{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T06:47:46Z","timestamp":1772174866699,"version":"3.50.1"},"reference-count":73,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2024,1,6]],"date-time":"2024-01-06T00:00:00Z","timestamp":1704499200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,6]],"date-time":"2024-01-06T00:00:00Z","timestamp":1704499200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2024,4]]},"DOI":"10.1007\/s10207-023-00795-8","type":"journal-article","created":{"date-parts":[[2024,1,6]],"date-time":"2024-01-06T16:08:51Z","timestamp":1704557331000},"page":"1513-1526","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["Vulnerability discovery based on source code patch commit mining: a systematic literature review"],"prefix":"10.1007","volume":"23","author":[{"given":"Fei","family":"Zuo","sequence":"first","affiliation":[]},{"given":"Junghwan","family":"Rhee","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,1,6]]},"reference":[{"key":"795_CR1","volume-title":"Git Pocket Guide: A Working Introduction","author":"RE Silverman","year":"2013","unstructured":"Silverman, R.E.: Git Pocket Guide: A Working Introduction. O\u2019Reilly Media, Inc., Sebastopol (2013)"},{"issue":"6","key":"795_CR2","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s10664-022-10168-9","volume":"27","author":"AD Sawadogo","year":"2022","unstructured":"Sawadogo, A.D., Bissyand\u00e9, T.F., Moha, N., Allix, K., Klein, J., Li, L., Le Traon, Y.: SSPCatcher: learning to catch security patches. Empir. Softw. Eng. 27(6), 151 (2022)","journal-title":"Empir. Softw. Eng."},{"key":"795_CR3","doi-asserted-by":"crossref","unstructured":"Wang, X., Wang, S., Feng, P., Sun, K., Jajodia, S., Benchaaboun, S., Geck, F.: PatchRNN: a deep learning-based system for security patch identification. In: Proceedings of the IEEE Military Communications Conference (MILCOM), pp. 595\u2013600 (2021)","DOI":"10.1109\/MILCOM52596.2021.9652940"},{"key":"795_CR4","unstructured":"CVE: Published CVE records (2023). https:\/\/www.cve.org\/About\/Metrics. Accessed 03 2023"},{"key":"795_CR5","unstructured":"Snyk: The state of open-source security (2017). https:\/\/snyk.io\/series\/open-source-security\/. Accessed 12 2018"},{"key":"795_CR6","unstructured":"Snyk: The state of open source security report (2019). https:\/\/snyk.io\/series\/open-source-security\/. Accessed 08 2020"},{"issue":"3","key":"795_CR7","doi-asserted-by":"publisher","first-page":"1199","DOI":"10.1109\/TR.2018.2834476","volume":"67","author":"H Liang","year":"2018","unstructured":"Liang, H., Pei, X., Jia, X., Shen, W., Zhang, J.: Fuzzing: state of the art. IEEE Trans. Reliab. 67(3), 1199\u20131218 (2018)","journal-title":"IEEE Trans. Reliab."},{"issue":"3","key":"795_CR8","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3182657","volume":"51","author":"R Baldoni","year":"2018","unstructured":"Baldoni, R., Coppa, E., D\u2019celia, D.C., Demetrescu, C., Finocchi, I.: A survey of symbolic execution techniques. ACM Comput. Surv. (CSUR) 51(3), 1\u201339 (2018)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"795_CR9","doi-asserted-by":"crossref","unstructured":"Luo, L., Zeng, Q., Yang, B., Zuo, F., Wang, J.: Westworld: fuzzing-assisted remote dynamic symbolic execution of smart apps on IoT cloud platforms. In: Proceedings of the Annual Computer Security Applications Conference, pp. 982\u2013995 (2021)","DOI":"10.1145\/3485832.3488022"},{"key":"795_CR10","unstructured":"Ren, S., He, K., Girshick, R., Sun, J.: Faster R-CNN: towards real-time object detection with region proposal networks. In: Advances in Neural Information Processing Systems, vol. 28 (2015)"},{"key":"795_CR11","doi-asserted-by":"crossref","unstructured":"He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770\u2013778 (2016)","DOI":"10.1109\/CVPR.2016.90"},{"key":"795_CR12","unstructured":"Zuo, F., Yang, B., Li, X., Zeng, Q.: Exploiting the inherent limitation of L0 adversarial examples. In: Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID), pp. 