{"id":"https://openalex.org/W2899036395","doi":"https://doi.org/10.1587/transinf.2017icp0009","title":"Towards Finding Code Snippets on a Question and Answer Website Causing Mobile App Vulnerabilities","display_name":"Towards Finding Code Snippets on a Question and Answer Website Causing Mobile App Vulnerabilities","publication_year":2018,"publication_date":"2018-10-31","ids":{"openalex":"https://openalex.org/W2899036395","doi":"https://doi.org/10.1587/transinf.2017icp0009","mag":"2899036395"},"language":"en","primary_location":{"id":"doi:10.1587/transinf.2017icp0009","is_oa":true,"landing_page_url":"https://doi.org/10.1587/transinf.2017icp0009","pdf_url":"https://www.jstage.jst.go.jp/article/transinf/E101.D/11/E101.D_2017ICP0009/_pdf","source":{"id":"https://openalex.org/S2486202937","display_name":"IEICE Transactions on Information and Systems","issn_l":"0916-8532","issn":["0916-8532","1745-1361"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4320800604","host_organization_name":"Institute of Electronics, Information and Communication Engineers","host_organization_lineage":["https://openalex.org/P4320800604"],"host_organization_lineage_names":["Institute of Electronics, Information and Communication Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEICE Transactions on Information and Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://www.jstage.jst.go.jp/article/transinf/E101.D/11/E101.D_2017ICP0009/_pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100686845","display_name":"Hiroki Nakano","orcid":"https://orcid.org/0009-0009-4470-2139"},"institutions":[{"id":"https://openalex.org/I180203408","display_name":"Yokohama National University","ror":"https://ror.org/03zyp6p76","country_code":"JP","type":"education","lineage":["https://openalex.org/I180203408"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Hiroki NAKANO","raw_affiliation_strings":["Graduate School of Environment and Information Sciences, Yokohama National University","NTT Secure Platform Laboratories"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Graduate School of Environment and Information Sciences, Yokohama National University","institution_ids":["https://openalex.org/I180203408"]},{"raw_affiliation_string":"NTT Secure Platform Laboratories","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016083227","display_name":"Fumihiro Kanei","orcid":"https://orcid.org/0000-0002-5212-9274"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Fumihiro KANEI","raw_affiliation_strings":["NTT Secure Platform Laboratories"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"NTT Secure Platform Laboratories","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024697484","display_name":"Yuta Takata","orcid":"https://orcid.org/0009-0008-2773-0659"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yuta TAKATA","raw_affiliation_strings":["NTT Secure Platform Laboratories"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"NTT Secure Platform Laboratories","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012291537","display_name":"Mitsuaki Akiyama","orcid":"https://orcid.org/0000-0001-7052-8562"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mitsuaki AKIYAMA","raw_affiliation_strings":["NTT Secure Platform Laboratories"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"NTT Secure Platform Laboratories","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5028367744","display_name":"Katsunari Yoshioka","orcid":"https://orcid.org/0000-0003-0964-8631"},"institutions":[{"id":"https://openalex.org/I180203408","display_name":"Yokohama National University","ror":"https://ror.org/03zyp6p76","country_code":"JP","type":"education","lineage":["https://openalex.org/I180203408"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Katsunari YOSHIOKA","raw_affiliation_strings":["Graduate School of Environment and Information Sciences/Institute of Advance Sciences, Yokohama National University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Graduate School of Environment and Information Sciences/Institute of Advance Sciences, Yokohama National University","institution_ids":["https://openalex.org/I180203408"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.12435638,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"E101.D","issue":"11","first_page":"2576","last_page":"2583"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/bytecode","display_name":"Bytecode","score":0.8490307927131653},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.834013819694519},{"id":"https://openalex.org/keywords/snippet","display_name":"Snippet","score":0.8289686441421509},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.7150740027427673},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.5354573726654053},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5083314776420593},{"id":"https://openalex.org/keywords/mobile-apps","display_name":"Mobile apps","score":0.48031085729599},{"id":"https://openalex.org/keywords/blacklist","display_name":"Blacklist","score":0.4361336827278137},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3662903904914856},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.25673043727874756},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.12848591804504395},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.11141008138656616},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.08686283230781555}],"concepts":[{"id":"https://openalex.org/C2779818221","wikidata":"https://www.wikidata.org/wiki/Q837330","display_name":"Bytecode","level":3,"score":0.8490307927131653},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.834013819694519},{"id":"https://openalex.org/C2777822670","wikidata":"https://www.wikidata.org/wiki/Q1120538","display_name":"Snippet","level":2,"score":0.8289686441421509},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.7150740027427673},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.5354573726654053},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5083314776420593},{"id":"https://openalex.org/C2988145974","wikidata":"https://www.wikidata.org/wiki/Q620615","display_name":"Mobile