code":"US","type":"education","lineage":["https://openalex.org/I114027177"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Bhushan Jain","raw_affiliation_strings":["The University of North Carolina at Chapel Hill"],"affiliations":[{"raw_affiliation_string":"The University of North Carolina at Chapel Hill","institution_ids":["https://openalex.org/I114027177"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030297011","display_name":"Chia-Che Tsai","orcid":"https://orcid.org/0000-0002-0016-6487"},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chia-Che Tsai","raw_affiliation_strings":["Stony Brook University"],"affiliations":[{"raw_affiliation_string":"Stony Brook University","institution_ids":["https://openalex.org/I59553526"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5075511151","display_name":"Donald E. Porter","orcid":"https://orcid.org/0000-0002-9804-0857"},"institutions":[{"id":"https://openalex.org/I114027177","display_name":"University of North Carolina at Chapel Hill","ror":"https://ror.org/0130frc33","country_code":"US","type":"education","lineage":["https://openalex.org/I114027177"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Donald E. Porter","raw_affiliation_strings":["The University of North Carolina at Chapel Hill"],"affiliations":[{"raw_affiliation_string":"The University of North Carolina at Chapel Hill","institution_ids":["https://openalex.org/I114027177"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5079044187"],"corresponding_institution_ids":["https://openalex.org/I114027177"],"apc_list":null,"apc_paid":null,"fwci":0.195,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.6126533,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"62","last_page":"68"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7651429176330566},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.7224360108375549},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5985072255134583},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5936983227729797},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5150639414787292},{"id":"https://openalex.org/keywords/constructive","display_name":"Constructive","score":0.5088956356048584},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.49282363057136536},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4516814947128296},{"id":"https://openalex.org/keywords/source-lines-of-code","display_name":"Source lines of code","score":0.4515022337436676},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.34071803092956543},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.31460654735565186},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.22605934739112854},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.184657484292984}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7651429176330566},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.7224360108375549},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5985072255134583},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5936983227729797},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5150639414787292},{"id":"https://openalex.org/C2778701210","wikidata":"https://www.wikidata.org/wiki/Q28130034","display_name":"Constructive","level":3,"score":0.5088956356048584},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.49282363057136536},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4516814947128296},{"id":"https://openalex.org/C199519371","wikidata":"https://www.wikidata.org/wiki/Q942695","display_name":"Source lines of code","level":3,"score":0.4515022337436676},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.34071803092956543},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.31460654735565186},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.22605934739112854},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.184657484292984},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3102980.3102991","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3102980.3102991","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th Workshop on Hot Topics in Operating Systems","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.5099999904632568,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G8221045911","display_name":null,"funder_award_id":"CNS-1405641, CNS-1161541","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":58,"referenced_works":["https://openalex.org/W73531603","https://openalex.org/W94629712","https://openalex.org/W111098712","https://openalex.org/W1434079718","https://openalex.org/W1521083034","https://openalex.org/W1541063262","https://openalex.org/W1558797637","https://openalex.org/W1587970460","https://openalex.org/W1596531406","https://openalex.org/W1607782211","https://openalex.org/W1709483371","https://openalex.org/W1710734607","https://openalex.org/W1847720358","https://openalex.org/W1847934616","https://openalex.org/W1964962870","https://openalex.org/W1967182706","https://openalex.org/W1982303263","https://openalex.org/W1984936841","https://openalex.org/W1986453394","https://openalex.org/W1989657183","https://openalex.org/W1993836075","https://openalex.org/W1999879211","https://openalex.org/W2002463736","https://openalex.org/W2025018396","https://openalex.org/W2042229489","https://openalex.org/W2043100293","https://openalex.org/W2043811931","https://openalex.org/W2043837581","https://openalex.org/W2044839138","https://openalex.org/W2061533417","https://openalex.org/W2069202293","https://openalex.org/W2080573945","https://openalex.org/W2082917549","https://openalex.org/W2087527532","https://openalex.org/W2091776255","https://openalex.org/W2106192381","https://openalex.org/W2115224143","https://openalex.org/W2119736157","https://openalex.org/W2121805588","https://openalex.org/W2127637733","https://openalex.org/W2128802947","https://openalex.org/W2135274583","https://openalex.org/W2136310957","https://openalex.org/W2138394111","https://openalex.org/W2146682513","https://openalex.org/W2155621670","https://openalex.org/W2159443917","https://openalex.org/W2172100572","https://openalex.org/W2576393274","https://openalex.org/W2959792658","https://openalex.org/W4235130846","https://openalex.org/W4238011405","https://openalex.org/W4238330489","https://openalex.org/W4238983745","https://openalex.org/W4250846042","https://openalex.org/W4254306780","https://openalex.org/W4285719527","https://openalex.org/W4290864872"],"related_works":["https://openalex.org/W2141388993","https://openalex.org/W1978034799","https://openalex.org/W2999607548","https://openalex.org/W2956597637","https://openalex.org/W2044639210","https://openalex.org/W2293245356","https://openalex.org/W4225160120","https://openalex.org/W23486959","https://openalex.org/W1588942021","https://openalex.org/W1981466760"],"abstract_inverted_index":{"Nearly":[0],"all":[1],"modern":[2],"software":[3,17],"has":[4],"security":[5,18,80],"flaws---either":[6],"known":[7],"or":[8,37,53],"unknown":[9],"by":[10],"the":[11,31,35,39,42,75],"users.":[12],"However,":[13],"metrics":[14],"for":[15],"evaluating":[16,89],"(or":[19],"lack":[20],"thereof)":[21],"are":[22],"noisy":[23],"at":[24],"best.":[25],"Common":[26],"evaluation":[27],"methods":[28],"include":[29],"counting":[30],"past":[32],"vulnerabilities":[33],"of":[34,41,50,61,77,88],"program,":[36],"comparing":[38],"size":[40],"Trusted":[43],"Computing":[44],"Base":[45],"(TCB),":[46],"measured":[47],"in":[48],"lines":[49],"code":[51,62,72],"(LoC)":[52],"binary":[54],"size.":[55],"Other":[56],"than":[57],"deleting":[58],"large":[59],"swaths":[60],"from":[63],"project,":[64],"it":[65],"is":[66],"difficult":[67],"to":[68],"assess":[69],"whether":[70],"a":[71,78,84],"change":[73],"decreased":[74],"likelihood":[76],"future":[79],"vulnerability.":[81],"Developers":[82],"need":[83],"practical,":[85],"constructive":[86],"way":[87],"security.":[90]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2017,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}