{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2015:DQHYAFO6WYMHENI2ZORADWLZEK","short_pith_number":"pith:DQHYAFO6","canonical_record":{"source":{"id":"1508.04627","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2015-08-19T13:00:56Z","cross_cats_sorted":["cs.PL"],"title_canon_sha256":"3b24aaa041d14bd2050e76e152592003b08da07cd53f559f0daba8e06831ba09","abstract_canon_sha256":"2d5b4236dd970b49a0c30c3e093d8de569a575cde98e39b22d59a6da51044675"},"schema_version":"1.0"},"canonical_sha256":"1c0f8015deb61872351acba201d97922a40e142c6b1eae4c45092a66f1816824","source":{"kind":"arxiv","id":"1508.04627","version":2},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1508.04627","created_at":"2026-05-18T01:17:37Z"},{"alias_kind":"arxiv_version","alias_value":"1508.04627v2","created_at":"2026-05-18T01:17:37Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1508.04627","created_at":"2026-05-18T01:17:37Z"},{"alias_kind":"pith_short_12","alias_value":"DQHYAFO6WYMH","created_at":"2026-05-18T12:29:17Z"},{"alias_kind":"pith_short_16","alias_value":"DQHYAFO6WYMHENI2","created_at":"2026-05-18T12:29:17Z"},{"alias_kind":"pith_short_8","alias_value":"DQHYAFO6","created_at":"2026-05-18T12:29:17Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2015:DQHYAFO6WYMHENI2ZORADWLZEK","target":"record","payload":{"canonical_record":{"source":{"id":"1508.04627","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2015-08-19T13:00:56Z","cross_cats_sorted":["cs.PL"],"title_canon_sha256":"3b24aaa041d14bd2050e76e152592003b08da07cd53f559f0daba8e06831ba09","abstract_canon_sha256":"2d5b4236dd970b49a0c30c3e093d8de569a575cde98e39b22d59a6da51044675"},"schema_version":"1.0"},"canonical_sha256":"1c0f8015deb61872351acba201d97922a40e142c6b1eae4c45092a66f1816824","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T01:17:37.298930Z","signature_b64":"HRUxIkrnbvZQIz0HQh1usELkfKBY5lz1j/vZ/4zjgU/EJJjFNPxsf3Hbcvh8PC7MwpYQTRNz1sfjbDIEq61RCA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"1c0f8015deb61872351acba201d97922a40e142c6b1eae4c45092a66f1816824","last_reissued_at":"2026-05-18T01:17:37.298291Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T01:17:37.298291Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1508.04627","source_version":2,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T01:17:37Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"pLc5HJo3lOtpigixLZfLeU7S7Zjv7if1HliWLkRc4yORx4S3py85cHGWXwNiejrOqUvTPTDPZSWNTatbvgs+CQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-24T21:08:08.261312Z"},"content_sha256":"1dc5cb58a4128f8353bf6eba3e16ea2d4688af5b2c52eecb7b4e868060061d32","schema_version":"1.0","event_id":"sha256:1dc5cb58a4128f8353bf6eba3e16ea2d4688af5b2c52eecb7b4e868060061d32"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2015:DQHYAFO6WYMHENI2ZORADWLZEK","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Towards Vulnerability Discovery Using Staged Program Analysis","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.PL"],"primary_cat":"cs.CR","authors_text":"Bhargava Shastry, Fabian Yamaguchi, Jean-Pierre Seifert, Konrad Rieck","submitted_at":"2015-08-19T13:00:56Z","abstract_excerpt":"Eliminating vulnerabilities from low-level code is vital for securing software. Static analysis is a promising approach for discovering vulnerabilities since it can provide developers early feedback on the code they write. But, it presents multiple challenges not the least of which is understanding what makes a bug exploitable and conveying this information to the developer. In this paper, we present the design and implementation of a practical vulnerability assessment framework, called Melange. Melange performs data and control flow analysis to diagnose potential security bugs, and outputs we"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1508.04627","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T01:17:37Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"XVk3C/C75wiGjI1C66S1qR3at3dXFCuPo4W1Pa2trv0ju/eju3Y1dr4c4odRzREX+odJLnQBv+C00gTGhB6wBA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-24T21:08:08.261697Z"},"content_sha256":"8dd9583e1c31a7c719535c6721eee9b2fd62e8f8d9e677554a0686c299ed0906","schema_version":"1.0","event_id":"sha256:8dd9583e1c31a7c719535c6721eee9b2fd62e8f8d9e677554a0686c299ed0906"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/DQHYAFO6WYMHENI2ZORADWLZEK/bundle.json","state_url":"https://pith.science/pith/DQHYAFO6WYMHENI2ZORADWLZEK/