[{"user_id":"72582","_id":"60538","language":[{"iso":"eng"}],"type":"journal_article","publication":"ACM Transactions on Software Engineering and Methodology","status":"public","abstract":[{"lang":"eng","text":"<jats:p>Greybox fuzzing is used extensively in research and practice. There are umpteen publications that improve greybox fuzzing. However, to what extent do these improvements affect the internal components or internals of a given fuzzer is not yet understood as the improvements are mostly evaluated using code coverage and bug finding capability. Such an evaluation is insufficient to understand the effect of improvements on the fuzzer internals. Some of the literature visualizes the outcomes of fuzzing to enhance the understanding. However, they only focus on high-level information and no previous research on visualization has been dedicated to understanding fuzzing internals.</jats:p>\n          <jats:p>To close this gap, we propose the first step towards development of a fuzzing-specific visualization framework: a taxonomy of visualization analysis tasks that fuzzing experts desire to help them understand the fuzzing internals. Our approach involves conducting interviews with fuzzing experts and using qualitative data analysis to systematically extract the task taxonomy from the interview data. We also evaluate the support of existing fuzzing visualization tools through the lens of our taxonomy. In our study, we have conducted 33 interviews with fuzzing practitioners and extracted a taxonomy of 120 visualization analysis tasks. Our evaluation shows that the existing fuzzing visualization tools only provide aids to support 10 of them.</jats:p>"}],"author":[{"first_name":"Sriteja","last_name":"Kummita","full_name":"Kummita, Sriteja"},{"first_name":"Miao","full_name":"Miao, Miao","last_name":"Miao"},{"first_name":"Eric","full_name":"Bodden, Eric","last_name":"Bodden"},{"first_name":"Shiyi","last_name":"Wei","full_name":"Wei, Shiyi"}],"date_created":"2025-07-07T20:25:27Z","publisher":"Association for Computing Machinery (ACM)","date_updated":"2025-07-07T20:26:48Z","doi":"10.1145/3718346","title":"Visualization Task Taxonomy to Understand the Fuzzing Internals","publication_status":"published","publication_identifier":{"issn":["1049-331X","1557-7392"]},"citation":{"apa":"Kummita, S., Miao, M., Bodden, E., &#38; Wei, S. (2025). Visualization Task Taxonomy to Understand the Fuzzing Internals. <i>ACM Transactions on Software Engineering and Methodology</i>. <a href=\"https://doi.org/10.1145/3718346\">https://doi.org/10.1145/3718346</a>","bibtex":"@article{Kummita_Miao_Bodden_Wei_2025, title={Visualization Task Taxonomy to Understand the Fuzzing Internals}, DOI={<a href=\"https://doi.org/10.1145/3718346\">10.1145/3718346</a>}, journal={ACM Transactions on Software Engineering and Methodology}, publisher={Association for Computing Machinery (ACM)}, author={Kummita, Sriteja and Miao, Miao and Bodden, Eric and Wei, Shiyi}, year={2025} }","short":"S. Kummita, M. Miao, E. Bodden, S. Wei, ACM Transactions on Software Engineering and Methodology (2025).","mla":"Kummita, Sriteja, et al. “Visualization Task Taxonomy to Understand the Fuzzing Internals.” <i>ACM Transactions on Software Engineering and Methodology</i>, Association for Computing Machinery (ACM), 2025, doi:<a href=\"https://doi.org/10.1145/3718346\">10.1145/3718346</a>.","ama":"Kummita S, Miao M, Bodden E, Wei S. Visualization Task Taxonomy to Understand the Fuzzing Internals. <i>ACM Transactions on Software Engineering and Methodology</i>. Published online 2025. doi:<a href=\"https://doi.org/10.1145/3718346\">10.1145/3718346</a>","ieee":"S. Kummita, M. Miao, E. Bodden, and S. Wei, “Visualization Task Taxonomy to Understand the Fuzzing Internals,” <i>ACM Transactions on Software Engineering and Methodology</i>, 2025, doi: <a href=\"https://doi.org/10.1145/3718346\">10.1145/3718346</a>.","chicago":"Kummita, Sriteja, Miao Miao, Eric Bodden, and Shiyi Wei. “Visualization Task Taxonomy to Understand the Fuzzing Internals.” <i>ACM Transactions on Software Engineering and Methodology</i>, 2025. <a href=\"https://doi.org/10.1145/3718346\">https://doi.org/10.1145/3718346</a>."