{"id":"https://openalex.org/W2968544084","doi":"https://doi.org/10.1145/3338906.3341466","title":"Machine-learning supported vulnerability detection in source code","display_name":"Machine-learning supported vulnerability detection in source code","publication_year":2019,"publication_date":"2019-08-09","ids":{"openalex":"https://openalex.org/W2968544084","doi":"https://doi.org/10.1145/3338906.3341466","mag":"2968544084"},"language":"en","primary_location":{"id":"doi:10.1145/3338906.3341466","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3338906.3341466","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5071262516","display_name":"Tim Sonnekalb","orcid":"https://orcid.org/0000-0002-0067-1790"},"institutions":[{"id":"https://openalex.org/I4210098107","display_name":"Dienstleistungszentrum L\u00e4ndlicher Raum","ror":"https://ror.org/00yzwtk60","country_code":"DE","type":"other","lineage":["https://openalex.org/I4210098107"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Tim Sonnekalb","raw_affiliation_strings":["DLR, Germany"],"affiliations":[{"raw_affiliation_string":"DLR, Germany","institution_ids":["https://openalex.org/I4210098107"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5071262516"],"corresponding_institution_ids":["https://openalex.org/I4210098107"],"apc_list":null,"apc_paid":null,"fwci":2.0349,"has_fulltext":false,"cited_by_count":13,"citation_normalized_percentile":{"value":0.89914148,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1180","last_page":"1183"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8247507810592651},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.7399569749832153},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6689321994781494},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.6678736209869385},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.6576760411262512},{"id":"https://openalex.org/keywords/static-program-analysis","display_name":"Static program analysis","score":0.5835294723510742},{"id":"https://openalex.org/keywords/kpi-driven-code-analysis","display_name":"KPI-driven code analysis","score":0.5420629978179932},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.5255647897720337},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.49214333295822144},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.48073530197143555},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.47886034846305847},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.46986278891563416},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4653414487838745},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.46271321177482605},{"id":"https://openalex.org/keywords/code-review","display_name":"Code review","score":0.46122461557388306},{"id":"https://openalex.org/keywords/interface","display_name":"Interface (matter)","score":0.4574408531188965},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.4571296274662018},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.45431965589523315},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.43984344601631165},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4287843406200409},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.40640130639076233},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.3821374177932739},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.21073362231254578},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1976219117641449},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1654973328113556},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.08309414982795715}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8247507810592651},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.7399569749832153},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6689321994781494},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.6678736209869385},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.6576760411262512},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.5835294723510742},{"id":"https://openalex.org/C121957198","wikidata":"https://www.wikidata.org/wiki/Q14365593","display_name":"KPI-driven code analysis","level":5,"score":0.5420629978179932},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.5255647897720337},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.49214333295822144},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.48073530197143555},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.47886034846305847},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.46986278891563416},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4653414487838745},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.46271321177482605},{"id":"https://openalex.org/C150292731","wikidata":"https://www.wikidata.org/wiki/Q1342704","display_name":"Code review","level":5,"score":0.46122461557388306},{"id":"https://openalex.org/C113843644","wikidata":"https://www.wikidata.org/wiki/Q901882","display_name":"Interface (matter)","level":4,"score":0.4574408531188965},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4571296274662018},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.45431965589523315},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.43984344601631165},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4287843406200409},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.40640130639076233},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3821374177932739},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.21073362231254578},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1976219117641449},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1654973328113556},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.08309414982795715},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C157915830","wikidata":"https://www.wikidata.org/wiki/Q2928001","display_name":"Bubble","level":2,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0},{"id":"https://openalex.org/C129307140","wikidata":"https://www.wikidata.org/wiki/Q6795880","display_name":"Maximum bubble pressure method","level":3,"score":0.0},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0},{"id":"https://openalex.org/C13280743","wikidata":"https://www.wikidata.org/wiki/Q131089","display_name":"Geodesy","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3338906.3341466","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3338906.3341466","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:elib.dlr.de:128590","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4377196266","display_name":"elib (German Aerospace Center)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I2898391981","host_organization_name":"Deutsches Zentrum f\u00fcr Luft- und Raumfahrt e. V. (DLR)","host_organization_lineage":["https://openalex.org/I2898391981"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"","raw_type":"Konferenzbeitrag"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.41999998688697815}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W1531064568","https://openalex.org/W1992114977","https://openalex.org/W2028820179","https://openalex.org/W2297419069","https://openalex.org/W2748690817","https://openalex.org/W2784876765","https://openalex.org/W2800324873","https://openalex.org/W2883359218","https://openalex.org/W2887773459","https://openalex.org/W2964150020","https://openalex.org/W2964210007","https://openalex.org/W4248718655","https://openalex.org/W4285719527"],"related_works":["https://openalex.org/W3153702491","https://openalex.org/W3008981372","https://openalex.org/W2789660410","https://openalex.org/W2904997879","https://openalex.org/W3006945192","https://openalex.org/W2034209539","https://openalex.org/W1976804602","https://openalex.org/W4400488007","https://openalex.org/W2206096527","https://openalex.org/W2273303560"],"abstract_inverted_index":{"The":[0,50],"awareness":[1],"of":[2,11,56,70,73,92,179],"writing":[3],"secure":[4],"code":[5,100,121,161],"rises":[6],"with":[7,44,101,108],"the":[8,30,71,87,90,98,177],"increasing":[9],"number":[10],"attacks":[12],"and":[13,25,163,170],"their":[14,74],"resultant":[15],"damage.":[16],"But":[17],"often,":[18],"software":[19,75,135],"developers":[20],"are":[21],"no":[22],"security":[23,72,94],"experts":[24],"vulnerabilities":[26],"arise":[27],"unconsciously":[28],"during":[29],"development":[31],"process.":[32],"They":[33],"use":[34],"static":[35,109],"analysis":[36],"tools":[37],"for":[38,123,132,167],"bug":[39],"detection,":[40],"which":[41],"often":[42],"come":[43],"a":[45,54,93,102,140,154,172],"high":[46],"false":[47],"positive":[48],"rate.":[49],"developers,":[51],"therefore,":[52],"need":[53],"lot":[55],"resources":[57],"to":[58,66,79,89,127,143,152,157,185],"mind":[59],"about":[60],"all":[61],"alarms,":[62],"if":[63,81],"they":[64],"want":[65,78,151,184],"consistently":[67],"take":[68],"care":[69],"project.":[76],"We":[77,137,150],"investigate,":[80],"machine":[82,118,164,194],"learning":[83,119,165,195],"techniques":[84],"could":[85],"point":[86,96],"user":[88],"position":[91],"weak":[95],"in":[97,148],"source":[99,160],"higher":[103],"accuracy":[104],"than":[105],"ordinary":[106],"methods":[107],"analysis.":[110],"For":[111],"this":[112,180],"purpose,":[113],"we":[114,183],"focus":[115],"on":[116,120,193,196],"current":[117],"approaches":[122],"our":[124],"initial":[125],"studies":[126],"evolve":[128],"an":[129,187],"efficient":[130],"way":[131],"finding":[133],"security-related":[134],"bugs.":[136],"will":[138],"create":[139,153],"configuration":[141],"interface":[142],"discover":[144],"certain":[145],"vulnerabilities,":[146],"categorized":[147],"CWEs.":[149],"benchmark":[155],"tool":[156,191],"compare":[158],"existing":[159],"representations":[162],"architectures":[166],"vulnerability":[168,189],"detection":[169,190],"develop":[171],"customizable":[173],"feature":[174],"model.":[175],"At":[176],"end":[178],"PhD":[181],"project,":[182],"have":[186],"easy-to-use":[188],"based":[192],"code.":[197]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}