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/DQHYAFO6WYMHENI2ZORADWLZEK/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-24T21:08:08Z","links":{"resolver":"https://pith.science/pith/DQHYAFO6WYMHENI2ZORADWLZEK","bundle":"https://pith.science/pith/DQHYAFO6WYMHENI2ZORADWLZEK/bundle.json","state":"https://pith.science/pith/DQHYAFO6WYMHENI2ZORADWLZEK/state.json","well_known_bundle":"https://pith.science/.well-known/pith/DQHYAFO6WYMHENI2ZORADWLZEK/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2015:DQHYAFO6WYMHENI2ZORADWLZEK","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"2d5b4236dd970b49a0c30c3e093d8de569a575cde98e39b22d59a6da51044675","cross_cats_sorted":["cs.PL"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2015-08-19T13:00:56Z","title_canon_sha256":"3b24aaa041d14bd2050e76e152592003b08da07cd53f559f0daba8e06831ba09"},"schema_version":"1.0","source":{"id":"1508.04627","kind":"arxiv","version":2}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1508.04627","created_at":"2026-05-18T01:17:37Z"},{"alias_kind":"arxiv_version","alias_value":"1508.04627v2","created_at":"2026-05-18T01:17:37Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1508.04627","created_at":"2026-05-18T01:17:37Z"},{"alias_kind":"pith_short_12","alias_value":"DQHYAFO6WYMH","created_at":"2026-05-18T12:29:17Z"},{"alias_kind":"pith_short_16","alias_value":"DQHYAFO6WYMHENI2","created_at":"2026-05-18T12:29:17Z"},{"alias_kind":"pith_short_8","alias_value":"DQHYAFO6","created_at":"2026-05-18T12:29:17Z"}],"graph_snapshots":[{"event_id":"sha256:8dd9583e1c31a7c719535c6721eee9b2fd62e8f8d9e677554a0686c299ed0906","target":"graph","created_at":"2026-05-18T01:17:37Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Eliminating vulnerabilities from low-level code is vital for securing software. Static analysis is a promising approach for discovering vulnerabilities since it can provide developers early feedback on the code they write. But, it presents multiple challenges not the least of which is understanding what makes a bug exploitable and conveying this information to the developer. In this paper, we present the design and implementation of a practical vulnerability assessment framework, called Melange. Melange performs data and control flow analysis to diagnose potential security bugs, and outputs we","authors_text":"Bhargava Shastry, Fabian Yamaguchi, Jean-Pierre Seifert, Konrad Rieck","cross_cats":["cs.PL"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2015-08-19T13:00:56Z","title":"Towards Vulnerability Discovery Using Staged Program Analysis"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1508.04627","kind":"arxiv","version":2},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:1dc5cb58a4128f8353bf6eba3e16ea2d4688af5b2c52eecb7b4e868060061d32","target":"record","created_at":"2026-05-18T01:17:37Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"2d5b4236dd970b49a0c30c3e093d8de569a575cde98e39b22d59a6da51044675","cross_cats_sorted":["cs.PL"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2015-08-19T13:00:56Z","title_canon_sha256":"3b24aaa041d14bd2050e76e152592003b08da07cd53f559f0daba8e06831ba09"},"schema_version":"1.0","source":{"id":"1508.04627","kind":"arxiv","version":2}},"canonical_sha256":"1c0f8015deb61872351acba201d97922a40e142c6b1eae4c45092a66f1816824","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"1c0f8015deb61872351acba201d97922a40e142c6b1eae4c45092a66f1816824","first_computed_at":"2026-05-18T01:17:37.298291Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T01:17:37.298291Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"HRUxIkrnbvZQIz0HQh1usELkfKBY5lz1j/vZ/4zjgU/EJJjFNPxsf3Hbcvh8PC7MwpYQTRNz1sfjbDIEq61RCA==","signature_status":"signed_v1","signed_at":"2026-05-18T01:17:37.298930Z","signed_message":"canonical_sha256_bytes"},"source_id":"1508.04627","source_kind":"arxiv","source_version":2}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:1dc5cb58a4128f8353bf6eba3e16ea2d4688af5b2c52eecb7b4e868060061d32","sha256:8dd9583e1c31a7c719535c6721eee9b2fd62e8f8d9e677554a0686c299ed0906"],"state_sha256":"c78ffe757089502023f42abd9cffa5cc5da2559cf29a6e1bc43792098a6be18c"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"F9lhjY8k21Cf4kOuozmVKfMoMnChb9i3vyNO22obEK2S82Ow5w1T7ktN4tjk37HDw40Bmg9rr9xMhWOw03RXDg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-24T21:08:08.263623Z","bundle_sha256":"0dd829de1625898cbac35ce5301f3b4cfd8be93775a3af252b12fcee1ddd4b40"}}