{"id":"https://openalex.org/W4387880868","doi":"https://doi.org/10.1145/3618257.3624804","title":"A Longitudinal Study of Vulnerable Client-side Resources and Web Developers' Updating Behaviors","display_name":"A Longitudinal Study of Vulnerable Client-side Resources and Web Developers' Updating Behaviors","publication_year":2023,"publication_date":"2023-10-23","ids":{"openalex":"https://openalex.org/W4387880868","doi":"https://doi.org/10.1145/3618257.3624804"},"language":"en","primary_location":{"id":"doi:10.1145/3618257.3624804","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3618257.3624804","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM on Internet Measurement Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5060323655","display_name":"Kyungchan Lim","orcid":"https://orcid.org/0009-0001-1931-1373"},"institutions":[{"id":"https://openalex.org/I2802706902","display_name":"Knoxville College","ror":"https://ror.org/02bxrp522","country_code":"US","type":"education","lineage":["https://openalex.org/I2802706902"]},{"id":"https://openalex.org/I75027704","display_name":"University of Tennessee at Knoxville","ror":"https://ror.org/020f3ap87","country_code":"US","type":"education","lineage":["https://openalex.org/I75027704"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Kyungchan Lim","raw_affiliation_strings":["University of Tennessee, Knoxville, Knoxville, TN, USA"],"raw_orcid":"https://orcid.org/0009-0001-1931-1373","affiliations":[{"raw_affiliation_string":"University of Tennessee, Knoxville, Knoxville, TN, USA","institution_ids":["https://openalex.org/I2802706902","https://openalex.org/I75027704"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053834185","display_name":"Yonghwi Kwon","orcid":"https://orcid.org/0000-0002-0021-2850"},"institutions":[{"id":"https://openalex.org/I66946132","display_name":"University of Maryland, College Park","ror":"https://ror.org/047s2c258","country_code":"US","type":"education","lineage":["https://openalex.org/I66946132"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yonghwi Kwon","raw_affiliation_strings":["University of Maryland, College Park, MD, USA"],"raw_orcid":"https://orcid.org/0000-0002-0021-2850","affiliations":[{"raw_affiliation_string":"University of Maryland, College Park, MD, USA","institution_ids":["https://openalex.org/I66946132"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5025936242","display_name":"Doowon Kim","orcid":"https://orcid.org/0000-0002-9033-990X"},"institutions":[{"id":"https://openalex.org/I2802706902","display_name":"Knoxville College","ror":"https://ror.org/02bxrp522","country_code":"US","type":"education","lineage":["https://openalex.org/I2802706902"]},{"id":"https://openalex.org/I75027704","display_name":"University of Tennessee at Knoxville","ror":"https://ror.org/020f3ap87","country_code":"US","type":"education","lineage":["https://openalex.org/I75027704"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Doowon Kim","raw_affiliation_strings":["University of Tennessee, Knoxville, Knoxville, TN, USA"],"raw_orcid":"https://orcid.org/0000-0002-9033-990X","affiliations":[{"raw_affiliation_string":"University of Tennessee, Knoxville, Knoxville, TN, USA","institution_ids":["https://openalex.org/I2802706902","https://openalex.org/I75027704"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5060323655"],"corresponding_institution_ids":["https://openalex.org/I2802706902","https://openalex.org/I75027704"],"apc_list":null,"apc_paid":null,"fwci":1.3453,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.85696121,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"162","last_page":"180"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.8909375071525574},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7531102895736694},{"id":"https://openalex.org/keywords/client-side","display_name":"Client-side","score":0.7242705821990967},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.6833429336547852},{"id":"https://openalex.org/keywords/unobtrusive-javascript","display_name":"Unobtrusive JavaScript","score":0.5403355360031128},{"id":"https://openalex.org/keywords/web-page","display_name":"Web page","score":0.5320597290992737},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5057337284088135},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.489748477935791},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.42022407054901123},{"id":"https://openalex.org/keywords/web-resource","display_name":"Web resource","score":0.41899383068084717},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.41556715965270996},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.3847615718841553},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.3736492693424225},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3539045453071594},{"id":"https://openalex.org/keywords/rich-internet-application","display_name":"Rich Internet application","score":0.3141666650772095}],"concepts":[{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.8909375071525574},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7531102895736694},{"id":"https://openalex.org/C202477664","wikidata":"https://www.wikidata.org/wiki/Q1352449","display_name":"Client-side","level":2,"score":0.7242705821990967},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.6833429336547852},{"id":"https://openalex.org/C198240166","wikidata":"https://www.wikidata.org/wiki/Q2298909","display_name":"Unobtrusive