{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,31]],"date-time":"2026-03-31T21:39:08Z","timestamp":1774993148261,"version":"3.50.1"},"reference-count":65,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2023,11,20]],"date-time":"2023-11-20T00:00:00Z","timestamp":1700438400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2023,11,20]],"date-time":"2023-11-20T00:00:00Z","timestamp":1700438400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100000923","name":"Australian Research Council","doi-asserted-by":"publisher","award":["DE200100941"],"award-info":[{"award-number":["DE200100941"]}],"id":[{"id":"10.13039\/501100000923","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100000923","name":"Australian Research Council","doi-asserted-by":"publisher","award":["FL190100035"],"award-info":[{"award-number":["FL190100035"]}],"id":[{"id":"10.13039\/501100000923","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Empir Software Eng"],"published-print":{"date-parts":[[2024,1]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Many Machine Learning(ML)-based approaches have been proposed to automatically detect, localize, and repair software vulnerabilities. While ML-based methods are more effective than program analysis-based vulnerability analysis tools, few have been integrated into modern Integrated Development Environments (IDEs), hindering practical adoption. To bridge this critical gap, we propose in this article <jats:sc>AIBugHunter<\/jats:sc>, a novel Machine Learning-based software vulnerability analysis tool for C\/C++ languages that is integrated into the Visual Studio Code (VS Code) IDE. <jats:sc>AIBugHunter<\/jats:sc>\u00a0helps software developers to achieve real-time vulnerability detection, explanation, and repairs during programming. In particular, <jats:sc>AIBugHunter<\/jats:sc>\u00a0scans through developers\u2019 source code to (1) locate vulnerabilities, (2) identify vulnerability types, (3) estimate vulnerability severity, and (4) suggest vulnerability repairs. We integrate our previous works (i.e., LineVul and VulRepair) to achieve vulnerability localization and repairs. In this article, we propose a novel multi-objective optimization (MOO)-based vulnerability classification approach and a transformer-based estimation approach to help <jats:sc>AIBugHunter<\/jats:sc>\u00a0accurately identify vulnerability types and estimate severity. Our empirical experiments on a large dataset consisting of 188K+ C\/C++ functions confirm that our proposed approaches are more accurate than other state-of-the-art baseline methods for vulnerability classification and estimation. Furthermore, we conduct qualitative evaluations including a survey study and a user study to obtain software practitioners\u2019 perceptions of our <jats:sc>AIBugHunter<\/jats:sc>\u00a0tool and assess the impact that <jats:sc>AIBugHunter<\/jats:sc>\u00a0may have on developers\u2019 productivity in security aspects. Our survey study shows that our <jats:sc>AIBugHunter<\/jats:sc>\u00a0is perceived as useful where 90% of the participants consider adopting our <jats:sc>AIBugHunter<\/jats:sc>\u00a0during their software development. Last but not least, our user study shows that our <jats:sc>AIBugHunter<\/jats:sc>\u00a0can enhance developers\u2019 productivity in combating cybersecurity issues during software development. <jats:sc>AIBugHunter<\/jats:sc>\u00a0is now publicly available in the Visual Studio Code marketplace.