apps","level":2,"score":0.48031085729599},{"id":"https://openalex.org/C2781345505","wikidata":"https://www.wikidata.org/wiki/Q2535979","display_name":"Blacklist","level":2,"score":0.4361336827278137},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3662903904914856},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.25673043727874756},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.12848591804504395},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.11141008138656616},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.08686283230781555},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1587/transinf.2017icp0009","is_oa":true,"landing_page_url":"https://doi.org/10.1587/transinf.2017icp0009","pdf_url":"https://www.jstage.jst.go.jp/article/transinf/E101.D/11/E101.D_2017ICP0009/_pdf","source":{"id":"https://openalex.org/S2486202937","display_name":"IEICE Transactions on Information and Systems","issn_l":"0916-8532","issn":["0916-8532","1745-1361"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4320800604","host_organization_name":"Institute of Electronics, Information and Communication Engineers","host_organization_lineage":["https://openalex.org/P4320800604"],"host_organization_lineage_names":["Institute of Electronics, Information and Communication Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEICE Transactions on Information and Systems","raw_type":"journal-article"},{"id":"mag:2631076417","is_oa":false,"landing_page_url":"https://www.ieice.org/ken/paper/20170314FbsL/eng/","pdf_url":null,"source":{"id":"https://openalex.org/S4306512848","display_name":"IEICE Technical Report; IEICE Tech. Rep.","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":"IEICE Technical Report; IEICE Tech. Rep.","raw_type":null}],"best_oa_location":{"id":"doi:10.1587/transinf.2017icp0009","is_oa":true,"landing_page_url":"https://doi.org/10.1587/transinf.2017icp0009","pdf_url":"https://www.jstage.jst.go.jp/article/transinf/E101.D/11/E101.D_2017ICP0009/_pdf","source":{"id":"https://openalex.org/S2486202937","display_name":"IEICE Transactions on Information and Systems","issn_l":"0916-8532","issn":["0916-8532","1745-1361"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4320800604","host_organization_name":"Institute of Electronics, Information and Communication Engineers","host_organization_lineage":["https://openalex.org/P4320800604"],"host_organization_lineage_names":["Institute of Electronics, Information and Communication Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEICE Transactions on Information and Systems","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2899036395.pdf","grobid_xml":"https://content.openalex.org/works/W2899036395.grobid-xml"},"referenced_works_count":12,"referenced_works":["https://openalex.org/W101604734","https://openalex.org/W183494281","https://openalex.org/W1578479379","https://openalex.org/W2008810193","https://openalex.org/W2043140003","https://openalex.org/W2064038877","https://openalex.org/W2088479623","https://openalex.org/W2103370348","https://openalex.org/W2511044583","https://openalex.org/W2604518650","https://openalex.org/W2605037362","https://openalex.org/W2964144088"],"related_works":["https://openalex.org/W3172840274","https://openalex.org/W2245533262","https://openalex.org/W2616814339","https://openalex.org/W2399597187","https://openalex.org/W2052507375","https://openalex.org/W4211236094","https://openalex.org/W4285356403","https://openalex.org/W2922039621","https://openalex.org/W2887633424","https://openalex.org/W2796028780"],"abstract_inverted_index":{"Android":[0,26,48],"app":[1],"developers":[2],"sometimes":[3],"copy":[4],"code":[5,22,66,73,126,132],"snippets":[6,45,67,74,88,133],"posted":[7],"on":[8,46,91],"a":[9,21,76,141,151],"question-and-answer":[10],"(Q&A)":[11],"website":[12],"and":[13,68,83,89,120],"use":[14],"them":[15],"in":[16,54],"their":[17],"apps.":[18,70,93],"However,":[19],"if":[20],"snippet":[23,31,144],"has":[24,50,145],"vulnerabilities,":[25,119],"apps":[27,49,103,148,159],"containing":[28],"the":[29,35,40,47,61,64,138],"vulnerable":[30,44,65,69,81,92,131],"could":[32],"also":[33],"have":[34,105,115,123],"same":[36],"vulnerabilities.":[37],"Despite":[38],"this,":[39],"effect":[41],"of":[42,100,156],"such":[43],"not":[51],"been":[52],"investigated":[53],"depth.":[55],"In":[56,137],"this":[57],"paper,":[58],"we":[59,71],"investigate":[60],"correspondence":[62],"between":[63,86],"collect":[72],"from":[75,134],"Q&A":[77],"website,":[78],"extract":[79],"possibly":[80,130],"snippets,":[82],"calculate":[84],"similarity":[85],"those":[87],"bytecode":[90],"Our":[94],"experimental":[95],"results":[96],"show":[97],"that":[98,104,114,122,161],"15.8%":[99],"all":[101,157],"evaluated":[102],"SSL":[106,116],"implementation":[107],"vulnerabilities":[108,128],"(Improper":[109],"host":[110],"name":[111],"verification),":[112],"31.7%":[113],"certificate":[117],"verification":[118],"3.8%":[121],"WEBVIEW":[124],"remote":[125],"execution":[127],"contain":[129,150],"Stack":[135],"Overflow.":[136],"worst":[139],"case,":[140],"single":[142],"problematic":[143],"caused":[146],"4,844":[147],"to":[149],"vulnerability,":[152],"accounting":[153],"for":[154],"31.2%":[155],"collected":[158],"with":[160],"vulnerability.":[162]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}