{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T06:22:30Z","timestamp":1761805350108,"version":"3.41.0"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319621043"},{"type":"electronic","value":"9783319621050"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-62105-0_5","type":"book-chapter","created":{"date-parts":[[2017,6,23]],"date-time":"2017-06-23T09:13:20Z","timestamp":1498209200000},"page":"70-86","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["Natural Language Insights from Code Reviews that Missed a Vulnerability"],"prefix":"10.1007","author":[{"given":"Nuthan","family":"Munaiah","sequence":"first","affiliation":[]},{"given":"Benjamin S.","family":"Meyers","sequence":"additional","affiliation":[]},{"given":"Cecilia O.","family":"Alm","sequence":"additional","affiliation":[]},{"given":"Andrew","family":"Meneely","sequence":"additional","affiliation":[]},{"given":"Pradeep K.","family":"Murukannaiah","sequence":"additional","affiliation":[]},{"given":"Emily","family":"Prud\u2019hommeaux","sequence":"additional","affiliation":[]},{"given":"Josephine","family":"Wolff","sequence":"additional","affiliation":[]},{"given":"Yang","family":"Yu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,6,24]]},"reference":[{"key":"5_CR1","unstructured":"Reuters-21578, Distribution 1.0. http:\/\/kdd.ics.uci.edu\/databases\/reuters21578\/reuters21578.html"},{"issue":"2","key":"5_CR2","doi-asserted-by":"publisher","first-page":"234","DOI":"10.1016\/S0959-4388(98)80145-1","volume":"8","author":"A Baddeley","year":"1998","unstructured":"Baddeley, A.: Recent developments in working memory. Curr. Opin. Neurobiol. 8(2), 234\u2013238 (1998)","journal-title":"Curr. Opin. Neurobiol."},{"issue":"3","key":"5_CR3","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1016\/S0021-9924(03)00019-4","volume":"36","author":"A Baddeley","year":"2003","unstructured":"Baddeley, A.: Working memory and language: an overview. J. Commun. Disord. 36(3), 189\u2013208 (2003)","journal-title":"J. Commun. Disord."},{"key":"5_CR4","doi-asserted-by":"crossref","unstructured":"Baysal, O., Kononenko, O., Holmes, R., Godfrey, M.W.: The influence of non-technical factors on code review. In: 2013 20th Working Conference on Reverse Engineering (WCRE), pp. 122\u2013131, October 2013","DOI":"10.1109\/WCRE.2013.6671287"},{"key":"5_CR5","doi-asserted-by":"crossref","unstructured":"Beller, M., Bacchelli, A., Zaidman, A., Juergens, E.: Modern code reviews in open-source projects: which problems do they fix? In: Proceedings of the 11th Working Conference on Mining Software Repositories, MSR 2014, New York, NY, USA, pp. 202\u2013211. ACM, New York (2014)","DOI":"10.1145\/2597073.2597082"},{"key":"5_CR6","volume-title":"Natural Language Processing with Python: Analyzing Text with the Natural Language Toolkit","author":"S Bird","year":"2009","unstructured":"Bird, S., Klein, E., Loper, E.: Natural Language Processing with Python: Analyzing Text with the Natural Language Toolkit. O\u2019Reilly Media Inc, Sebastopol (2009)"},{"key":"5_CR7","doi-asserted-by":"crossref","unstructured":"Bosu, A., Carver, J.C.: Peer code review to prevent security vulnerabilities: an empirical evaluation. In: 2013 IEEE Seventh International Conference on Software Security and Reliability Companion, pp. 229\u2013230, June 2013","DOI":"10.1109\/SERE-C.2013.22"},{"key":"5_CR8","doi-asserted-by":"crossref","unstructured":"Bosu, A., Greiler, M., Bird, C.: Characteristics of useful code reviews: an empirical study at microsoft. In: 2015 IEEE\/ACM 12th Working Conference on Mining Software Repositories, pp. 146\u2013156, May 2015","DOI":"10.1109\/MSR.2015.21"},{"key":"5_CR9","doi-asserted-by":"crossref","unstructured":"Bosu, A., Carver, J.C., Hafiz, M., Hilley, P., Janni, D.: Identifying the characteristics of vulnerable code changes: an empirical study. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, FSE 2014, New York, NY, pp. 257\u2013268. ACM, New York (2014)","DOI":"10.1145\/2635868.2635880"},{"issue":"2","key":"5_CR10","doi-asserted-by":"publisher","first-page":"540","DOI":"10.3758\/BRM.40.2.540","volume":"40","author":"C Brown","year":"2008","unstructured":"Brown, C., Snodgrass, T., Kemper, S.J., Herman, R., Covington, M.A.: Automatic measurement of propositional idea density from part-of-speech tagging. Behav. Res. Methods 40(2), 540\u2013545 (2008)","journal-title":"Behav. Res. Methods"},{"key":"5_CR11","doi-asserted-by":"crossref","first-page":"321","DOI":"10.1613\/jair.953","volume":"16","author":"NV Chawla","year":"2002","unstructured":"Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: SMOTE: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16, 321\u2013357 (2002)","journal-title":"J. Artif. Intell. Res."},{"key":"5_CR12","doi-asserted-by":"crossref","DOI":"10.1515\/9783112316009","volume-title":"Syntactic Structures","author":"N Chomsky","year":"1957","unstructured":"Chomsky, N.: Syntactic Structures. Mouton, The Hague (1957)"},{"key":"5_CR13","unstructured":"Chromium: Chromium OS developer\u2019s guide (2017). https:\/\/www.chromium.org\/chromium-os\/developer-guide"},{"issue":"6","key":"5_CR14","doi-asserted-by":"publisher","first-page":"46","DOI":"10.1109\/MS.2003.1241366","volume":"20","author":"M Ciolkowski","year":"2003","unstructured":"Ciolkowski, M., Laitenberger, O., Biffl, S.: Software reviews: the state of the practice. IEEE Software 20(6), 46\u201351 (2003)","journal-title":"IEEE Software"},{"key":"5_CR15","unstructured":"Czerwonka, J., Greiler, M., Tilford, J.: Code reviews do not find bugs: how the current code review best practice slows us down. In: Proceedings of the 37th International Conference on Software Engineering, ICSE 2015, vol. 2, pp. 27\u201328. IEEE Press, Piscataway (2015). http:\/\/dl.acm.org\/citation.cfm?id=2819009.2819015"},{"key":"5_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1007\/978-3-642-36563-8_14","volume-title":"Engineering Secure Software and Systems","author":"A Edmundson","year":"2013","unstructured":"Edmundson, A., Holtkamp, B., Rivera, E., Finifter, M., Mettler, A., Wagner, D.: An empirical study on the effectiveness of security code review. In: J\u00fcrjens, J., Livshits, B., Scandariato, R. (eds.) ESSoS 2013. LNCS, vol. 7781, pp. 197\u2013212. Springer, Heidelberg (2013). doi: 10.1007\/978-3-642-36563-8_14"},{"issue":"4","key":"5_CR17","doi-asserted-by":"publisher","first-page":"267","DOI":"10.2307\/373638","volume":"26","author":"WN Francis","year":"1965","unstructured":"Francis, W.N., Kucera, H.: A standard corpus of present-day edited American English, for use with digital computers. Coll. Engl. 26(4), 267 (1965)","journal-title":"Coll. Engl."},{"key":"5_CR18","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1017\/CBO9780511597855.005","volume-title":"Natural Language Parsing","author":"L Frazier","year":"1985","unstructured":"Frazier, L.: Syntactic complexity. In: Dowty, D.R., Karttunen, L., Zwicky, A.M. (eds.) Natural Language Parsing, pp. 129\u2013189. Cambridge University Press (CUP), Cambridge (1985)"},{"key":"5_CR19","doi-asserted-by":"crossref","unstructured":"Frazier, L.: Sentence Processing: A Tutorial Review (1987)","DOI":"10.7551\/mitpress\/4735.003.0023"},{"issue":"4","key":"5_CR20","doi-asserted-by":"publisher","first-page":"519","DOI":"10.1007\/BF00138988","volume":"5","author":"L Frazier","year":"1987","unstructured":"Frazier, L.: syntactic processing: evidence from Dutch. Nat. Lang. Linguist. Theor. 5(4), 519\u2013559 (1987)","journal-title":"Nat. Lang. Linguist. Theor."},{"issue":"5","key":"5_CR21","doi-asserted-by":"publisher","first-page":"421","DOI":"10.3758\/BF03198303","volume":"12","author":"L Frazier","year":"1984","unstructured":"Frazier, L., Taft, L., Roeper, T., Clifton, C., Ehrlich, K.: Parallel structure: a source of facilitation in sentence comprehension. Mem. Cogn. 12(5), 421\u2013430 (1984)","journal-title":"Mem. Cogn."