{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T19:44:14Z","timestamp":1773431054363,"version":"3.50.1"},"reference-count":71,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"5","license":[{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100000180","name":"U.S. Department of Homeland Security","doi-asserted-by":"publisher","award":["70RSAT19CB0000020"],"award-info":[{"award-number":["70RSAT19CB0000020"]}],"id":[{"id":"10.13039\/100000180","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IIEEE Trans. Software Eng."],"published-print":{"date-parts":[[2023,5,1]]},"DOI":"10.1109\/tse.2023.3250479","type":"journal-article","created":{"date-parts":[[2023,2,28]],"date-time":"2023-02-28T18:34:08Z","timestamp":1677609248000},"page":"3241-3260","source":"Crossref","is-referenced-by-count":11,"title":["Empirical Validation of Automated Vulnerability Curation and Characterization"],"prefix":"10.1109","volume":"49","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6664-515X","authenticated-orcid":false,"given":"Ahmet","family":"Okutan","sequence":"first","affiliation":[{"name":"Leidos, Reston, VA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2938-897X","authenticated-orcid":false,"given":"Peter","family":"Mell","sequence":"additional","affiliation":[{"name":"National Institute of Standards and Technology, Gaithersburg, MD, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3470-6856","authenticated-orcid":false,"given":"Mehdi","family":"Mirakhorli","sequence":"additional","affiliation":[{"name":"Department of Software Engineering, Rochester Institute of Technology, Rochester, NY, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8438-8959","authenticated-orcid":false,"given":"Igor","family":"Khokhlov","sequence":"additional","affiliation":[{"name":"Sacred Heart University, Fairfield, CT, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8743-2516","authenticated-orcid":false,"given":"Joanna C. S.","family":"Santos","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, University of Notre Dame, Notre Dame, IN, USA"}]},{"given":"Danielle","family":"Gonzalez","sequence":"additional","affiliation":[{"name":"Department of Software Engineering, Rochester Institute of Technology, Rochester, NY, USA"}]},{"given":"Steven","family":"Simmons","sequence":"additional","affiliation":[{"name":"Department of Software Engineering, Rochester Institute of Technology, Rochester, NY, USA"}]}],"member":"263","reference":[{"key":"ref13","first-page":"919","article-title":"Understanding the reproducibility of crowd-reported security vulnerabilities","author":"mu","year":"2018","journal-title":"Proc 27th USENIX Secur Symp"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/3196398.3196454"},{"key":"ref12","article-title":"National vulnerability database (NVD)","year":"2020"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/3379597.3387501"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/948005.948050"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2900462"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/1853919.1853925"},{"key":"ref58","first-page":"64","article-title":"AndroVul: A repository for Android security vulnerabilities","author":"namrud","year":"2019","journal-title":"Proc 29th Annu Int Conf Comput Sci Softw Eng"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/2484313.2484377"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2017.06.004"},{"key":"ref11","year":"0"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2019.00064"},{"key":"ref10","year":"0"},{"key":"ref54","first-page":"93","article-title":"Milk or wine: Does software security improve with age?","author":"ozment","year":"2006","journal-title":"Proc Usenix Secur Symp"},{"key":"ref17","first-page":"869","article-title":"Towards the detection of inconsistencies in public security vulnerability reports","author":"dong","year":"2019","journal-title":"Proc 28th USENIX Secur Symp"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23088-2_15"},{"key":"ref19","article-title":"The race between security professionals and adversaries","author":"ladd","year":"2017"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1016\/j.aci.2017.12.002"},{"key":"ref51","article-title":"Cybersecurity research datasets: Taxonomy and empirical analysis","author":"zheng","year":"2018","journal-title":"Proc 11th USENIX Workshop Cyber Secur Experimentation Test"},{"key":"ref50","article-title":"IBM X-Force Exchange","year":"0"},{"key":"ref46","first-page":"376","article-title":"Automatically building an information-security vulnerability database","author":"arnold","year":"0","journal-title":"Proc IEEE Inf Assurance Workshop"},{"key":"ref45","first-page":"47","article-title":"A machine-oriented integrated vulnerability database for automated vulnerability detection and processing","author":"sufatrio","year":"2004","journal-title":"Proc Large Installation Syst Admin 18th Syst Admin Conf"},{"key":"ref48","article-title":"UCO: A unified cybersecurity ontology","author":"syed","year":"2016","journal-title":"Proc AAAI Workshop Artif Intell Cyber