},"year":"2025"},{"publication_identifier":{"issn":["1049-331X","1557-7392"]},"publication_status":"published","year":"2025","citation":{"apa":"Kummita, S., Miao, M., Bodden, E., &#38; Wei, S. (2025). Visualization Task Taxonomy to Understand the Fuzzing Internals. <i>ACM Transactions on Software Engineering and Methodology</i>, Article 3718346. <a href=\"https://doi.org/10.1145/3718346\">https://doi.org/10.1145/3718346</a>","bibtex":"@article{Kummita_Miao_Bodden_Wei_2025, title={Visualization Task Taxonomy to Understand the Fuzzing Internals}, DOI={<a href=\"https://doi.org/10.1145/3718346\">10.1145/3718346</a>}, number={3718346}, journal={ACM Transactions on Software Engineering and Methodology}, publisher={Association for Computing Machinery (ACM)}, author={Kummita, Sriteja and Miao, Miao and Bodden, Eric and Wei, Shiyi}, year={2025} }","mla":"Kummita, Sriteja, et al. “Visualization Task Taxonomy to Understand the Fuzzing Internals.” <i>ACM Transactions on Software Engineering and Methodology</i>, 3718346, Association for Computing Machinery (ACM), 2025, doi:<a href=\"https://doi.org/10.1145/3718346\">10.1145/3718346</a>.","short":"S. Kummita, M. Miao, E. Bodden, S. Wei, ACM Transactions on Software Engineering and Methodology (2025).","ieee":"S. Kummita, M. Miao, E. Bodden, and S. Wei, “Visualization Task Taxonomy to Understand the Fuzzing Internals,” <i>ACM Transactions on Software Engineering and Methodology</i>, Art. no. 3718346, 2025, doi: <a href=\"https://doi.org/10.1145/3718346\">10.1145/3718346</a>.","chicago":"Kummita, Sriteja, Miao Miao, Eric Bodden, and Shiyi Wei. “Visualization Task Taxonomy to Understand the Fuzzing Internals.” <i>ACM Transactions on Software Engineering and Methodology</i>, 2025. <a href=\"https://doi.org/10.1145/3718346\">https://doi.org/10.1145/3718346</a>.","ama":"Kummita S, Miao M, Bodden E, Wei S. Visualization Task Taxonomy to Understand the Fuzzing Internals. <i>ACM Transactions on Software Engineering and Methodology</i>. Published online 2025. doi:<a href=\"https://doi.org/10.1145/3718346\">10.1145/3718346</a>"},"publisher":"Association for Computing Machinery (ACM)","date_updated":"2025-09-01T10:16:03Z","date_created":"2025-09-01T10:15:26Z","author":[{"last_name":"Kummita","id":"72582","full_name":"Kummita, Sriteja","first_name":"Sriteja"},{"last_name":"Miao","full_name":"Miao, Miao","first_name":"Miao"},{"first_name":"Eric","full_name":"Bodden, Eric","id":"59256","last_name":"Bodden","orcid":"0000-0003-3470-3647"},{"first_name":"Shiyi","last_name":"Wei","full_name":"Wei, Shiyi"}],"title":"Visualization Task Taxonomy to Understand the Fuzzing Internals","doi":"10.1145/3718346","publication":"ACM Transactions on Software Engineering and Methodology","type":"journal_article","abstract":[{"lang":"eng","text":"<jats:p>Greybox fuzzing is used extensively in research and practice. There are umpteen publications that improve greybox fuzzing. However, to what extent do these improvements affect the internal components or internals of a given fuzzer is not yet understood as the improvements are mostly evaluated using code coverage and bug finding capability. Such an evaluation is insufficient to understand the effect of improvements on the fuzzer internals. Some of the literature visualizes the outcomes of fuzzing to enhance the understanding. However, they only focus on high-level information and no previous research on visualization has been dedicated to understanding fuzzing internals.</jats:p>\r\n          <jats:p>To close this gap, we propose the first step towards development of a fuzzing-specific visualization framework: a taxonomy of visualization analysis tasks that fuzzing experts desire to help them understand the fuzzing internals. Our approach involves conducting interviews with fuzzing experts and using qualitative data analysis to systematically extract the task taxonomy from the interview data. We also evaluate the support of existing fuzzing visualization tools through the lens of our taxonomy. In our study, we have conducted 33 interviews with fuzzing practitioners and extracted a taxonomy of 120 visualization analysis tasks. Our evaluation shows that the existing fuzzing visualization tools only provide aids to support 10 of them.