JavaScript","level":4,"score":0.5403355360031128},{"id":"https://openalex.org/C21959979","wikidata":"https://www.wikidata.org/wiki/Q36774","display_name":"Web page","level":2,"score":0.5320597290992737},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5057337284088135},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.489748477935791},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.42022407054901123},{"id":"https://openalex.org/C65603577","wikidata":"https://www.wikidata.org/wiki/Q3427877","display_name":"Web resource","level":2,"score":0.41899383068084717},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.41556715965270996},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3847615718841553},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.3736492693424225},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3539045453071594},{"id":"https://openalex.org/C103048170","wikidata":"https://www.wikidata.org/wiki/Q725485","display_name":"Rich Internet application","level":3,"score":0.3141666650772095}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3618257.3624804","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3618257.3624804","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM on Internet Measurement Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G267179693","display_name":null,"funder_award_id":"2210137, 2335798, 1908021, 1916499, and 2145616","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W1991074244","https://openalex.org/W2033890725","https://openalex.org/W2039999720","https://openalex.org/W2048535238","https://openalex.org/W2072978486","https://openalex.org/W2101678831","https://openalex.org/W2129596343","https://openalex.org/W2490818307","https://openalex.org/W2497863076","https://openalex.org/W2504057261","https://openalex.org/W2511044583","https://openalex.org/W2605038967","https://openalex.org/W2764109621","https://openalex.org/W3007024382","https://openalex.org/W3008162052","https://openalex.org/W3117384287","https://openalex.org/W3196703627","https://openalex.org/W4299301436"],"related_works":["https://openalex.org/W597036300","https://openalex.org/W650647575","https://openalex.org/W36303035","https://openalex.org/W2477981260","https://openalex.org/W2617623045","https://openalex.org/W4231812305","https://openalex.org/W2732083259","https://openalex.org/W4254054560","https://openalex.org/W797982555","https://openalex.org/W2155735696"],"abstract_inverted_index":{"Modern":[0],"Websites":[1],"rely":[2],"on":[3,69,92,219],"various":[4],"client-side":[5,28,93,148,198,220],"web":[6,19,54,74],"resources,":[7,221],"such":[8,247],"as":[9,248],"JavaScript":[10,96,151,160],"libraries,":[11],"to":[12,195],"provide":[13],"end-users":[14],"with":[15,186],"rich":[16],"and":[17,56,65,90,98,216],"interactive":[18],"experiences.":[20],"Unfortunately,":[21],"anecdotal":[22],"evidence":[23],"shows":[24],"that":[25,35,158,230],"improperly":[26],"managed":[27],"resources":[29,94,199],"could":[30],"open":[31],"up":[32],"attack":[33],"surfaces":[34],"adversaries":[36],"can":[37],"exploit.":[38],"However,":[39],"there":[40],"is":[41],"still":[42],"a":[43,46,81,108,170],"lack":[44],"of":[45,49,60,72,86,111,114,132,134,139,173,189,192,203,212,225,235],"comprehensive":[47],"understanding":[48],"the":[50,57,70,73,87,102,123,126,140,167,178,190,196,201,210],"updating":[51],"practices":[52,89],"among":[53],"developers":[55],"potential":[58],"impact":[59,244],"inaccuracies":[61],"in":[62,122,166,177],"Common":[63],"Vulnerabilities":[64,215],"Exposures":[66],"(CVE)":[67],"information":[68],"security":[71,88,204,249],"ecosystem.":[75],"In":[76],"this":[77],"paper,":[78],"we":[79,105,128,182,207],"conduct":[80],"longitudinal":[82],"(four-year)":[83],"measurement":[84],"study":[85],"implications":[91],"(e.g.,":[95,150],"libraries":[97],"Adobe":[99,153],"Flash)":[100],"across":[101],"Web.":[103],"Specifically,":[104],"first":[106],"collect":[107],"large-scale":[109],"dataset":[110],"157.2M":[112],"webpages":[113],"Alexa":[115],"Top":[116],"1M":[117],"websites":[118,135,188],"for":[119],"four":[120,141],"years":[121],"wild.":[124,179],"Analyzing":[125],"dataset,":[127],"find":[129,229],"an":[130],"average":[131],"41.2%":[133],"(in":[136],"each":[137],"year":[138],"years)":[142],"carry":[143],"at":[144],"least":[145],"one":[146],"vulnerable":[147,159,239],"resource":[149],"or":[152],"Flash).":[154],"We":[155,228],"also":[156],"reveal":[157],"library":[161],"versions":[162],"are":[163],"frequently":[164],"observed":[165],"wild,":[168],"suggesting":[169],"concerning":[171],"level":[172],"lagging":[174],"update":[175],"practice":[176],"On":[180],"average,":[181],"observe":[183],"531.2":[184],"days":[185],"25,337":[187],"window":[191],"vulnerability":[193],"due":[194],"unpatched":[197],"from":[200],"release":[202],"patches.":[205],"Furthermore,":[206],"manually":[208],"investigate":[209],"fidelity":[211],"CVE":[213,232],"(Common":[214],"Exposures)":[217],"reports":[218,233],"leveraging":[222],"PoC":[223],"(Proof":[224],"Concept)":[226],"code.":[227],"13":[231],"(out":[234],"27)":[236],"have":[237],"incorrect":[238],"version":[240],"information,":[241],"which":[242],"may":[243],"security-related":[245],"tasks":[246],"updates.":[250]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}