293\u2013307. USENIX Association (2019)"},{"key":"795_CR13","doi-asserted-by":"crossref","unstructured":"Tian, Y., Lawall, J., Lo, D. Identifying Linux bug fixing patches. In: Proceedings of the 34th International Conference on Software Engineering (ICSE), pp. 386\u2013396. IEEE (2012)","DOI":"10.1109\/ICSE.2012.6227176"},{"key":"795_CR14","doi-asserted-by":"crossref","unstructured":"Wang, X., Sun, K., Batcheller, A., Jajodia, S.: Detecting 0-day vulnerability: an empirical study of secret security patch in OSS. In: Proceedings of the 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 485\u2013492 (2019)","DOI":"10.1109\/DSN.2019.00056"},{"issue":"1","key":"795_CR15","first-page":"52","volume":"8","author":"C Huang","year":"2022","unstructured":"Huang, C., Sun, M., Duan, R., Susheng, W., Chen, B.: Vulnerability identification technology research based on project version difference. Chin. J. Netw. Inf. Secur. 8(1), 52\u201362 (2022)","journal-title":"Chin. J. Netw. Inf. Secur."},{"key":"795_CR16","doi-asserted-by":"crossref","unstructured":"Zhou, J., Pacheco, M., Wan, Z., Xia, X., Lo, D., Wang, Y., Hassan, A.E.: Finding a needle in a haystack: automated mining of silent vulnerability fixes. In: Proceedings of the 36th IEEE\/ACM International Conference on Automated Software Engineering (ASE), pp. 705\u2013716 (2021)","DOI":"10.1109\/ASE51524.2021.9678720"},{"issue":"1","key":"795_CR17","first-page":"1","volume":"31","author":"Y Zhou","year":"2021","unstructured":"Zhou, Y., Siow, J.K., Wang, C., Liu, S., Liu, Y.: SPI: automated identification of security patches via commits. ACM Trans. Softw. Eng. Methodol. (TOSEM) 31(1), 1\u201327 (2021)","journal-title":"ACM Trans. Softw. Eng. Methodol. (TOSEM)"},{"key":"795_CR18","unstructured":"Wu, B., Liu, S., Feng, R., Xie, X., Siow, J., Lin, S.-W.: Enhancing security patch identification by capturing structures in commits. IEEE Transactions on Dependable and Secure Computing (2022)"},{"key":"795_CR19","doi-asserted-by":"crossref","unstructured":"Xu, Z., Chen, B., Chandramohan, M., Liu, Y., Song, F.: Spain: security patch analysis for binaries towards understanding the pain and pills. In: Proceedings of the IEEE\/ACM 39th International Conference on Software Engineering (ICSE), pp. 462\u2013472 (2017)","DOI":"10.1109\/ICSE.2017.49"},{"key":"795_CR20","doi-asserted-by":"crossref","unstructured":"Zuo, F., Li, X., Young, P., Luo, L., Zeng, Q., Zhang, Z.: Neural machine translation inspired binary code similarity comparison beyond function pairs. In: Proceedings of the 26th Network and Distributed Systems Security (NDSS) Symposium (2019)","DOI":"10.14722\/ndss.2019.23492"},{"key":"795_CR21","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2021.106771","volume":"144","author":"N Dissanayake","year":"2022","unstructured":"Dissanayake, N., Jayatilaka, A., Zahedi, M., Ali Babar, M.: Software security patch management-a systematic literature review of challenges, approaches, tools and practices. Inf. Softw. Technol. 144, 106771 (2022)","journal-title":"Inf. Softw. Technol."},{"key":"795_CR22","doi-asserted-by":"crossref","unstructured":"Bettenburg, N., Just, S., Schr\u00f6ter, A., Weiss, C., Premraj, R., Zimmermann, T.: What makes a good bug report? In: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering, pp. 308\u2013318 (2008)","DOI":"10.1145\/1453101.1453146"},{"issue":"5","key":"795_CR23","doi-asserted-by":"publisher","first-page":"618","DOI":"10.1109\/TSE.2010.63","volume":"36","author":"T Zimmermann","year":"2010","unstructured":"Zimmermann, T., Premraj, R., Bettenburg, N., Just, S., Schroter, A., Weiss, C.: What makes a good bug report? IEEE Trans. Softw. Eng. 36(5), 618\u2013643 (2010)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"795_CR24","unstructured":"Kipf, T.N., Welling, M.: Semi-supervised classification with graph convolutional networks. In: Proceedings of the 5th International Conference on Learning Representations (ICLR) (2017)"},{"key":"795_CR25","unstructured":"Veli\u010dkovi\u0107, P., Cucurull, G., Casanova, A., Romero, A., Lio, P., Bengio, Y.: Graph attention networks. In: Proceedings of the 5th International Conference on Learning Representations (ICLR) (2018)"},{"key":"795_CR26","unstructured":"Hamilton, W., Ying, Z., Leskovec, J.: Inductive representation learning on large graphs. In: Advances in Neural Information Processing Systems, vol. 30 (2017)"},{"key":"795_CR27","unstructured":"Mikolov, T., Sutskever, I., Chen, K., Corrado, G.S., Dean, J.: Distributed representations of words and phrases and their compositionality. In: Advances in Neural Information Processing Systems, vol. 26 (2013)"},{"key":"795_CR28","doi-asserted-by":"crossref","unstructured":"Pagliardini, M., Gupta, P., Jaggi, M.: Unsupervised learning of sentence embeddings using compositional n-gram features. In: Proceedings of Conference of the North American Chapter of the Association for Computational Linguistics (NAACL) (2018)","DOI":"10.18653\/v1\/N18-1049"},{"key":"795_CR29","unstructured":"Le, Q., Mikolov, T.: Distributed representations of sentences and documents. In: Proceedings of the International conference on machine learning, pp. 1188\u20131196 (2014)"},{"key":"795_CR30","unstructured":"Devlin, J., Chang, M.-W., Lee, K., Toutanova, K.: BERT: pre-training of deep bidirectional transformers for language understanding (2018). arXiv:1810.04805"},{"key":"795_CR31","unstructured":"Radford, A., Narasimhan, K., Salimans, T., Sutskever, I.: Improving language understanding by generative pre-training. Technical report, OpenAI (2018)"},{"key":"795_CR32","unstructured":"Radford, A., Jeffrey, W., Child, R., Luan, D., Amodei, D., Sutskever, I.: Language models are unsupervised multitask learners. Technical report, OpenAI (2019)"},{"key":"795_CR33","doi-asserted-by":"crossref","unstructured":"Wang, S., Zhang, Y., Bao, L., Xia, X., Wu, M.: Vcmatch: a ranking-based approach for automatic security patches localization for OSS vulnerabilities. In: Proceedings of the IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 589\u2013600 (2022)","DOI":"10.1109\/SANER53432.2022.00076"},{"key":"795_CR34","unstructured":"Li, X., Liu, B.: Learning to classify texts using positive and unlabeled data. In: Proceedings of the International Joint Conference on Artificial Intelligence, vol. 3, pp. 587\u2013592 (2003)"},{"key":"795_CR35","doi-asserted-by":"crossref","unstructured":"Perl, H., Dechand, S., Smith, M., Arp, D., Yamaguchi, F., Rieck, K., Fahl, S., Acar, Y.: Vccfinder: finding potential vulnerabilities in open-source projects to assist code audits. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 426\u2013437 (2015)","DOI":"10.1145\/2810103.2813604"},{"key":"795_CR36","doi-asserted-by":"crossref","unstructured":"Ji, T., Pan, J., Chen, L., Mao, X.: Identifying supplementary bug-fix commits. In: Proceedings of the 42nd Annual Computer Software and Applications Conference (COMPSAC), pp. 184\u2013193. IEEE (2018)","DOI":"10.1109\/COMPSAC.2018.00031"},{"key":"795_CR37","doi-asserted-by":"crossref","unstructured":"Wang, X., Wang, S., Sun, K., Batcheller, A., Jajodia, S.: A machine learning approach to classify security patches into vulnerability types. In: Proceedings of the IEEE Conference on Communications and Network Security (CNS), pp. 1\u20139 (2020)","DOI":"10.1109\/CNS48642.2020.9162237"},{"key":"795_CR38","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10664-021-09944-w","volume":"26","author":"T Riom","year":"2021","unstructured":"Riom, T., Sawadogo, A., Allix, K., Bissyand\u00e9, T.F., Moha, N., Klein, J.: Revisiting the VCCFinder approach for the identification of vulnerability-contributing commits. Empir. Softw. Eng. 26, 1\u201330 (2021)","journal-title":"Empir. Softw. Eng."},{"key":"795_CR39","doi-asserted-by":"crossref","unstructured":"Tan, X., Zhang, Y., Mi, C., Cao, J., Sun, K., Lin, Y., Yang, M.: Locating the security patches for disclosed OSS vulnerabilities with vulnerability-commit correlation ranking. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 3282\u20133299 (2021)","DOI":"10.1145\/3460120.3484593"},{"issue":"23\u2013581","key":"795_CR40","first-page":"81","volume":"11","author":"CJC Burges","year":"2010","unstructured":"Burges, C.J.C.: From ranknet to lambdarank to lambdamart: an overview. Learning 11(23\u2013581), 81 (2010)","journal-title":"Learning"},{"key":"795_CR41","doi-asserted-by":"crossref","unstructured":"Wang, S., Wang, X., Sun, K., Jajodia, S., Wang, H., Li, Q. Graphspd: graph-based security patch detection with enriched code semantics. In: Proceedings of the IEEE Symposium on Security and Privacy (SP), pp. 604\u2013621 (2022)","DOI":"10.1109\/SP46215.2023.10179479"},{"issue":"6","key":"795_CR42","doi-asserted-by":"publisher","first-page":"3938","DOI":"10.3390\/app13063938","volume":"13","author":"X Zhou","year":"2023","unstructured":"Zhou, X., Pang, J., Shan, Z., Yue, F., Liu, F., Jinlong, X., Wang, J., Liu, W., Liu, G.: TMVDPatch: a trusted multi-view decision system for security patch identification. Appl. Sci. 13(6), 3938 (2023)","journal-title":"Appl. Sci."},{"key":"795_CR43","doi-asserted-by":"crossref","unstructured":"Sabetta, A., Bezzi, M.: A practical approach to the automatic classification of security-relevant commits. In: Proceedings of the IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 579\u2013582 (2018)","DOI":"10.1109\/ICSME.2018.00058"},{"issue":"11","key":"795_CR44","doi-asserted-by":"publisher","first-page":"2471","DOI":"10.1109\/TSE.2019.2952614","volume":"47","author":"T Hoang","year":"2021","unstructured":"Hoang, T., Lawall, J., Tian, Y., Oentaryo, R.J., Lo, D.: PatchNet: hierarchical deep learning-based stable patch identification for the Linux kernel. IEEE Trans. Softw. Eng. 47(11), 2471\u20132486 (2021)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"795_CR45","doi-asserted-by":"crossref","unstructured":"Feng, Z., Guo, D., Tang, D., Duan, N., Feng, X., Gong, M., Shou, L., Qin, B., Liu, T., Jiang, and D., Zhou, M.: CodeBERT: a pre-trained model for programming and natural languages. In: Findings of the Association for Computational Linguistics: EMNLP 2020, pp. 1536\u20131547. Association for Computational Linguistics (2020)","DOI":"10.18653\/v1\/2020.findings-emnlp.139"},{"key":"795_CR46","doi-asserted-by":"crossref","unstructured":"Zuo, F., Zhang, X., Song, Y., Rhee, J., Fu, J.: Commit message can help: security patch detection in open source software via transformer. In: IEEE\/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA), pp. 345\u2013351 (2023)","DOI":"10.1109\/SERA57763.2023.10197730"},{"key":"795_CR47","unstructured":"Vaswani, A., Shazeer, N., Parmar, N., Uszkoreit, J., Jones, L., Gomez, A.N., Kaiser, \u0141., Polosukhin, I.: Attention is all you need. In: Advances in Neural Information Processing Systems, vol. 30 (2017)"},{"key":"795_CR48","doi-asserted-by":"crossref","unstructured":"Zhou, Y., Sharma, A.: Automated identification of security issues from commit messages and bug reports. In: Proceedings of the 11th Joint Meeting on Foundations of Software Engineering, pp. 914\u2013919 (2017)","DOI":"10.1145\/3106237.3117771"},{"key":"795_CR49","unstructured":"Islam, M.R., Zibran, M.F.: Sentiment analysis of software bug related commit messages. In: Proceedings of the 27th International Conference on Software Engineering and Data Engineering (SEDE), pp. 3\u20138 (2018)"},{"key":"795_CR50","doi-asserted-by":"crossref","unstructured":"Wang, X., Wang, S., Feng, P., Sun, K., Jajodia, S.: PatchDB: a large-scale security patch dataset. In: Proceedings of the 51st annual IEEE\/IFIP international conference on dependable systems and networks (DSN), pp. 149\u2013160 (2021)","DOI":"10.1109\/DSN48987.2021.00030"},{"key":"795_CR51","unstructured":"Reis, S., Abreu, R.: A ground-truth dataset of real security patches. arXiv:2110.09635 (2021)"},{"key":"795_CR52","doi-asserted-by":"crossref","unstructured":"Zuo, F., Rhee, J., Kim, Y., Oh, J., Qian, G.: A comprehensive dataset towards hands-on experience enhancement in a research-involved cybersecurity program. In: The 24th ACM Annual Conference on Information Technology Education, pp. 118\u2013124 (2023)","DOI":"10.1145\/3585059.3611416"},{"key":"795_CR53","doi-asserted-by":"crossref","unstructured":"Li, F., Paxson, V.: A large-scale empirical study of security patches. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 2201\u20132215 (2017)","DOI":"10.1145\/3133956.3134072"},{"key":"795_CR54","doi-asserted-by":"crossref","unstructured":"Iannone, E., Guadagni, R., Ferrucci, F., De Lucia, A., Palomba, F.: The secret life of software vulnerabilities: a large-scale empirical study. IEEE Trans. Softw. Eng. 49(1), 44\u201363 (2022)","DOI":"10.1109\/TSE.2022.3140868"},{"key":"795_CR55","doi-asserted-by":"crossref","unstructured":"Zhong, H., Su, Z.: An empirical study on real bug fixes. In: Proceedings of the 37th International Conference on Software Engineering, vol.\u00a01, pp. 913\u2013923. IEEE (2015)","DOI":"10.1109\/ICSE.2015.101"},{"key":"795_CR56","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2020.110691","volume":"169","author":"R Ferenc","year":"2020","unstructured":"Ferenc, R., Gyimesi, P., Gyimesi, G., T\u00f3th, Z., Gyim\u00f3thy, T.: An automatically created novel bug dataset and its validation in bug prediction. J. Syst. Softw. 169, 110691 (2020)","journal-title":"J. Syst. Softw."},{"key":"795_CR57","doi-asserted-by":"publisher","first-page":"1354","DOI":"10.1007\/s10664-014-9331-y","volume":"20","author":"Y Tian","year":"2015","unstructured":"Tian, Y., Lo, D., Xia, X., Sun, C.: Automated prediction of bug report priority using multi-factor analysis. Empir. Softw. Eng. 20, 1354\u20131383 (2015)","journal-title":"Empir. Softw. Eng."},{"key":"795_CR58","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10664-020-09906-8","volume":"26","author":"R Shu","year":"2021","unstructured":"Shu, R., Xia, T., Chen, J., Williams, L., Menzies, T.: How to better distinguish security bug reports (using dual hyperparameter optimization). Empir. Softw. Eng. 26, 1\u201337 (2021)","journal-title":"Empir. Softw. Eng."},{"key":"795_CR59","doi-asserted-by":"crossref","unstructured":"Ahmed, H.A., Bawany, N.Z., Shamsi, J.A.: CaPBug-a framework for automatic bug categorization and prioritization using NLP and machine learning algorithms. IEEE Access 9, 50496\u201350512 (2021)","DOI":"10.1109\/ACCESS.2021.3069248"},{"issue":"4","key":"795_CR60","doi-asserted-by":"publisher","first-page":"1341","DOI":"10.1109\/TR.2019.2959624","volume":"69","author":"Q Umer","year":"2019","unstructured":"Umer, Q., Liu, H., Illahi, I.: Cnn-based automatic prioritization of bug reports. IEEE Trans. Reliab. 69(4), 1341\u20131354 (2019)","journal-title":"IEEE Trans. Reliab."},{"issue":"2","key":"795_CR61","doi-asserted-by":"publisher","first-page":"563","DOI":"10.1109\/TR.2021.3074412","volume":"70","author":"S Fang","year":"2021","unstructured":"Fang, S., Tan, Y., Zhang, T., Zhou, X., Liu, H.: Effective prediction of bug-fixing priority via weighted graph convolutional networks. IEEE Trans. Reliab. 70(2), 563\u2013574 (2021)","journal-title":"IEEE Trans. Reliab."},{"key":"795_CR62","doi-asserted-by":"crossref","unstructured":"Li, Y., Che, X., Huang, Y., Wang, J., Wang, S., Wang, Y., Wang, Q.: A tale of two tasks: automated issue priority prediction with deep multi-task learning. In: Proceedings of the 16th ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement, pp. 1\u201311 (2022)","DOI":"10.1145\/3544902.3546257"},{"key":"795_CR63","doi-asserted-by":"crossref","unstructured":"Sun, C., Lo, D., Khoo, S.