</jats:p>"}],"status":"public","_id":"61108","department":[{"_id":"76"}],"user_id":"15249","article_number":"3718346","language":[{"iso":"eng"}]},{"abstract":[{"text":"<jats:p>\n            Reusable software libraries, frameworks, and components, such as those provided by open source ecosystems and third-party suppliers, accelerate digital innovation. However, recent years have shown almost exponential growth in attackers leveraging these software artifacts to launch software supply chain attacks. Past well-known software supply chain attacks include the SolarWinds, log4j, and xz utils incidents. Supply chain attacks are considered to have three major attack vectors: through vulnerabilities and malware accidentally or intentionally injected into open source and third-party\n            <jats:italic>dependencies/components/containers</jats:italic>\n            ; by infiltrating the\n            <jats:italic>build infrastructure</jats:italic>\n            during the build and deployment processes; and through targeted techniques aimed at the\n            <jats:italic>humans</jats:italic>\n            involved in software development, such as through social engineering. Plummeting trust in the software supply chain could decelerate digital innovation if the software industry reduces its use of open source and third-party artifacts to reduce risks. This article contains perspectives and knowledge obtained from intentional outreach with practitioners to understand their practical challenges and from extensive research efforts. We then provide an overview of current research efforts to secure the software supply chain. Finally, we propose a future research agenda to close software supply chain attack vectors and support the software industry.\n          </jats:p>","lang":"eng"}],"status":"public","publication":"ACM Transactions on Software Engineering and Methodology","type":"journal_article","language":[{"iso":"eng"}],"_id":"61126","user_id":"94636","year":"2025","intvolume":"        34","page":"1-38","citation":{"apa":"Williams, L., Benedetti, G., Hamer, S., Paramitha, R., Rahman, I., Tamanna, M., Tystahl, G., Zahan, N., Morrison, P., Acar, Y., Cukier, M., Kästner, C., Kapravelos, A., Wermke, D., &#38; Enck, W. (2025). Research Directions in Software Supply Chain Security. <i>ACM Transactions on Software Engineering and Methodology</i>, <i>34</i>(5), 1–38. <a href=\"https://doi.org/10.1145/3714464\">https://doi.org/10.1145/3714464</a>","short":"L. Williams, G. Benedetti, S. Hamer, R. Paramitha, I. Rahman, M. Tamanna, G. Tystahl, N. Zahan, P. Morrison, Y. Acar, M. Cukier, C. Kästner, A. Kapravelos, D. Wermke, W. Enck, ACM Transactions on Software Engineering and Methodology 34 (2025) 1–38.","mla":"Williams, Laurie, et al. “Research Directions in Software Supply Chain Security.” <i>ACM Transactions on Software Engineering and Methodology</i>, vol. 34, no. 5, Association for Computing Machinery (ACM), 2025, pp. 1–38, doi:<a href=\"https://doi.org/10.1145/3714464\">10.1145/3714464</a>.","bibtex":"@article{Williams_Benedetti_Hamer_Paramitha_Rahman_Tamanna_Tystahl_Zahan_Morrison_Acar_et al._2025, title={Research Directions in Software Supply Chain Security}, volume={34}, DOI={<a href=\"https://doi.org/10.1145/3714464\">10.1145/3714464</a>}, number={5}, journal={ACM Transactions on Software Engineering and Methodology}, publisher={Association for Computing Machinery (ACM)}, author={Williams, Laurie and Benedetti, Giacomo and Hamer, Sivana and Paramitha, Ranindya and Rahman, Imranur and Tamanna, Mahzabin and Tystahl, Greg and Zahan, Nusrat and Morrison, Patrick and Acar, Yasemin and et al.