},{"key":"5_CR22","doi-asserted-by":"crossref","unstructured":"Guzman, E., Az\u00f3car, D., Li, Y.: Sentiment analysis of commit comments in GitHub: an empirical study. In: Proceedings of the 11th Working Conference on Mining Software Repositories, MSR 2014, NY, pp. 352\u2013355. ACM, New York (2014)","DOI":"10.1145\/2597073.2597118"},{"key":"5_CR23","unstructured":"Hart, M.S., Austen, J., Blake, W., Burgess, T.W., Bryant, S.C., Carroll, L., Chesterton, G.K., Edgeworth, M., Melville, H., Milton, J., Shakespeare, W., Whitman, W., Bible, K.J.: Project Gutenberg Selections. Freely available as a Corpus in the Natural Language ToolKit. http:\/\/www.nltk.org\/nltk_data\/#25"},{"key":"5_CR24","volume-title":"Applied Statistics for the Behavioral Sciences","author":"DE Hinkle","year":"2002","unstructured":"Hinkle, D.E., Wiersma, W., Jurs, S.G.: Applied Statistics for the Behavioral Sciences. Houghton Mifflin, Boston (2002)"},{"key":"5_CR25","doi-asserted-by":"crossref","unstructured":"Lipner, S.: The trustworthy computing security development lifecycle. In: 20th Annual Computer Security Applications Conference, pp. 2\u201313, December 2004","DOI":"10.1109\/CSAC.2004.41"},{"key":"5_CR26","doi-asserted-by":"crossref","unstructured":"Manning, C.D., Surdeanu, M., Bauer, J., Finkel, J., Bethard, S.J., McClosky, D.: The Stanford CoreNLP natural language processing toolkit. In: Association for Computational Linguistics (ACL) System Demonstrations, pp. 55\u201360 (2014)","DOI":"10.3115\/v1\/P14-5010"},{"issue":"3","key":"5_CR27","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1109\/TSE.2008.71","volume":"35","author":"MV M\u00e4ntyl\u00e4","year":"2009","unstructured":"M\u00e4ntyl\u00e4, M.V., Lassenius, C.: What types of defects are really discovered in code reviews? IEEE Trans. Software Eng. 35(3), 430\u2013448 (2009)","journal-title":"IEEE Trans. Software Eng."},{"issue":"1","key":"5_CR28","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1207\/S15326985EP3801_6","volume":"38","author":"RE Mayer","year":"2003","unstructured":"Mayer, R.E., Moreno, R.: Nine ways to reduce cognitive load in multimedia learning. Educ. Psychol. 38(1), 43\u201352 (2003)","journal-title":"Educ. Psychol."},{"issue":"2","key":"5_CR29","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1109\/MSECP.2004.1281254","volume":"2","author":"G McGraw","year":"2004","unstructured":"McGraw, G.: Software security. IEEE Secur. Priv. 2(2), 80\u201383 (2004)","journal-title":"IEEE Secur. Priv."},{"key":"5_CR30","doi-asserted-by":"crossref","unstructured":"Meneely, A., Srinivasan, H., Musa, A., Tejeda, A.R., Mokary, M., Spates, B.: When a patch goes bad: exploring the properties of vulnerability-contributing commits. In: 2013 ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement, pp. 65\u201374, October 2013","DOI":"10.1109\/ESEM.2013.19"},{"issue":"9","key":"5_CR31","doi-asserted-by":"publisher","first-page":"637","DOI":"10.1109\/TSE.2007.70721","volume":"33","author":"T Menzies","year":"2007","unstructured":"Menzies, T., Menzies, A., Distefano, J., Greenwald, J.: Problems with precision: a response to \u201ccomments on \u2018data mining static code attributes to learn defect predictors\u201d\u2019. IEEE Trans. Softw. Eng. 33(9), 637\u2013640 (2007). doi: 10.1109\/TSE.2007.70721 . ISSN: 0098-5589","journal-title":"IEEE Trans. Softw. Eng."},{"key":"5_CR32","unstructured":"Meyers, B.S.: Speech processing & linguistic analysis tool (SPLAT). https:\/\/github.com\/meyersbs\/SPLAT"},{"issue":"3","key":"5_CR33","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1109\/TIT.1956.1056815","volume":"2","author":"G Miller","year":"1956","unstructured":"Miller, G.: Human memory and the storage of information. IRE Trans. Inf. Theor. 