{"id":"https://openalex.org/W4402215615","doi":"https://doi.org/10.1145/3691628","title":"A Large-Scale Study of IoT Security Weaknesses and Vulnerabilities in the Wild","display_name":"A Large-Scale Study of IoT Security Weaknesses and Vulnerabilities in the Wild","publication_year":2024,"publication_date":"2024-09-04","ids":{"openalex":"https://openalex.org/W4402215615","doi":"https://doi.org/10.1145/3691628"},"language":"en","primary_location":{"id":"doi:10.1145/3691628","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3691628","pdf_url":null,"source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1145/3691628","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5024011108","display_name":"Madhu Selvaraj","orcid":"https://orcid.org/0000-0002-9179-7902"},"institutions":[{"id":"https://openalex.org/I168635309","display_name":"University of Calgary","ror":"https://ror.org/03yjb2x39","country_code":"CA","type":"education","lineage":["https://openalex.org/I168635309"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Madhu Selvaraj","raw_affiliation_strings":["DISA Lab, University of Calgary, Alberta, Canada","DISA Lab, University of Calgary, Canada"],"affiliations":[{"raw_affiliation_string":"DISA Lab, University of Calgary, Alberta, Canada","institution_ids":["https://openalex.org/I168635309"]},{"raw_affiliation_string":"DISA Lab, University of Calgary, Canada","institution_ids":["https://openalex.org/I168635309"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5067154597","display_name":"Gias Uddin","orcid":"https://orcid.org/0000-0003-1376-095X"},"institutions":[{"id":"https://openalex.org/I168635309","display_name":"University of Calgary","ror":"https://ror.org/03yjb2x39","country_code":"CA","type":"education","lineage":["https://openalex.org/I168635309"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Gias Uddin","raw_affiliation_strings":["DISA Lab, University of Calgary, Alberta, Canada","DISA Lab, University of Calgary, Canada"],"affiliations":[{"raw_affiliation_string":"DISA Lab, University of Calgary, Alberta, Canada","institution_ids":["https://openalex.org/I168635309"]},{"raw_affiliation_string":"DISA Lab, University of Calgary, Canada","institution_ids":["https://openalex.org/I168635309"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5024011108"],"corresponding_institution_ids":["https://openalex.org/I168635309"],"apc_list":null,"apc_paid":null,"fwci":5.456,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.95908663,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"34","issue":"2","first_page":"1","last_page":"40"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10270","display_name":"Blockchain Technology Applications and Security","score":0.9966999888420105,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10270","display_name":"Blockchain Technology Applications and Security","score":0.9966999888420105,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10273","display_name":"IoT and Edge/Fog Computing","score":0.9943000078201294,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9796000123023987,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7766373157501221},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.5627374053001404},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.5183611512184143},{"id":"https://openalex.org/keywords/strengths-and-weaknesses","display_name":"Strengths and weaknesses","score":0.4253196716308594},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.39933323860168457},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.36654701828956604},{"id":"https://openalex.org/keywords/cartography","display_name":"Cartography","score":0.055298686027526855}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7766373157501221},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.5627374053001404},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.5183611512184143},{"id":"https://openalex.org/C63882131","wikidata":"https://www.wikidata.org/wiki/Q17122954","display_name":"Strengths and weaknesses","level":2,"score":0.4253196716308594},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.39933323860168457},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.36654701828956604},{"id":"https://openalex.org/C58640448","wikidata":"https://www.wikidata.org/wiki/Q42515","display_name":"Cartography","level":1,"score":0.055298686027526855},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3691628","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3691628","pdf_url":null,"source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3691628","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3691628","pdf_url":null,"source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":37,"referenced_works":["https://openalex.org/W133324854","https://openalex.org/W1986601961","https://openalex.org/W2009033060","https://openalex.org/W2134295053","https://openalex.org/W2168267147","https://openalex.org/W2598817001","https://openalex.org/W2606396711","https://openalex.org