Secur"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/WI-IAT.2011.26"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.12.013"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.17"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/.2006.1629458"},{"key":"ref43","first-page":"284","article-title":"Quo vadis? A study of the evolution of input validation vulnerabilities in web applications","author":"scholte","year":"2011","journal-title":"Proc Int Conf Financial Cryptogr Data Secur"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/2746266.2746278"},{"key":"ref8","article-title":"Vulncode-DB","author":"habalov","year":"0"},{"key":"ref7","article-title":"NVD dashboard","year":"2018"},{"key":"ref9","year":"0"},{"key":"ref4","article-title":"Do malware reports expedite cleanup? An experimental study","author":"vasek","year":"2012","journal-title":"Proc 5th Workshop Cyber Secur Experimentation Test"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/2872427.2883039"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.43"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00038"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.41"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC.2008.15"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1007\/b11962"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00071"},{"key":"ref36","year":"2019"},{"key":"ref31","author":"witten","year":"2016","journal-title":"Data Mining Practical Machine Learning Tools and Techniques 2 Edition"},{"key":"ref30","first-page":"203","author":"kuncheva","year":"2004","journal-title":"Bagging and boosting"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-74958-5_15"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/775047.775131"},{"key":"ref2","first-page":"1041","article-title":"Vulnerability disclosure in the age of social media: Exploiting Twitter for predicting real-world exploits","author":"sabottke","year":"2015","journal-title":"Proc 24th USENIX Secur Symp"},{"key":"ref1","first-page":"1033","article-title":"You’ve got vulnerability: Exploring effective vulnerability notifications","author":"li","year":"2016","journal-title":"Proc 25th USENIX Secur Symp"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2012.26"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00017"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-008-9102-8"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.04.012"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/130385.130401"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/IITSI.2010.141"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2015.2479217"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/ISECS.2008.212"},{"key":"ref26","author":"jurafsky","year":"2009","journal-title":"Speech and Language Processing An Introduction to Natural Language Processing Computational Linguistics and Speech Recognition"},{"key":"ref25","first-page":"185","article-title":"Fast training of support vector machines using sequential minimal optimization","author":"platt","year":"1999","journal-title":"Advances in Kernel Methods Support Vector Learning"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/1162666.1162671"},{"key":"ref20","article-title":"Vulnerability description ontology (VDO): A framework for characterizing vulnerabilities","author":"booth","year":"2016"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/ICECCS.2019.00011"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-015-9408-2"},{"key":"ref22","year":"2011"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/2.889093"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1214\/aoms\/1177729694"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2019.00023"},{"key":"ref28","author":"quinlan","year":"1993","journal-title":"C4 5 Programs for Machine Learning"},{"key":"ref27","first-page":"338","article-title":"Estimating continuous distributions in Bayesian classifiers","author":"john","year":"1995","journal-title":"Proc 11th Conf Uncertainty Artif Intell"},{"key":"ref29","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1023\/A:1010933404324","article-title":"Random forests","volume":"45","author":"breiman","year":"2001","journal-title":"Mach Learn"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/ICSC.2013.50"},{"key":"ref62","article-title":"Identifying the presence of known vulnerabilities in the versions of a software project","author":"cabrey","year":"2016"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3006361"}],"container-title":["IEEE Transactions on Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/32\/10124809\/10056768.pdf?arnumber=10056768","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,6,19]],"date-time":"2023-06-19T18:00:06Z","timestamp":1687197606000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10056768\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5,1]]},"references-count":71,"journal-issue":{"issue":"5"},"URL":"https:\/\/doi.org\/10.1109\/tse.2023.3250479","relation":{},"ISSN":["0098-5589","1939-3520","2326-3881"],"issn-type":[{"value":"0098-5589","type":"print"},{"value":"1939-3520","type":"electronic"},{"value":"2326-3881","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,5,1]]}}}