<\/jats:p>","DOI":"10.1007\/s10664-023-10346-3","type":"journal-article","created":{"date-parts":[[2023,11,20]],"date-time":"2023-11-20T13:03:28Z","timestamp":1700485408000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":46,"title":["AIBugHunter: A Practical tool for predicting, classifying and repairing software vulnerabilities"],"prefix":"10.1007","volume":"29","author":[{"given":"Michael","family":"Fu","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5516-9984","authenticated-orcid":false,"given":"Chakkrit","family":"Tantithamthavorn","sequence":"additional","affiliation":[]},{"given":"Trung","family":"Le","sequence":"additional","affiliation":[]},{"given":"Yuki","family":"Kume","sequence":"additional","affiliation":[]},{"given":"Van","family":"Nguyen","sequence":"additional","affiliation":[]},{"given":"Dinh","family":"Phung","sequence":"additional","affiliation":[]},{"given":"John","family":"Grundy","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,11,20]]},"reference":[{"key":"10346_CR1","doi-asserted-by":"crossref","unstructured":"Aghaei E, Shadid W, Al-Shaer E (2020) Threatzoom: Hierarchical neural network for cves to cwes classification. In: International Conference on Security and Privacy in Communication Systems, Springer, pp 23\u201341","DOI":"10.1007\/978-3-030-63086-7_2"},{"key":"10346_CR2","doi-asserted-by":"crossref","unstructured":"Aota M, Kanehara H, Kubo M, Murata N, Sun B, Takahashi T (2020) Automation of vulnerability classification from its description using machine learning. In: 2020 IEEE Symposium on Computers and Communications (ISCC), IEEE, pp 1\u20137","DOI":"10.1109\/ISCC50000.2020.9219568"},{"key":"10346_CR3","doi-asserted-by":"crossref","unstructured":"Babalau I, Corlatescu D, Grigorescu O, Sandescu C, Dascalu M (2021) Severity prediction of software vulnerabilities based on their text description. In: 2021 23rd International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC), IEEE, pp 171\u2013177","DOI":"10.1109\/SYNASC54541.2021.00037"},{"key":"10346_CR4","doi-asserted-by":"crossref","unstructured":"Bhandari G, Naseer A, Moonen L (2021) Cvefixes: automated collection of vulnerabilities and their fixes from open-source software. In: Proceedings of the 17th International Conference on Predictive Models and Data Analytics in Software Engineering, pp 30\u201339","DOI":"10.1145\/3475960.3475985"},{"key":"10346_CR5","unstructured":"Checkmarx (2006) Checkmarx. https:\/\/checkmarx.com\/"},{"key":"10346_CR6","unstructured":"Chen Z, Badrinarayanan V, Lee CY, Rabinovich A (2018) Gradnorm: Gradient normalization for adaptive loss balancing in deep multitask networks. In: International conference on machine learning, PMLR, pp 794\u2013803"},{"key":"10346_CR7","unstructured":"Chen Z, Kommrusch S, Monperrus M (2021) Neural transfer learning for repairing security vulnerabilities in c code. IEEE Transactions on Software Engineering"},{"issue":"3","key":"10346_CR8","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1109\/MS.2023.3255663","volume":"40","author":"J Cito","year":"2023","unstructured":"Cito J, Chandra S, Tantithamthavorn C, Hemmati H (2023) Expert perspectives on explainability. IEEE Software 40(3):84\u201388. https:\/\/doi.org\/10.1109\/MS.2023.3255663","journal-title":"IEEE Software"},{"key":"10346_CR9","unstructured":"Corporation TM (2022) Att &ck. https:\/\/attack.mitre.org\/"},{"key":"10346_CR10","doi-asserted-by":"crossref","unstructured":"Croft R, Newlands D, Chen Z, Babar MA (2021) An empirical study of rule-based and learning-based approaches for static application security testing. In: In the Proceedings of the 15th ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), pp 1\u201312","DOI":"10.1145\/3475716.3475781"},{"key":"10346_CR11","unstructured":"CVSS (2003) Common vulnerability scoring system (cvss). https:\/\/nvd.nist.gov\/vuln-metrics\/cvss"},{"key":"10346_CR12","unstructured":"CWE (2006) Common weakness enumeration (cwe). https:\/\/cwe.mitre.org\/index.html"},{"key":"10346_CR13","unstructured":"CWE (2009) Cwe-787. https:\/\/cwe.mitre.org\/data\/definitions\/787.html"},{"key":"10346_CR14","unstructured":"CWE (2021a) 2021 cwe top 25 most dangerous software weaknesses. https:\/\/cwe.mitre.org\/top25\/archive\/2021\/2021_cwe_top25.html"},{"key":"10346_CR15","unstructured":"CWE (2021b) Cwe abstract type - class