{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T00:54:13Z","timestamp":1773708853644,"version":"3.50.1"},"reference-count":110,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"4","license":[{"start":{"date-parts":[[2023,4,1]],"date-time":"2023-04-01T00:00:00Z","timestamp":1680307200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2023,4,1]],"date-time":"2023-04-01T00:00:00Z","timestamp":1680307200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2023,4,1]],"date-time":"2023-04-01T00:00:00Z","timestamp":1680307200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100000183","name":"Army Research Office","doi-asserted-by":"publisher","award":["W911NF-21-1-0027"],"award-info":[{"award-number":["W911NF-21-1-0027"]}],"id":[{"id":"10.13039\/100000183","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N000142212111"],"award-info":[{"award-number":["N000142212111"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IIEEE Trans. Software Eng."],"published-print":{"date-parts":[[2023,4,1]]},"DOI":"10.1109\/tse.2022.3207149","type":"journal-article","created":{"date-parts":[[2022,9,16]],"date-time":"2022-09-16T19:37:58Z","timestamp":1663357078000},"page":"1983-2005","source":"Crossref","is-referenced-by-count":21,"title":["Open Science in Software Engineering: A Study on Deep Learning-Based Vulnerability Detection"],"prefix":"10.1109","volume":"49","author":[{"given":"Yu","family":"Nong","sequence":"first","affiliation":[{"name":"School of Electrical Engineering and Computer Science, Washington State University, Pullman, WA, USA"}]},{"given":"Rainy","family":"Sharma","sequence":"additional","affiliation":[{"name":"School of Electrical Engineering and Computer Science, Washington State University, Pullman, WA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3319-5006","authenticated-orcid":false,"given":"Abdelwahab","family":"Hamou-Lhadj","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Concordia University, Montreal, QC, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9082-3208","authenticated-orcid":false,"given":"Xiapu","family":"Luo","sequence":"additional","affiliation":[{"name":"Department of Computing, The Hong Kong Polytechnic University, Hong Kong SAR, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5224-9970","authenticated-orcid":false,"given":"Haipeng","family":"Cai","sequence":"additional","affiliation":[{"name":"School of Electrical Engineering and Computer Science, Washington State University, Pullman, WA, USA"}]}],"member":"263","reference":[{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-47426-3_54"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2017\/214"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/3377713.3377738"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/TFUZZ.2019.2958558"},{"key":"ref53","first-page":"1","article-title":"Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks","author":"zhou","year":"2019","journal-title":"Proc Adv Neural Inf Process Syst"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2018.00120"},{"key":"ref55","first-page":"2224","article-title":"?VulDeePecker: A deep learning-based system for multiclass vulnerability detection","volume":"18","author":"zou","year":"2019","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3076142"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3275524"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/ASEW.2019.00040"},{"key":"ref46","first-page":"367","article-title":"Random search and reproducibility for neural architecture search","author":"li","year":"2020","journal-title":"Proc Uncertainty Artif Intell"},{"key":"ref45","author":"ross","year":"2020","journal-title":"Introduction to Probability and Statistics for Engineers and Scientists"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0225196"},{"key":"ref47","first-page":"219","article-title":"Deep learning-based vulnerable function detection: A benchmark","author":"lin","year":"2019","journal-title":"Proc Int Conf Inf Commun Secur"},{"key":"ref42","article-title":"Artifact review and badging - current: Terminology","year":"2021"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2019.2942800"},{"key":"ref44","article-title":"Classification accuracy is not enough: More performance measures you can use","author":"brownlee","year":"2014"},{"key":"ref43","article-title":"Which is the most vulnerable programming language?","author":"rasool","year":"2019"},{"key":"ref49","first-page":"199","article-title":"Vulhunter: An automated vulnerability detection system based on deep learning and bytecode","author":"guo","year":"2019","journal-title":"Proc Int Conf Inf Commun Secur"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/2658987"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/1852786.1852790"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-010-9141-9"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/3412841.3442029"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-32489-6_17"},{"key":"ref6","first-page":"60","article-title":"Replication of software engineering experiments","author":"juristo","year":"2010","journal-title":"Empirical Software Engineering and Verification"},{"key":"ref5","article-title":"Replication of experimental results in software engineering","volume":"2","author":"brooks","year":"0"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-54862-8_26"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1109\/CGO.2011.5764689"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3051525"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3087402"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2988557"},{"key":"ref37","first-page":"1","article-title":"Maximal divergence sequential autoencoder for binary software vulnerability detection","author":"le","year":"2018","journal-title":"Proc Int Conf Learn Representations"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-47436-2_13"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2018.2821768"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/MINES.2012.202"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2923227"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2019.2954088"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23158"},{"key":"ref38","article-title":"Towards security defect prediction with ai","author":"sestili","year":"2018"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/2812803"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2010.5463348"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v32i1.11503"},{"key":"ref25","first-page":"104","article-title":"On reproducibility of deep convolutional neural networks approaches","author":"piantadosi","year":"2018","journal-title":"Proc Int Workshop Reproducible Res Pattern