{"id":"https://openalex.org/W2739806980","doi":"https://doi.org/10.1145/3106237.3121276","title":"FOSS version differentiation as a benchmark for static analysis security testing tools","display_name":"FOSS version differentiation as a benchmark for static analysis security testing tools","publication_year":2017,"publication_date":"2017-08-02","ids":{"openalex":"https://openalex.org/W2739806980","doi":"https://doi.org/10.1145/3106237.3121276","mag":"2739806980"},"language":"en","primary_location":{"id":"doi:10.1145/3106237.3121276","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3106237.3121276","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5080305727","display_name":"Ivan Pashchenko","orcid":"https://orcid.org/0000-0001-8202-576X"},"institutions":[{"id":"https://openalex.org/I193223587","display_name":"University of Trento","ror":"https://ror.org/05trd4x28","country_code":"IT","type":"education","lineage":["https://openalex.org/I193223587"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Ivan Pashchenko","raw_affiliation_strings":["University of Trento, Italy"],"affiliations":[{"raw_affiliation_string":"University of Trento, Italy","institution_ids":["https://openalex.org/I193223587"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5080305727"],"corresponding_institution_ids":["https://openalex.org/I193223587"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.13023114,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"1056","last_page":"1058"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.8148053288459778},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.746884822845459},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.6833309531211853},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.48659026622772217},{"id":"https://openalex.org/keywords/ground-truth","display_name":"Ground truth","score":0.4791228771209717},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.4576839506626129},{"id":"https://openalex.org/keywords/application-security","display_name":"Application security","score":0.4384632408618927},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.4180508553981781},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.25258347392082214},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.21137869358062744},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.17654874920845032},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.17575004696846008}],"concepts":[{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.8148053288459778},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.746884822845459},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.6833309531211853},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.48659026622772217},{"id":"https://openalex.org/C146849305","wikidata":"https://www.wikidata.org/wiki/Q370766","display_name":"Ground truth","level":2,"score":0.4791228771209717},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4576839506626129},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.4384632408618927},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.4180508553981781},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.25258347392082214},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.21137869358062744},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.17654874920845032},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.17575004696846008},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C13280743","wikidata":"https://www.wikidata.org/wiki/Q131089","display_name":"Geodesy","level":1,"score":0.0},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3106237.3121276","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3106237.3121276","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:iris.unitn.it:11572/199025","is_oa":false,"landing_page_url":"http://hdl.handle.net/11572/199025","pdf_url":null,"source":{"id":"https://openalex.org/S4377196320","display_name":"Iris (University of Trento)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I193223587","host_organization_name":"University of Trento","host_organization_lineage":["https://openalex.org/I193223587"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320322275","display_name":"Universit\u00e0 degli Studi di Trento","ror":"https://ror.org/05trd4x28"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W1985424295","https://openalex.org/W2040739365","https://openalex.org/W2091635765","https://openalex.org/W2125343911","https://openalex.org/W2130107753","https://openalex.org/W2130243914","https://openalex.org/W2167231283","https://openalex.org/W2208213903","https://openalex.org/W2256863551","https://openalex.org/W2274324447","https://openalex.org/W2344058806","https://openalex.org/W2372215236","https://openalex.org/W2410123514","https://openalex.org/W2498598569","https://openalex.org/W2515236103","https://openalex.org/W2542654018","https://openalex.org/W2556364798","https://openalex.org/W2619955662","https://openalex.org/W2622108862","https://openalex.org/W2624697062","https://openalex.org/W2630242880","https://openalex.org/W2896756971","https://openalex.org/W4247181191","https://openalex.org/W4250848060"],"related_works":["https://openalex.org/W4323323165","https://openalex.org/W2745033168","https://openalex.org/W3116842536","https://openalex.org/W1486481742","https://openalex.org/W2350876175","https://openalex.org/W2106371080","https://openalex.org/W46693260","https://openalex.org/W2143037118","https://openalex.org/W4388212678","https://openalex.org/W1981466760"],"abstract_inverted_index":{"We":[0],"propose":[1],"a":[2],"novel":[3],"methodology":[4,33],"that":[5],"allows":[6,34],"automatic":[7],"construction":[8],"of":[9,40,68,72,82],"benchmarks":[10],"for":[11,60],"Static":[12],"Analysis":[13],"Security":[14],"Testing":[15],"(SAST)":[16],"tools":[17,42,54],"based":[18],"on":[19],"real-world":[20],"software":[21],"projects":[22],"by":[23],"differencing":[24],"vulnerable":[25],"and":[26],"fixed":[27],"versions":[28,71],"in":[29],"FOSS":[30],"repositories.":[31],"The":[32],"us":[35],"to":[36],"evaluate":[37],"``actual''":[38],"performance":[39],"SAST":[41,53],"(without":[43],"unrelated":[44],"alarms).":[45],"To":[46],"test":[47],"our":[48],"approach,":[49],"we":[50,56],"benchmarked":[51],"7":[52],"(although":[55],"report":[57],"only":[58],"results":[59],"the":[61,80],"two":[62],"best":[63],"tools),":[64],"against":[65],"70":[66],"revisions":[67],"four":[69],"major":[70],"Apache":[73],"Tomcat":[74],"with":[75],"62":[76],"distinct":[77],"CVEs":[78],"as":[79],"source":[81],"ground":[83],"truth":[84],"vulnerabilities.":[85]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":2}],"updated_date":"2026-03-27T14:29:43.386196","created_date":"2025-10-10T00:00:00"}