weakness. https:\/\/cwe.mitre.org\/documents\/glossary\/#Class%20Weakness"},{"key":"10346_CR16","unstructured":"CWE (2021c) Cwe abstract type - variant weakness. https:\/\/cwe.mitre.org\/documents\/glossary\/#Variant%20Weakness"},{"key":"10346_CR17","doi-asserted-by":"crossref","unstructured":"Das SS, Serra E, Halappanavar M, Pothen A, Al-Shaer E (2021) V2w-bert: A framework for effective hierarchical multiclass classification of software vulnerabilities. In: 2021 IEEE 8th International Conference on Data Science and Advanced Analytics (DSAA), IEEE, pp 1\u201312","DOI":"10.1109\/DSAA53316.2021.9564227"},{"key":"10346_CR18","unstructured":"Devlin J, Chang MW, Lee K, Toutanova K (2019) Bert: Pre-training of deep bidirectional transformers for language understanding. In: Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers), pp 4171\u20134186"},{"key":"10346_CR19","doi-asserted-by":"crossref","unstructured":"Fan J, Li Y, Wang S, Nguyen TN (2020) A c\/c++ code vulnerability dataset with code changes and cve summaries. In: Proceedings of the 17th International Conference on Mining Software Repositories, pp 508\u2013512","DOI":"10.1145\/3379597.3387501"},{"key":"10346_CR20","first-page":"1536","volume":"2020","author":"Z Feng","year":"2020","unstructured":"Feng Z, Guo D, Tang D, Duan N, Feng X, Gong M, Shou L, Qin B, Liu T, Jiang D et al (2020) Codebert: A pre-trained model for programming and natural languages. Findings of the Association for Computational Linguistics: EMNLP 2020:1536\u20131547","journal-title":"Findings of the Association for Computational Linguistics: EMNLP"},{"key":"10346_CR21","doi-asserted-by":"crossref","unstructured":"Fu M, Tantithamthavorn C (2022a) GPT2SP: A Transformer-Based Agile Story Point Estimation Approach. IEEE Transactions on Software Engineering","DOI":"10.1109\/TSE.2022.3158252"},{"key":"10346_CR22","doi-asserted-by":"crossref","unstructured":"Fu M, Tantithamthavorn C (2022b) Linevul: A transformer-based line-level vulnerability prediction. In: 2022 IEEE\/ACM 19th International Conference on Mining Software Repositories (MSR), IEEE","DOI":"10.1145\/3524842.3528452"},{"key":"10346_CR23","doi-asserted-by":"crossref","unstructured":"Fu M, Tantithamthavorn C, Le T, Nguyen V, Dinh P (2022) Vulrepair: A t5-based automated software vulnerability repair. In: In the Proceedings of the ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)","DOI":"10.1145\/3540250.3549098"},{"key":"10346_CR24","doi-asserted-by":"crossref","unstructured":"Gong X, Xing Z, Li X, Feng Z, Han Z (2019) Joint prediction of multiple vulnerability characteristics through multi-task learning. In: 2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS), IEEE, pp 31\u201340","DOI":"10.1109\/ICECCS.2019.00011"},{"key":"10346_CR25","doi-asserted-by":"crossref","unstructured":"Hin D, Kan A, Chen H, Babar MA (2022) Linevd: Statement-level vulnerability detection using graph neural networks. In: 2022 IEEE\/ACM 19th International Conference on Mining Software Repositories (MSR), IEEE","DOI":"10.1145\/3524842.3527949"},{"key":"10346_CR26","unstructured":"Jiarpakdee J, Tantithamthavorn C, Dam HK, Grundy J (2020) An Empirical Study of Model-Agnostic Techniques for Defect Prediction Models. IEEE Transactions on Software Engineering (TSE) p To Appear"},{"key":"10346_CR27","doi-asserted-by":"crossref","unstructured":"Jiarpakdee J, Tantithamthavorn C, Grundy J (2021) Practitioners\u2019 Perceptions of the Goals and Visual Explanations of Defect Prediction Models. In: Proceedings of the International Conference on Mining Software Repositories (MSR), p To Appear","DOI":"10.1109\/MSR52588.2021.00055"},{"issue":"128","key":"10346_CR28","first-page":"16","volume":"800","author":"A Johnson","year":"2011","unstructured":"Johnson A, Dempsey K, Ross R, Gupta S, Bailey D et al (2011) Guide for security-focused configuration management of information systems. NIST special publication 800(128):16\u201316","journal-title":"NIST special publication"},{"key":"10346_CR29","unstructured":"Kendall A, Gal Y, Cipolla R (2018) Multi-task learning using uncertainty to weigh losses for scene geometry and semantics. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp 7482\u20137491"},{"key":"10346_CR30","doi-asserted-by":"crossref","unstructured":"Khanan C, Luewichana W, Pruktharathikoon K, Jiarpakdee J, Tantithamthavorn C, Choetkiertikul M, Ragkhitwetsagul C, Sunetnanta T (2020) Jitbot: An explainable just-in-time defect prediction bot. In: 2020 35th IEEE\/ACM International Conference on Automated Software Engineering (ASE), IEEE, pp 1336\u20131339","DOI":"10.1145\/3324884.3415295"},{"key":"10346_CR31","doi-asserted-by":"crossref","unstructured":"Kitchenham BA, Pfleeger SL (2008) Personal opinion surveys. In: Guide to Advanced Empirical Software Engineering, Springer, pp 63\u201392","DOI":"10.1007\/978-1-84800-044-5_3"},{"key":"10346_CR32","unstructured":"Le THM, Hin D, Croft R, Babar MA (2021) Deepcva: Automated commit-level vulnerability assessment with deep multi-task learning. In: 2021 36th IEEE\/ACM International Conference on Automated Software Engineering (ASE), IEEE, pp 717\u2013729"},{"key":"10346_CR33","doi-asserted-by":"crossref","unstructured":"Li Y, Wang S, Nguyen TN (2021) Vulnerability detection with fine-grained interpretations. In: 29th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC\/FSE 2021, Association for Computing Machinery, Inc, pp 292\u2013303","DOI":"10.1145\/3468264.3468597"},{"key":"10346_CR34","doi-asserted-by":"publisher","unstructured":"Liu Y, Tantithamthavorn C, Li L, Liu Y (2022) Explainable AI for android malware detection: Towards understanding why the models perform so well? In: IEEE 33rd International Symposium on Software Reliability Engineering, ISSRE 2022, Charlotte, NC, USA, October 31 - Nov. 3, 2022, IEEE, pp 169\u2013180. https:\/\/doi.org\/10.1109\/ISSRE55969.2022.00026","DOI":"10.1109\/ISSRE55969.2022.00026"},{"key":"10346_CR35","doi-asserted-by":"publisher","unstructured":"Liu Y, Tantithamthavorn C, Li L, Liu Y (2023) Deep learning for android malware defenses: A systematic literature review. ACM Comput Surv 55(8):153:1\u2013153:36. https:\/\/doi.org\/10.1145\/3544968","DOI":"10.1145\/3544968"},{"key":"10346_CR36","unstructured":"Loshchilov I, Hutter F (2018) Decoupled weight decay regularization. In: International Conference on Learning Representations"},{"key":"10346_CR37","unstructured":"Marjam\u00e4ki D (2007) Cppcheck. https:\/\/cppcheck.sourceforge.io\/"},{"key":"10346_CR38","first-page":"657","volume-title":"International Conference on Broadband and Wireless Computing","author":"S Na","year":"2016","unstructured":"Na S, Kim T, Kim H (2016) A study on the classification of common vulnerabilities and exposures using na\u00efve bayes. International Conference on Broadband and Wireless Computing. Springer, Communication and Applications, pp 657\u2013662"},{"key":"10346_CR39","unstructured":"NVD (2019) Cvss version 3.1. https:\/\/nvd.nist.gov\/vuln-metrics\/cvss\/v3-calculator"},{"key":"10346_CR40","doi-asserted-by":"crossref","unstructured":"Pornprasit C, Tantithamthavorn C (2021) JITLine: A Simpler, Better, Faster, Finer-grained Just-In-Time Defect Prediction. In: Proceedings of the International Conference on Mining Software Repositories (MSR)","DOI":"10.1109\/MSR52588.2021.00049"},{"key":"10346_CR41","doi-asserted-by":"crossref","unstructured":"Pornprasit C, Tantithamthavorn C (2022) DeepLineDP: Towards a Deep Learning Approach for Line-Level Defect Prediction. IEEE Transactions on Software Engineering","DOI":"10.1109\/TSE.2022.3144348"},{"key":"10346_CR42","doi-asserted-by":"crossref","unstructured":"Pornprasit C, Tantithamthavorn C, Jiarpakdee J, Fu M, Thongtanunam P (2021) Pyexplainer: Explaining the predictions of just-in-time defect models. In: 2021 