{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T22:56:29Z","timestamp":1769727389874,"version":"3.49.0"},"reference-count":51,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2024,3,1]],"date-time":"2024-03-01T00:00:00Z","timestamp":1709251200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,3,1]],"date-time":"2024-03-01T00:00:00Z","timestamp":1709251200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,3,1]],"date-time":"2024-03-01T00:00:00Z","timestamp":1709251200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100012226","name":"Fundamental Research Funds for the Central Universities","doi-asserted-by":"publisher","award":["2020JBZ104"],"award-info":[{"award-number":["2020JBZ104"]}],"id":[{"id":"10.13039\/501100012226","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U21A20463"],"award-info":[{"award-number":["U21A20463"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U22B2027"],"award-info":[{"award-number":["U22B2027"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2024,3]]},"DOI":"10.1109\/tdsc.2023.3264567","type":"journal-article","created":{"date-parts":[[2023,4,5]],"date-time":"2023-04-05T18:01:20Z","timestamp":1680717680000},"page":"905-919","source":"Crossref","is-referenced-by-count":11,"title":["Automatically Identifying CVE Affected Versions With Patches and Developer Logs"],"prefix":"10.1109","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0045-4128","authenticated-orcid":false,"given":"Yongzhong","family":"He","sequence":"first","affiliation":[{"name":"Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, School of Computer, Beijing Jiaotong University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2351-7964","authenticated-orcid":false,"given":"Yiming","family":"Wang","sequence":"additional","affiliation":[{"name":"Beijing Jiaotong University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1047-7967","authenticated-orcid":false,"given":"Sencun","family":"Zhu","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, The Pennsylvania State University, State College, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5974-1589","authenticated-orcid":false,"given":"Wei","family":"Wang","sequence":"additional","affiliation":[{"name":"Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, School of Computer, Beijing Jiaotong University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yunjia","family":"Zhang","sequence":"additional","affiliation":[{"name":"Beijing Jiaotong University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9833-2836","authenticated-orcid":false,"given":"Qiang","family":"Li","sequence":"additional","affiliation":[{"name":"Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, School of Computer, Beijing Jiaotong University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5521-4757","authenticated-orcid":false,"given":"Aimin","family":"Yu","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","article-title":"2021 open-source security and risk analysis report","year":"2021"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3133908"},{"key":"ref3","article-title":"National vulnerability database","year":"2021"},{"key":"ref4","article-title":"Hakiri: Ships secure ruby apps","year":"2019"},{"key":"ref5","article-title":"Synk: Develop fast: Stay secure","year":"2019"},{"key":"ref6","article-title":"Sourceclear: Software composition analysis for devsecops","year":"2019"},{"key":"ref7","article-title":"Bundler-Audit","year":"2019"},{"key":"ref8","article-title":"Sonatype | OSS index","year":"2019"},{"key":"ref9","article-title":"OW ASP dependency check","year":"2019"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-01701-9_21"},{"key":"ref11","first-page":"137","volume-title":"The Common Vulnerability Scoring System (CVSS) generations\u2013usefulness deficiencies","author":"Horv\u00e1th","year":"2016"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134072"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/3176258.3176339"},{"key":"ref14","first-page":"869","article-title":"Towards the detection of inconsistencies in public security vulnerability reports","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Dong"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3125270"},{"key":"ref16","article-title":"\u201cWannaCry\u201d ransomware attack losses could reach 4 billion","author":"Berr","year":"2019"},{"key":"ref17","first-page":"919","article-title":"Understanding the reproducibility of crowd-reported security vulnerabilities","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Mu"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2484313.2484377"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2810122"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-45670-5_11"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2020.3016773"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3076142"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23158"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/TNSE.2020.2968505"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991102"},{"key":"ref26","article-title":"What is CVE-ID","year":"2021"},{"key":"ref27","article-title":"CVE numbering authorities","year":"2021"},{"key":"ref28","article-title":"Nation al institute of standards and technology","year":"2021"},{"key":"ref29","article-title":"Security content automation protocol","year":"2021"},{"key":"ref30","article-title":"Know affected software configurations","year":"2021"},{"key":"ref31","article-title":"Posting patches","year":"2021"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.13"},{"key":"ref33","article-title":"Keep a changelog","year":"2021"},{"key":"ref34","article-title":"Understanding git log","year":"2021"},{"key":"ref35","article-title":"Git log in linux kernel source tree","year":"2021"},{"key":"ref36","article-title":"Git log in busybox","year":"2021"},{"key":"ref37","article-title":"Git log in QEMU","year":"2021"},{"key":"ref38","article-title":"Git log in OpenSSL","year":"2021"},{"key":"ref39","article-title":"Active kernel releases","year":"2021"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134072"},{"key":"ref41","article-title":"Winmerge","year":"2021"},{"key":"ref42","article-title":"Linux kernel merges need to be done properly","year":"2021"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.62"},{"key":"ref44","article-title":"Vulnerability metrics","year":"2021"},{"key":"ref45","first-page":"149","article-title":"Digtool: A virtualization-based framework for detecting kernel vulnerabilities","volume-title":"Proc. 26th USENIX Secur. Symp.","author":"Pan"},{"key":"ref46","first-page":"1165","article-title":"MVP: Detecting vulnerabilities using patch-enhanced vulnerability signatures","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Xiao"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.44"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60876-1_15"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.99"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134085"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00071"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/10472294\/10093112.pdf?arnumber=10093112","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,6]],"date-time":"2024-09-06T08:53:45Z","timestamp":1725612825000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10093112\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3]]},"references-count":51,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2023.3264567","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,3]]}}}