Key points are not available for this paper at this time.
The idea is to identify security-critical software bugs so they can be fixed first.
Avgerinos et al. (Tue,) studied this question.