Recognit"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2018.02.003"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58167-1_9"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3386569.3392413"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.7554\/eLife.16800"},{"key":"ref27","article-title":"On the replicability and reproducibility of deep learning in software engineering","author":"liu","year":"2020"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2004.1281254"},{"key":"ref13","doi-asserted-by":"crossref","first-page":"485","DOI":"10.1038\/nature10836","article-title":"The case for open computer programs","volume":"482","author":"ince","year":"2012","journal-title":"Nature"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-008-9060-1"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1038\/ngeo2283"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-011-9181-9"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1109\/SANER48275.2020.9054851"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44801-2_8"},{"key":"ref11","first-page":"1","article-title":"Beyond replication: An example of the potential benefits of replicability in the mining of software repositories community","author":"robles","year":"2010","journal-title":"Proc 1st Int Workshop Replication Empirical Softw Eng Sesearch"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-17502-3_9"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/2347696.2347706"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2021.106614"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1136\/bmj.l6927"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.3934\/Math.2016.3.261"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2018.03.009"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2015.02.001"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931047"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1609\/icwsm.v8i1.14552"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1109\/MCI.2018.2866730"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1145\/3359591.3359735"},{"key":"ref91","first-page":"102","article-title":"The random neural network as a bonding model for software vulnerability prediction","author":"filus","year":"2020","journal-title":"Proc Model Anal Simul Comput Telecommun Syst"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom50675.2020.00078"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1109\/BigData50022.2020.9377803"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.5103"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2018.2881961"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1109\/ISPA-BDCloud-SocialCom-SustainCom51426.2020.00068"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1109\/ICMCCE51767.2020.00320"},{"key":"ref82","first-page":"19","article-title":"Can we predict software vulnerability with deep neural network?","author":"catal","year":"2016","journal-title":"Proc Int Multiconference Inf Soc"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.18293\/SEKE2019-168"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-67274-8_6"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-30490-4_58"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1145\/3094243.3094245"},{"key":"ref79","article-title":"Predicting vulnerability in large codebases with deep code representation","author":"tanwar","year":"2020"},{"key":"ref108","article-title":"Empirical standards for software engineering research","author":"ralph","year":"2020"},{"key":"ref78","article-title":"Vulcan: Classifying vulnerabilities in solidity smart contracts using dependency-based deep program representations","author":"srikant","year":"2020"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-019-09747-0"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1145\/3196398.3196473"},{"key":"ref107","article-title":"Figshare","author":"science","year":"2022"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2965726"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2019.8851923"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1145\/2610384.2628055"},{"key":"ref77","first-page":"454","article-title":"Application of siamese neural networks for fast vulnerability detection in mips executable code","author":"demidov","year":"2019","journal-title":"Proc Future Technol Conf"},{"key":"ref102","first-page":"17","article-title":"Using Valgrind to detect undefined value errors with bit-precision","author":"seward","year":"2005","journal-title":"Proc Annu Conf USENIX Annu Tech Conf"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2942043"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-021-09955-7"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1177\/0306312718772086"},{"key":"ref1","doi-asserted-by":"crossref","DOI":"10.7287\/peerj.preprints.2689v1","article-title":"Do you speak open science? Resources and tips to learn the language","author":"masuzzo","year":"2017"},{"key":"ref71","article-title":"Automatic feature learning for vulnerability prediction","author":"dam","year":"2017"},{"key":"ref70","article-title":"A framework for using deep learning to detect software vulnerabilities","author":"hu","year":"2019"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1109\/CompComm.2017.8322752"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1109\/APSEC48747.2019.00041"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3083360"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/ICAIT.2018.8686548"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/QRS.2018.00023"},{"key":"ref69","article-title":"Learning to map source code to software vulnerability using code-as-a-graph","author":"suneja","year":"2020"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/ICECCS.2019.00012"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.2984505"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2900462"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2019\/648"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2020.106289"},{"key":"ref62","first-page":"7944","article-title":"Learning to repair software vulnerabilities with generative adversarial networks","author":"harer","year":"2018","journal-title":"Proc Int Conf Neural Inf Process"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.3390\/app10051692"}],"container-title":["IEEE Transactions on Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/32\/10103953\/09894099.pdf?arnumber=9894099","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,8]],"date-time":"2023-05-08T18:50:30Z","timestamp":1683571830000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9894099\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,4,1]]},"references-count":110,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.1109\/tse.2022.3207149","relation":{},"ISSN":["0098-5589","1939-3520","2326-3881"],"issn-type":[{"value":"0098-5589","type":"print"},{"value":"1939-3520","type":"electronic"},{"value":"2326-3881","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,4,1]]}}}