}, year={2025}, pages={1–38} }","chicago":"Williams, Laurie, Giacomo Benedetti, Sivana Hamer, Ranindya Paramitha, Imranur Rahman, Mahzabin Tamanna, Greg Tystahl, et al. “Research Directions in Software Supply Chain Security.” <i>ACM Transactions on Software Engineering and Methodology</i> 34, no. 5 (2025): 1–38. <a href=\"https://doi.org/10.1145/3714464\">https://doi.org/10.1145/3714464</a>.","ieee":"L. Williams <i>et al.</i>, “Research Directions in Software Supply Chain Security,” <i>ACM Transactions on Software Engineering and Methodology</i>, vol. 34, no. 5, pp. 1–38, 2025, doi: <a href=\"https://doi.org/10.1145/3714464\">10.1145/3714464</a>.","ama":"Williams L, Benedetti G, Hamer S, et al. Research Directions in Software Supply Chain Security. <i>ACM Transactions on Software Engineering and Methodology</i>. 2025;34(5):1-38. doi:<a href=\"https://doi.org/10.1145/3714464\">10.1145/3714464</a>"},"publication_identifier":{"issn":["1049-331X","1557-7392"]},"publication_status":"published","issue":"5","title":"Research Directions in Software Supply Chain Security","doi":"10.1145/3714464","publisher":"Association for Computing Machinery (ACM)","date_updated":"2025-09-04T11:15:46Z","volume":34,"date_created":"2025-09-04T11:11:26Z","author":[{"last_name":"Williams","full_name":"Williams, Laurie","first_name":"Laurie"},{"first_name":"Giacomo","last_name":"Benedetti","full_name":"Benedetti, Giacomo"},{"first_name":"Sivana","full_name":"Hamer, Sivana","last_name":"Hamer"},{"last_name":"Paramitha","full_name":"Paramitha, Ranindya","first_name":"Ranindya"},{"first_name":"Imranur","last_name":"Rahman","full_name":"Rahman, Imranur"},{"first_name":"Mahzabin","full_name":"Tamanna, Mahzabin","last_name":"Tamanna"},{"last_name":"Tystahl","full_name":"Tystahl, Greg","first_name":"Greg"},{"last_name":"Zahan","full_name":"Zahan, Nusrat","first_name":"Nusrat"},{"full_name":"Morrison, Patrick","last_name":"Morrison","first_name":"Patrick"},{"first_name":"Yasemin","full_name":"Acar, Yasemin","last_name":"Acar"},{"last_name":"Cukier","full_name":"Cukier, Michel","first_name":"Michel"},{"first_name":"Christian","last_name":"Kästner","full_name":"Kästner, Christian"},{"last_name":"Kapravelos","full_name":"Kapravelos, Alexandros","first_name":"Alexandros"},{"first_name":"Dominik","full_name":"Wermke, Dominik","last_name":"Wermke"},{"first_name":"William","last_name":"Enck","full_name":"Enck, William"}]},{"abstract":[{"lang":"eng","text":"<jats:p>As our lives, our businesses, and indeed our world economy become increasingly reliant on the secure operation of many interconnected software systems, the software engineering research community is faced with unprecedented research challenges, but also with exciting new opportunities. In this roadmap paper, we outline our vision of Software Security Analysis for the systems of the future. Given the recent advances in generative AI, we need new methods to assess and maximize the security of code co-written by machines. As our systems become increasingly heterogeneous, we need practical approaches that work even if some functions are automatically generated, e.g., by deep neural networks. As software systems depend evermore on the software supply chain, we need tools that scale to an entire ecosystem. What kind of vulnerabilities exist in future systems and how do we detect them? When all the shallow bugs are found, how do we discover vulnerabilities hidden deeply in the system? Assuming we cannot find all security flaws, how can we nevertheless protect our system? To answer these questions, we start our roadmap with a survey of recent advances in software security, then discuss open challenges and opportunities, and conclude with a long-term perspective for the field.