-C., Jiang, J.: Towards more accurate retrieval of duplicate bug reports. In: 2011 26th IEEE\/ACM International Conference on Automated Software Engineering (ASE), pp. 253\u2013262. IEEE (2011)","DOI":"10.1109\/ASE.2011.6100061"},{"key":"795_CR64","doi-asserted-by":"crossref","unstructured":"Robertson, S., Zaragoza, H., Taylor, M.: Simple bm25 extension to multiple weighted fields. In: Proceedings of the 13th International Conference on Information and Knowledge Management (CIKM), pp. 42-49. ACM (2004)","DOI":"10.1145\/1031171.1031181"},{"key":"795_CR65","doi-asserted-by":"crossref","unstructured":"Nguyen, A.T., Nguyen, T.T., Nguyen, T.N., Lo, D., Sun, C.: Duplicate bug report detection with a combination of information retrieval and topic modeling. In: Proceedings of the 27th IEEE\/ACM International Conference on Automated Software Engineering, pp. 70\u201379 (2012)","DOI":"10.1145\/2351676.2351687"},{"key":"795_CR66","doi-asserted-by":"crossref","unstructured":"Gopalan, R.P., Krishna, A.: Duplicate bug report detection using clustering. In: Proceedings of the 23rd Australian Software Engineering Conference, pp. 104\u2013109. IEEE (2014)","DOI":"10.1109\/ASWEC.2014.31"},{"key":"795_CR67","doi-asserted-by":"crossref","unstructured":"Deshmukh, J., Annervaz, K.M., Podder, S., Sengupta, S., Dubash, N.: Towards accurate duplicate bug retrieval using deep learning techniques. In: 2017 IEEE International conference on software maintenance and evolution (ICSME), pp. 115\u2013124. IEEE (2017)","DOI":"10.1109\/ICSME.2017.69"},{"key":"795_CR68","doi-asserted-by":"crossref","unstructured":"Budhiraja, A., Dutta, K., Reddy, R., Shrivastava, M.: DWEN: deep word embedding network for duplicate bug report detection in software repositories. In: Proceedings of the 40th International Conference on software engineering: companion proceeedings, pp. 193\u2013194 (2018)","DOI":"10.1145\/3183440.3195092"},{"key":"795_CR69","doi-asserted-by":"crossref","unstructured":"Zaman, S., Adams, B., Hassan, A.E.: Security versus performance bugs: a case study on Firefox. In: Proceedings of the 8th Working Conference on Mining Software Repositories, pp. 93\u2013102 (2011)","DOI":"10.1145\/1985441.1985457"},{"key":"795_CR70","doi-asserted-by":"crossref","unstructured":"Imseis, J., Nachuma, C., Arifuzzaman, S., Zibran, M., Bhuiyan, Z.A.: On the assessment of security and performance bugs in chromium open-source project. In: Proceedings of the 5th International Conference on Dependability in Sensor, Cloud, and Big Data Systems and Applications, pp. 145\u2013157 (2019)","DOI":"10.1007\/978-981-15-1304-6_12"},{"key":"795_CR71","doi-asserted-by":"crossref","unstructured":"Rajbhandari, A., Zibran, M.F., Eishita, F.Z.: Security versus performance bugs: How bugs are handled in the chromium project. In: Proceedings of the 20th IEEE\/ACIS International Conference on Software Engineering Research, Management and Applications (SERA), pp. 70\u201376 (2022)","DOI":"10.1109\/SERA54885.2022.9806745"},{"key":"795_CR72","doi-asserted-by":"crossref","unstructured":"Shrestha, M., Kim, Y., Oh, J., Rhee, J., Choe, Y.R., Zuo, F., Park, M., Qian, G.: Provsec: Cybersecurity system provenance analysis benchmark dataset. In: IEEE\/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA), pp. 352\u2013357 (2023)","DOI":"10.1109\/SERA57763.2023.10197743"},{"key":"795_CR73","doi-asserted-by":"crossref","unstructured":"Tian, Y., Zhang, Y., Stol, K.-J., Jiang, L., Liu, H.: What makes a good commit message? In: Proceedings of the 44th International Conference on Software Engineering, pp. 2389\u20132401 (2022)","DOI":"10.1145\/3510003.3510205"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-023-00795-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-023-00795-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-023-00795-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,27]],"date-time":"2024-03-27T07:44:54Z","timestamp":1711525494000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-023-00795-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,1,6]]},"references-count":73,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2024,4]]}},"alternative-id":["795"],"URL":"https:\/\/doi.org\/10.1007\/s10207-023-00795-8","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,1,6]]},"assertion":[{"value":"6 January 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}