{"id":"https://openalex.org/W4308562562","doi":"https://doi.org/10.1145/3560835.3564553","title":"Adapting Static Taint Analyzers to Software Marketplaces","display_name":"Adapting Static Taint Analyzers to Software Marketplaces","publication_year":2022,"publication_date":"2022-11-08","ids":{"openalex":"https://openalex.org/W4308562562","doi":"https://doi.org/10.1145/3560835.3564553"},"language":"en","primary_location":{"id":"doi:10.1145/3560835.3564553","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3560835.3564553","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3560835.3564553","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3560835.3564553","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5025664186","display_name":"Daniel Krohmer","orcid":null},"institutions":[{"id":"https://openalex.org/I4210098380","display_name":"Fraunhofer Institute for Experimental Software Engineering","ror":"https://ror.org/00r1wdc11","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210098380","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Daniel Krohmer","raw_affiliation_strings":["Fraunhofer IESE, Kaiserslautern, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Fraunhofer IESE, Kaiserslautern, Germany","institution_ids":["https://openalex.org/I4210098380"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101961364","display_name":"Kunal Sharma","orcid":"https://orcid.org/0000-0003-1576-5383"},"institutions":[{"id":"https://openalex.org/I153267046","display_name":"University of Kaiserslautern","ror":"https://ror.org/04zrf7b53","country_code":"DE","type":"education","lineage":["https://openalex.org/I153267046"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Kunal Sharma","raw_affiliation_strings":["University of Kaiserslautern, Kaiserslautern, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Kaiserslautern, Kaiserslautern, Germany","institution_ids":["https://openalex.org/I153267046"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100362187","display_name":"Shi Chen","orcid":"https://orcid.org/0000-0001-8719-4431"},"institutions":[{"id":"https://openalex.org/I153267046","display_name":"University of Kaiserslautern","ror":"https://ror.org/04zrf7b53","country_code":"DE","type":"education","lineage":["https://openalex.org/I153267046"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Shi Chen","raw_affiliation_strings":["University of Kaiserslautern, Kaiserslautern, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Kaiserslautern, Kaiserslautern, Germany","institution_ids":["https://openalex.org/I153267046"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5025664186"],"corresponding_institution_ids":["https://openalex.org/I4210098380"],"apc_list":null,"apc_paid":null,"fwci":0.319,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.6431394,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"73","last_page":"82"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9954000115394592,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9948999881744385,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.9000053405761719},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.852759599685669},{"id":"https://openalex.org/keywords/plug-in","display_name":"Plug-in","score":0.7370121479034424},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.6439476609230042},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.5795807242393494},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5793583393096924},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.4283130168914795},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.42694446444511414},{"id":"https://openalex.org/keywords/sample","display_name":"Sample (material)","score":0.42147135734558105},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.38465389609336853},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.300988107919693},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.17139965295791626},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.1628723442554474}],"concepts":[{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.9000053405761719},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.852759599685669},{"id":"https://openalex.org/C4924752","wikidata":"https://www.wikidata.org/wiki/Q184148","display_name":"Plug-in","level":2,"score":0.7370121479034424},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.6439476609230042},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.5795807242393494},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5793583393096924},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.4283130168914795},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.42694446444511414},{"id":"https://openalex.org/C198531522","wikidata":"https://www.wikidata.org/wiki/Q485146","display_name":"Sample (material)","level":2,"score":0.42147135734558105},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.38465389609336853},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.300988107919693},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.17139965295791626},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.1628723442554474},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C43617362","wikidata":"https://www.wikidata.org/wiki/Q170050","display_name":"Chromatography","level":1,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3560835.3564553","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3560835.3564553","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3560835.3564553","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"},{"id":"pmh:oai:publica.fraunhofer.de:publica/437394","is_oa":false,"landing_page_url":"https://publica.fraunhofer.de/handle/publica/437394","pdf_url":null,"source":{"id":"https://openalex.org/S4306400318","display_name":"Fraunhofer-Publica (Fraunhofer-Gesellschaft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4923324","host_organization_name":"Fraunhofer-Gesellschaft","host_organization_lineage":["https://openalex.org/I4923324"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"conference paper"}],"best_oa_location":{"id":"doi:10.1145/3560835.3564553","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3560835.3564553","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3560835.3564553","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.550000011920929,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4308562562.pdf","grobid_xml":"https://content.openalex.org/works/W4308562562.grobid-xml"},"referenced_works_count":43,"referenced_works":["https://openalex.org/W1967446222","https://openalex.org/W1968195039","https://openalex.org/W1971800255","https://openalex.org/W1973581268","https://openalex.org/W1973593263","https://openalex.org/W1991074244","https://openalex.org/W2001593152","https://openalex.org/W2043914943","https://openalex.org/W2055366371","https://openalex.org/W2061640969","https://openalex.org/W2085925880","https://openalex.org/W2111487235","https://openalex.org/W2113709047","https://openalex.org/W2113714600","https://openalex.org/W2117353399","https://openalex.org/W2125357166","https://openalex.org/W2129362719","https://openalex.org/W2134646643","https://openalex.org/W2135654257","https://openalex.org/W2147478478","https://openalex.org/W2292865721","https://openalex.org/W2469491375","https://openalex.org/W2539382385","https://openalex.org/W2540423276","https://openalex.org/W2563721009","https://openalex.org/W2732351623","https://openalex.org/W2804217504","https://openalex.org/W2887773459","https://openalex.org/W2898614297","https://openalex.org/W2920909080","https://openalex.org/W2953940813","https://openalex.org/W2955471678","https://openalex.org/W2967904600","https://openalex.org/W3005026984","https://openalex.org/W3025451187","https://openalex.org/W3090362160","https://openalex.org/W3135341794","https://openalex.org/W3161807664","https://openalex.org/W3162923072","https://openalex.org/W3184620131","https://openalex.org/W3186977283","https://openalex.org/W3194926883","https://openalex.org/W4242704962"],"related_works":["https://openalex.org/W2560421591","https://openalex.org/W2360920691","https://openalex.org/W2499489413","https://openalex.org/W2383958993","https://openalex.org/W1486481742","https://openalex.org/W4200028713","https://openalex.org/W2982341996","https://openalex.org/W2143037118","https://openalex.org/W4361792401","https://openalex.org/W2024544369"],"abstract_inverted_index":{"Improper":[0],"input":[1],"validation":[2],"is":[3,88],"still":[4],"one":[5],"of":[6,53,80,106,143],"the":[7,110,140],"most":[8],"severe":[9],"problem":[10],"classes":[11],"in":[12,94,157,167],"web":[13,95],"application":[14],"security,":[15],"although":[16],"there":[17],"are":[18],"concepts":[19],"with":[20,128],"a":[21,99,103,115,129,161],"good":[22],"problem-solution":[23],"fit,":[24],"such":[25],"as":[26],"static":[27,34],"taint":[28,35,69],"analysis.":[29],"In":[30,56],"practice,":[31],"however,":[32],"existing":[33,68],"analyzers":[36,70],"suffer":[37],"from":[38,109],"both":[39,76],"high":[40,130],"false":[41,44],"positive":[42],"and":[43,78,146],"negative":[45],"rates,":[46],"making":[47],"them":[48],"impractical":[49],"for":[50,90,153,164],"effective":[51],"detection":[52,156],"new":[54,92],"vulnerabilities.":[55],"this":[57,168],"work,":[58],"we":[59,97,117],"present":[60],"an":[61],"approach":[62,87,145],"that":[63,148],"aims":[64],"to":[65,74,102,120],"systematically":[66],"specialize":[67],"toward":[71],"software":[72,158],"marketplaces":[73],"improve":[75],"recall":[77],"precision":[79],"their":[81],"analyses.":[82],"To":[83],"validate":[84],"whether":[85],"our":[86,144],"suitable":[89,152],"finding":[91],"vulnerabilities":[93,127],"applications,":[96],"applied":[98],"specialized":[100],"taint-analyzer":[101],"random":[104],"sample":[105],"1,000":[107],"plugins":[108],"WordPress":[111],"plugin":[112],"store.":[113],"As":[114],"result,":[116],"were":[118],"able":[119],"disclose":[121],"ten":[122],"CVE":[123],"entries,":[124],"including":[125],"two":[126],"or":[131],"even":[132],"critical":[133],"CVSS":[134],"score.":[135],"Our":[136],"preliminary":[137],"results":[138],"indicate":[139],"principle":[141],"feasibility":[142],"show":[147],"it":[149],"may":[150],"be":[151],"mass":[154],"vulnerability":[155],"marketplaces,":[159],"providing":[160],"promising":[162],"foundation":[163],"future":[165],"works":[166],"domain.":[169]},"counts_by_year":[{"year":2024,"cited_by_count":1}],"updated_date":"2026-05-05T08:41:31.759640","created_date":"2022-11-12T00:00:00"}