2(3), 129\u2013137 (1956)","journal-title":"IRE Trans. Inf. Theor."},{"issue":"2","key":"5_CR34","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1044\/jshr.2402.154","volume":"24","author":"JF Miller","year":"1981","unstructured":"Miller, J.F., Chapman, R.S.: The relation between age and mean length of utterance in morphemes. J. Speech Lang. Hear. Res. 24(2), 154\u2013161 (1981)","journal-title":"J. Speech Lang. Hear. Res."},{"key":"5_CR35","doi-asserted-by":"crossref","unstructured":"Pletea, D., Vasilescu, B., Serebrenik, A.: Security and emotion: sentiment analysis of security discussions on GitHub. In: Proceedings of the 11th Working Conference on Mining Software Repositories, MSR 2014, NY, pp. 348\u2013351. ACM, New York (2014)","DOI":"10.1145\/2597073.2597117"},{"key":"5_CR36","unstructured":"R Core Team: R: A Language and Environment for Statistical Computing. R Foundation for Statistical Computing, Vienna, Austria (2015). https:\/\/www.R-project.org\/"},{"issue":"7","key":"5_CR37","doi-asserted-by":"publisher","first-page":"2081","DOI":"10.1109\/TASL.2011.2112351","volume":"19","author":"B Roark","year":"2011","unstructured":"Roark, B., Mitchell, M., Hosom, J., Hollingshead, K., Kaye, J.: Spoken language derived measures for detecting mild cognitive impairment. Trans. Audio Speech Lang. Proc. 19(7), 2081\u20132090 (2011)","journal-title":"Trans. Audio Speech Lang. Proc."},{"issue":"5","key":"5_CR38","doi-asserted-by":"publisher","first-page":"513","DOI":"10.1016\/0306-4573(88)90021-0","volume":"24","author":"G Salton","year":"1988","unstructured":"Salton, G., Buckley, C.: Term-weighting approaches in automatic text retrieval. Inf. Process. Manage. 24(5), 513\u2013523 (1988)","journal-title":"Inf. Process. Manage."},{"key":"5_CR39","doi-asserted-by":"crossref","unstructured":"Socher, R., Perelygin, A., Wu, J.Y., Chuang, J., Manning, C.D., Ng, A.Y., Potts, C.: Recursive deep models for semantic compositionality over a sentiment treebank. In: Proceedings of the 2013 Conference on Empirical Methods in Natural Language Processing. Association for Computational Linguistics, October 2013","DOI":"10.18653\/v1\/D13-1170"},{"issue":"4","key":"5_CR40","doi-asserted-by":"publisher","first-page":"351","DOI":"10.1207\/s1532690xci0804_5","volume":"8","author":"J Sweller","year":"1991","unstructured":"Sweller, J., Chandler, P.: Evidence for cognitive load theory. Cogn. Instr. 8(4), 351\u2013362 (1991)","journal-title":"Cogn. Instr."},{"key":"5_CR41","unstructured":"Yang, Y., Pedersen, J.O.: A comparative study on feature selection in text categorization. In: ICML, vol. 97, pp. 412\u2013420 (1997)"},{"key":"5_CR42","unstructured":"Yngve, V.H.: A Model and an Hypothesis for Language Structure, vol. 104, pp. 444\u2013466. American Philosophical Society (1960)"}],"container-title":["Lecture Notes in Computer Science","Engineering Secure Software and Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-62105-0_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T23:34:52Z","timestamp":1750376092000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-62105-0_5"}},"subtitle":["A Large Scale Study of Chromium"],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319621043","9783319621050"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-62105-0_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"24 June 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESSoS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Engineering Secure Software and Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bonn","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 July 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 July 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"essos2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/distrinet.cs.kuleuven.be\/events\/essos\/2017\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}