36th IEEE\/ACM International Conference on Automated Software Engineering (ASE), IEEE, pp 407\u2013418","DOI":"10.1109\/ASE51524.2021.9678763"},{"key":"10346_CR43","doi-asserted-by":"crossref","unstructured":"Rajapaksha D, Tantithamthavorn C, Bergmeir C, Buntine W, Jiarpakdee J, Grundy J (2021) Sqaplanner: Generating data-informed software quality improvement plans. IEEE Transactions on Software Engineering","DOI":"10.1109\/TSE.2021.3070559"},{"key":"10346_CR44","unstructured":"Renaud A (2018) A vulnerable c function. https:\/\/github.com\/AndreRenaud\/PDFGen\/commit\/8f9b3202f67feb386c9974520d%9bcc4531350fff"},{"key":"10346_CR45","unstructured":"Sener O, Koltun V (2018) Multi-task learning as multi-objective optimization. Advances in neural information processing systems 31"},{"key":"10346_CR46","doi-asserted-by":"crossref","unstructured":"Shuai B, Li H, Li M, Zhang Q, Tang C (2013) Automatic classification for vulnerability based on machine learning. In: 2013 IEEE International Conference on Information and Automation (ICIA), IEEE, pp 312\u2013318","DOI":"10.1109\/ICInfA.2013.6720316"},{"key":"10346_CR47","doi-asserted-by":"publisher","first-page":"152","DOI":"10.1016\/j.jss.2018.09.039","volume":"146","author":"G Spanos","year":"2018","unstructured":"Spanos G, Angelis L (2018) A multi-target approach to estimate software vulnerability characteristics and severity scores. Journal of Systems and Software 146:152\u2013166","journal-title":"Journal of Systems and Software"},{"key":"10346_CR48","doi-asserted-by":"crossref","unstructured":"Takerngsaksiri W, Tantithamthavorn C, Li YF (2022) Syntax-aware on-the-fly code completion. arXiv preprint arXiv:2211.04673","DOI":"10.2139\/ssrn.4511872"},{"key":"10346_CR49","doi-asserted-by":"crossref","unstructured":"Tantithamthavorn C, Jiarpakdee J (2021a) Explainable AI for Software Engineering. In: 2021 36th IEEE\/ACM International Conference on Automated Software Engineering (ASE), IEEE, pp 1\u20132","DOI":"10.1109\/ASE51524.2021.9678580"},{"key":"10346_CR50","doi-asserted-by":"crossref","unstructured":"Tantithamthavorn C, McIntosh S, Hassan AE, Matsumoto K (2016) Automated Parameter Optimization of Classification Techniques for Defect Prediction Models. In: ICSE, pp 321\u2013332","DOI":"10.1145\/2884781.2884857"},{"key":"10346_CR51","doi-asserted-by":"crossref","unstructured":"Tantithamthavorn C, McIntosh S, Hassan AE, Matsumoto K (2019) The Impact of Automated Parameter Optimization on Defect Prediction Models. TSE","DOI":"10.1109\/TSE.2018.2794977"},{"issue":"4","key":"10346_CR52","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1109\/MS.2021.3072088","volume":"38","author":"C Tantithamthavorn","year":"2021","unstructured":"Tantithamthavorn C, Jiarpakdee J, Grundy J (2021) Actionable analytics: Stop telling me what it is; please tell me what to do. IEEE Software 38(4):115\u2013120","journal-title":"IEEE Software"},{"issue":"3","key":"10346_CR53","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1109\/MS.2023.3246686","volume":"40","author":"C Tantithamthavorn","year":"2023","unstructured":"Tantithamthavorn C, Cito J, Hemmati H, Chandra S (2023) Explainable ai for se: Challenges and future directions. IEEE Software 40(3):29\u201333. https:\/\/doi.org\/10.1109\/MS.2023.3246686","journal-title":"IEEE Software"},{"key":"10346_CR54","doi-asserted-by":"crossref","unstructured":"Tantithamthavorn CK, Jiarpakdee J (2021b) Explainable ai for software engineering. In: 2021 36th IEEE\/ACM International Conference on Automated Software Engineering (ASE), IEEE, pp 1\u20132","DOI":"10.1109\/ASE51524.2021.9678580"},{"key":"10346_CR55","doi-asserted-by":"crossref","unstructured":"Thapa C, Jang SI, Ahmed ME, Camtepe S, Pieprzyk J, Nepal S (2022) Transformer-based language models for software vulnerability detection: Performance, model\u2019s security and platforms. arXiv