{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T20:29:11Z","timestamp":1760300951858,"version":"3.41.0"},"reference-count":35,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,4,28]],"date-time":"2025-04-28T00:00:00Z","timestamp":1745798400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,4,28]],"date-time":"2025-04-28T00:00:00Z","timestamp":1745798400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,4,28]]},"DOI":"10.1109\/msr66628.2025.00064","type":"proceedings-article","created":{"date-parts":[[2025,6,13]],"date-time":"2025-06-13T17:47:40Z","timestamp":1749836860000},"page":"349-353","source":"Crossref","is-referenced-by-count":3,"title":["Tracing Vulnerabilities in Maven: A Study of CVE lifecycles and Dependency Networks"],"prefix":"10.1109","author":[{"given":"Corey","family":"Yang-Smith","sequence":"first","affiliation":[{"name":"University of Calgary,Calgary,Canada"}]},{"given":"Ahmad","family":"Abdellatif","sequence":"additional","affiliation":[{"name":"University of Calgary,Calgary,Canada"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.55"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3472811"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.26599\/TST.2019.9010003"},{"volume-title":"Common vulnerabilities and exposures (cve): Overview","year":"2024","key":"ref4"},{"volume-title":"Osv: Open source vulnerabilities","year":"2024","key":"ref5"},{"volume-title":"Stack overflow developer survey 2024","year":"2024","key":"ref6"},{"volume-title":"Maven repository: Central repository search","year":"2024","key":"ref7"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-022-10278-4"},{"key":"ref9","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3571848","article-title":"On the discoverability of npm vulnerabilities in node.js projects","volume":"32","author":"Alfadel","year":"2022","journal-title":"ACM Transactions on Software Engineering and Methodology"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/TNSE.2023.3260880"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00095"},{"key":"ref12","article-title":"Discovery of timeline and crowd reaction of software vulnerability disclosures","author":"Heng","year":"2024","journal-title":"arXiv preprint arXiv:2411.07480"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/MSR66628.2025.00029"},{"key":"ref14","article-title":"Characterizing dependency update practice of npm, pypi and cargo packages","author":"Rahman","year":"2024","journal-title":"arXiv preprint arXiv:2403.17382"},{"key":"ref15","article-title":"Preprint: Can the openssf scorecard be used to measure the security posture of npm and pypi?","author":"Zahan","year":"2022","journal-title":"arXiv preprint arXiv:2208.03412"},{"volume-title":"Sonatype central search rest api guide","year":"2024","key":"ref16"},{"volume-title":"OpenDigger","year":"2021","author":"Zhao","key":"ref17"},{"volume-title":"GH Archive","year":"2024","key":"ref18"},{"volume-title":"CHAOSS: Community Health Analytics Open Source Software","year":"2025","key":"ref19"},{"volume-title":"X-Lab: Unlocking Innovation","year":"2025","key":"ref20"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1214\/aoms\/1177730491.MR0022058.Zbl0041.26103"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3530019.3535304"},{"volume-title":"Contributor absence factor","year":"2025","key":"ref23"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2011.09.009"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.81"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3661167.3661279"},{"issue":"01","key":"ref27","doi-asserted-by":"crossref","first-page":"141","DOI":"10.56979\/401\/2022\/111","article-title":"Correlation between github stars and code vulnerabilities","volume":"4","author":"Naveed","year":"2022","journal-title":"Journal of Computing & Biomedical Informatics"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/ASE56229.2023.00058"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2015.7081868"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3689944.3696165"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/PST52912.2021.9647791"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-022-10154-1"},{"key":"ref33","first-page":"995","article-title":"Small world with high risks: A study of security threats in the npm ecosystem","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Zimmermann"},{"key":"ref34","doi-asserted-by":"crossref","DOI":"10.1109\/SANER56733.2023.00028","volume-title":"On the effect of transitivity and granularity on vulnerability propagation in the maven ecosystem","author":"Mir","year":"2023"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-021-10057-7"}],"event":{"name":"2025 IEEE\/ACM 22nd International Conference on Mining Software Repositories (MSR)","start":{"date-parts":[[2025,4,28]]},"location":"Ottawa, ON, Canada","end":{"date-parts":[[2025,4,29]]}},"container-title":["2025 IEEE\/ACM 22nd International Conference on Mining Software Repositories (MSR)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11025548\/11025536\/11025716.pdf?arnumber=11025716","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,14]],"date-time":"2025-06-14T05:06:29Z","timestamp":1749877589000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11025716\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,28]]},"references-count":35,"URL":"https:\/\/doi.org\/10.1109\/msr66628.2025.00064","relation":{},"subject":[],"published":{"date-parts":[[2025,4,28]]}}}