/W2613310014","https://openalex.org/W2686848947","https://openalex.org/W2748865644","https://openalex.org/W2765739766","https://openalex.org/W2767532479","https://openalex.org/W2768696376","https://openalex.org/W2774510177","https://openalex.org/W2789661710","https://openalex.org/W2810627707","https://openalex.org/W2901980656","https://openalex.org/W2921203933","https://openalex.org/W2947175569","https://openalex.org/W2950694606","https://openalex.org/W2954574294","https://openalex.org/W2955552127","https://openalex.org/W2962771808","https://openalex.org/W2963158978","https://openalex.org/W2964144088","https://openalex.org/W2985126008","https://openalex.org/W2990737658","https://openalex.org/W3034175800","https://openalex.org/W3046246673","https://openalex.org/W3091658513","https://openalex.org/W3097291403","https://openalex.org/W3103014234","https://openalex.org/W3123941558","https://openalex.org/W3133304533","https://openalex.org/W3193401134","https://openalex.org/W3198375663","https://openalex.org/W4286696249"],"related_works":["https://openalex.org/W4295769391","https://openalex.org/W2972220648","https://openalex.org/W2332667808","https://openalex.org/W1997921863","https://openalex.org/W4245926026","https://openalex.org/W4311097251","https://openalex.org/W2586548817","https://openalex.org/W3112960490","https://openalex.org/W93605524","https://openalex.org/W2625093826"],"abstract_inverted_index":{"Internet":[0],"of":[1,35,134,213,220,230,279,307,321,330],"Things":[2],"(IoT)":[3],"is":[4,24,47,284],"defined":[5],"as":[6,76,293],"the":[7,17,51,107,142,154,160,196,214,259,262,267,328,336],"connection":[8],"between":[9],"places":[10],"and":[11,91,150,186,192,251,313],"physical":[12],"objects":[13],"(i.e.,":[14,234],"things)":[15],"over":[16],"internet/network":[18],"via":[19],"smart":[20,294],"computing":[21],"devices.":[22,64],"IoT":[23,53,63,68,136,241,290,302,310,316],"a":[25,130],"rapidly":[26],"emerging":[27],"paradigm":[28],"that":[29,67,189,211,223,274,323],"now":[30],"encompasses":[31],"almost":[32],"every":[33],"aspect":[34],"our":[36],"modern":[37],"life.":[38],"As":[39],"these":[40],"devices":[41,291],"differ":[42],"from":[43,159,266],"traditional":[44],"computing,":[45],"it":[46],"important":[48],"to":[49,73,116,199,227,304,314],"understand":[50],"challenges":[52],"developers":[54,70,327],"face":[55],"while":[56],"implementing":[57],"proper":[58],"security":[59],"measures":[60],"in":[61,99,104,141,172,246,261,277,335],"their":[62,319],"We":[65],"observed":[66],"software":[69],"share":[71],"solutions":[72],"programming":[74,206],"questions":[75],"code":[77,101,113,122,138,157,216,242,311,333],"examples":[78,102,114,123,139,243,312,334],"on":[79,258],"three":[80,143,161],"Stack":[81,87,144],"Exchange":[82,145],"Q":[83],"&amp;":[84],"A":[85],"sites:":[86],"Overflow":[88],"(SO),":[89],"Arduino,":[90,149,247],"Raspberry":[92,151,252],"Pi.":[93,152,253],"Previous":[94],"research":[95],"studies":[96,108,119],"found":[97,245],"vulnerabilities/weaknesses":[98],"C/C++":[100,112,137],"shared":[103,140],"SO.":[105],"However,":[106],"did":[109],"not":[110],"investigate":[111],"related":[115],"IoT.":[117],"The":[118,237],"investigated":[120],"SO":[121],"only.":[124],"In":[125],"this":[126],"article,":[127],"we":[128,163,187,209,272],"conduct":[129],"large-scale":[131],"empirical":[132],"study":[133,297],"all":[135],"sites,":[146,162],"i.e.,":[147],"SO,":[148,250],"From":[153],"11,329":[155],"obtained":[156],"snippets":[158,217],"identify":[164],"29":[165],"distinct":[166],"Common":[167],"Weakness":[168],"Enumeration":[169],"(CWE)":[170],"types":[171,177,222,233],"609":[173],"snippets.":[174],"These":[175],"CWE":[176,221,232],"can":[178,224,299,324],"be":[179,200,225,305],"categorized":[180],"into":[181],"eight":[182],"general":[183],"weakness":[184],"categories,":[185],"observe":[188],"evaluation,":[190],"memory,":[191],"initialization-related":[193],"weaknesses":[194],"are":[195,257],"most":[197,238],"common":[198],"introduced":[201],"by":[202,249],"users":[203],"when":[204],"posting":[205],"solutions.":[207],"Furthermore,":[208],"find":[210,273],"39.58%":[212],"vulnerable":[215,240,309,332],"contain":[218],"instances":[219],"mapped":[226,269],"real-world":[228],"occurrences":[229],"those":[231],"CVE":[235,270],"instances).":[236],"number":[239],"was":[244],"followed":[248],"Memory":[254],"type":[255],"vulnerabilities":[256],"rise":[260],"sites.":[263,337],"For":[264],"example,":[265],"3,595":[268],"instances,":[271],"28.99%":[275],"result":[276],"Denial":[278],"Service":[280],"(DoS)":[281],"errors,":[282],"which":[283],"particularly":[285],"harmful":[286],"for":[287],"network":[288],"reliant":[289],"such":[292,308,331],"cars.":[295],"Our":[296],"results":[298],"guide":[300],"various":[301],"stakeholders":[303],"aware":[306],"inform":[315],"researchers":[317],"during":[318],"development":[320],"tools":[322],"help":[325],"prevent":[326],"sharing":[329]},"counts_by_year":[{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2024-09-05T00:00:00"}