preprint. arXiv:2204.03214","DOI":"10.1145\/3564625.3567985"},{"key":"10346_CR56","unstructured":"Touvron H, Cord M, Douze M, Massa F, Sablayrolles A, J\u00e9gou H (2021) Training data-efficient image transformers & distillation through attention. In: International Conference on Machine Learning, PMLR, pp 10,347\u201310,357"},{"key":"10346_CR57","unstructured":"Vaswani A, Shazeer N, Parmar N, Uszkoreit J, Jones L, Gomez AN, Kaiser \u0141, Polosukhin I (2017) Attention is all you need. In: Advances in neural information processing systems (NeurIPS), pp 5998\u20136008"},{"key":"10346_CR58","doi-asserted-by":"crossref","unstructured":"Wang T, Qin S, Chow KP (2021) Towards vulnerability types classification using pure self-attention: A common weakness enumeration based approach. In: 2021 IEEE 24th International Conference on Computational Science and Engineering (CSE), IEEE, pp 146\u2013153","DOI":"10.1109\/CSE53436.2021.00030"},{"key":"10346_CR59","doi-asserted-by":"crossref","unstructured":"Wang X, Wang S, Sun K, Batcheller A, Jajodia S (2020) A machine learning approach to classify security patches into vulnerability types. In: 2020 IEEE Conference on Communications and Network Security (CNS), IEEE, pp 1\u20139","DOI":"10.1109\/CNS48642.2020.9162237"},{"key":"10346_CR60","unstructured":"Wattanakriengkrai S, Thongtanunam P, Tantithamthavorn C, Hata H, Matsumoto K (2020) Predicting defective lines using a model-agnostic technique. IEEE Transactions on Software Engineering (TSE)"},{"key":"10346_CR61","unstructured":"WhiteSource (2019) What are the most secure programming languages? https:\/\/www.mend.io\/most-secure-programming-languages\/"},{"key":"10346_CR62","doi-asserted-by":"crossref","unstructured":"Yuan X, Lin G, Tai Y, Zhang J (2022) Deep neural embedding for software vulnerability discovery: Comparison and optimization. Security and Communication Networks 2022","DOI":"10.1155\/2022\/5203217"},{"key":"10346_CR63","unstructured":"Zettler K (2022) The devsecop tools that secure devops workflows. https:\/\/www.redhat.com\/en\/topics\/devops\/what-is-devsecops"},{"key":"10346_CR64","unstructured":"Zhou Y, Liu S, Siow J, Du X, Liu Y (2019) Devign: effective vulnerability identification by learning comprehensive program semantics via graph neural networks. In: Proceedings of the 33rd International Conference on Neural Information Processing Systems, pp 10,197\u201310,207"},{"key":"10346_CR65","doi-asserted-by":"crossref","unstructured":"Zhu C, Du G, Wu T, Cui N, Chen L, Shi G (2022) Bert-based vulnerability type identification with effective program representation. In: Wireless Algorithms, Systems, and Applications: 17th International Conference, WASA 2022, Dalian, China, November 24\u201326, 2022, Proceedings, Part I, Springer, pp 271\u2013282","DOI":"10.1007\/978-3-031-19208-1_23"}],"container-title":["Empirical Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-023-10346-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10664-023-10346-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-023-10346-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,27]],"date-time":"2024-03-27T13:23:02Z","timestamp":1711545782000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10664-023-10346-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,20]]},"references-count":65,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2024,1]]}},"alternative-id":["10346"],"URL":"https:\/\/doi.org\/10.1007\/s10664-023-10346-3","relation":{},"ISSN":["1382-3256","1573-7616"],"issn-type":[{"value":"1382-3256","type":"print"},{"value":"1573-7616","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,11,20]]},"assertion":[{"value":"25 May 2023","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 November 2023","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors of this article declared that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of Interest Statement"}}],"article-number":"4"}}