</jats:p>"}],"status":"public","publication":"ACM Transactions on Software Engineering and Methodology","type":"journal_article","language":[{"iso":"eng"}],"_id":"59411","department":[{"_id":"76"}],"user_id":"15249","year":"2024","citation":{"mla":"Böhme, Marcel, et al. “Software Security Analysis in 2030 and Beyond: A Research Roadmap.” <i>ACM Transactions on Software Engineering and Methodology</i>, Association for Computing Machinery (ACM), 2024, doi:<a href=\"https://doi.org/10.1145/3708533\">10.1145/3708533</a>.","bibtex":"@article{Böhme_Bodden_Bultan_Cadar_Liu_Scanniello_2024, title={Software Security Analysis in 2030 and Beyond: A Research Roadmap}, DOI={<a href=\"https://doi.org/10.1145/3708533\">10.1145/3708533</a>}, journal={ACM Transactions on Software Engineering and Methodology}, publisher={Association for Computing Machinery (ACM)}, author={Böhme, Marcel and Bodden, Eric and Bultan, Tevfik and Cadar, Cristian and Liu, Yang and Scanniello, Giuseppe}, year={2024} }","short":"M. Böhme, E. Bodden, T. Bultan, C. Cadar, Y. Liu, G. Scanniello, ACM Transactions on Software Engineering and Methodology (2024).","apa":"Böhme, M., Bodden, E., Bultan, T., Cadar, C., Liu, Y., &#38; Scanniello, G. (2024). Software Security Analysis in 2030 and Beyond: A Research Roadmap. <i>ACM Transactions on Software Engineering and Methodology</i>. <a href=\"https://doi.org/10.1145/3708533\">https://doi.org/10.1145/3708533</a>","ama":"Böhme M, Bodden E, Bultan T, Cadar C, Liu Y, Scanniello G. Software Security Analysis in 2030 and Beyond: A Research Roadmap. <i>ACM Transactions on Software Engineering and Methodology</i>. Published online 2024. doi:<a href=\"https://doi.org/10.1145/3708533\">10.1145/3708533</a>","ieee":"M. Böhme, E. Bodden, T. Bultan, C. Cadar, Y. Liu, and G. Scanniello, “Software Security Analysis in 2030 and Beyond: A Research Roadmap,” <i>ACM Transactions on Software Engineering and Methodology</i>, 2024, doi: <a href=\"https://doi.org/10.1145/3708533\">10.1145/3708533</a>.","chicago":"Böhme, Marcel, Eric Bodden, Tevfik Bultan, Cristian Cadar, Yang Liu, and Giuseppe Scanniello. “Software Security Analysis in 2030 and Beyond: A Research Roadmap.” <i>ACM Transactions on Software Engineering and Methodology</i>, 2024. <a href=\"https://doi.org/10.1145/3708533\">https://doi.org/10.1145/3708533</a>."},"publication_identifier":{"issn":["1049-331X","1557-7392"]},"publication_status":"published","title":"Software Security Analysis in 2030 and Beyond: A Research Roadmap","doi":"10.1145/3708533","date_updated":"2025-04-07T10:05:15Z","publisher":"Association for Computing Machinery (ACM)","date_created":"2025-04-07T10:04:48Z","author":[{"full_name":"Böhme, Marcel","last_name":"Böhme","first_name":"Marcel"},{"first_name":"Eric","last_name":"Bodden","orcid":"0000-0003-3470-3647","full_name":"Bodden, Eric","id":"59256"},{"last_name":"Bultan","full_name":"Bultan, Tevfik","first_name":"Tevfik"},{"first_name":"Cristian","last_name":"Cadar","full_name":"Cadar, Cristian"},{"first_name":"Yang","full_name":"Liu, Yang","last_name":"Liu"},{"first_name":"Giuseppe","last_name":"Scanniello","full_name":"Scanniello, Giuseppe"}]},{"citation":{"ama":"Sayar I, Bartel A, Bodden E, Le Traon Y. An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities. <i>ACM Transactions on Software Engineering and Methodology</i>. Published online 2022. doi:<a href=\"https://doi.org/10.1145/3554732\">10.1145/3554732</a>","ieee":"I. Sayar, A. Bartel, E. Bodden, and Y. Le Traon, “An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities,” <i>ACM Transactions on Software Engineering and Methodology</i>, 2022, doi: <a href=\"https://doi.org/10.1145/3554732\">10.1145/3554732</a>.","chicago":"Sayar, Imen, Alexandre Bartel, Eric Bodden, and Yves Le Traon. “An In-Depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities.” <i>ACM Transactions on Software Engineering and Methodology</i>, 2022. <a href=\"https://doi.org/10.1145/3554732\">https://doi.org/10.1145/3554732</a>.","short":"I. Sayar, A. Bartel, E. Bodden, Y. Le Traon, ACM Transactions on Software Engineering and Methodology (2022).","mla":"Sayar, Imen, et al. “An In-Depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities.” <i>ACM Transactions on Software Engineering and Methodology</i>, Association for Computing Machinery (ACM), 2022, doi:<a href=\"https://doi.org/10.1145/3554732\">10.1145/3554732</a>.","bibtex":"@article{Sayar_Bartel_Bodden_Le Traon_2022, title={An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities}, DOI={<a href=\"https://doi.org/10.1145/3554732\">10.1145/3554732</a>}, journal={ACM Transactions on Software Engineering and Methodology}, publisher={Association for Computing Machinery (ACM)}, author={Sayar, Imen and Bartel, Alexandre and Bodden, Eric and Le Traon, Yves}, year={2022} }","apa":"Sayar, I., Bartel, A., Bodden, E., &#38; Le Traon, Y. (2022). An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities. <i>ACM Transactions on Software Engineering and Methodology</i>. <a href=\"https://doi.org/10.1145/3554732\">https://doi.org/10.1145/3554732</a>"},"year":"2022","publication_status":"published","publication_identifier":{"issn":["1049-331X","1557-7392"]},"doi":"10.1145/3554732","title":"An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities","author":[{"first_name":"Imen","last_name":"Sayar","full_name":"Sayar, Imen"},{"full_name":"Bartel, Alexandre","last_name":"Bartel","first_name":"Alexandre"},{"first_name":"Eric","id":"59256","full_name":"Bodden, Eric","orcid":"0000-0003-3470-3647","last_name":"Bodden"},{"full_name":"Le Traon, Yves","last_name":"Le Traon","first_name":"Yves"}],"date_created":"2022-10-20T12:31:49Z","date_updated":"2022-10-20T12:32:31Z","publisher":"Association for Computing Machinery (ACM)","status":"public","abstract":[{"lang":"eng","text":"<jats:p>\r\n            Nowadays, an increasing number of applications uses deserialization. This technique, based on rebuilding the instance of objects from serialized byte streams, can be dangerous since it can open the application to attacks such as remote code execution (RCE) if the data to deserialize is originating from an untrusted source. Deserialization vulnerabilities are so critical that they are in OWASP’s list of top 10 security risks for web applications. This is mainly caused by faults in the development process of applications and by flaws in their dependencies, i.e., flaws in the libraries used by these applications. No previous work has studied deserialization attacks in-depth: How are they performed? How are weaknesses introduced and patched? And for how long are vulnerabilities present in the codebase? To yield a deeper understanding of this important kind of vulnerability, we perform two main analyses: one on attack gadgets, i.e., exploitable pieces of code, present in Java libraries, and one on vulnerabilities present in Java applications. For the first analysis, we conduct an exploratory large-scale study by running 256 515 experiments in which we vary the versions of libraries for each of the 19 publicly available exploits. Such attacks rely on a combination of\r\n            <jats:italic>gadgets</jats:italic>\r\n            present in one or multiple Java libraries. A gadget is a method which is using objects or fields that can be attacker-controlled. Our goal is to precisely identify library versions containing gadgets and to understand how gadgets have been introduced and how they have been patched. We observe that the modification of one innocent-looking detail in a class – such as making it\r\n            <jats:monospace>public</jats:monospace>\r\n            – can already introduce a gadget. Furthermore, we noticed that among the studied libraries, 37.5% are not patched, leaving gadgets available for future attacks.\r\n          </jats:p>\r\n          <jats:p>For the second analysis, we manually analyze 104 deserialization vulnerabilities CVEs to understand how vulnerabilities are introduced and patched in real-life Java applications. Results indicate that the vulnerabilities are not always completely patched or that a workaround solution is proposed. With a workaround solution, applications are still vulnerable since the code itself is unchanged.</jats:p>"}],"type":"journal_article","publication":"ACM Transactions on Software Engineering and Methodology","language":[{"iso":"eng"}],"keyword":["Software"],"user_id":"15249","department":[{"_id":"76"}],"_id":"33835"}]