{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,20]],"date-time":"2026-06-20T23:43:07Z","timestamp":1781998987166,"version":"3.54.5"},"reference-count":106,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"8","license":[{"start":{"date-parts":[[2023,8,1]],"date-time":"2023-08-01T00:00:00Z","timestamp":1690848000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2023,8,1]],"date-time":"2023-08-01T00:00:00Z","timestamp":1690848000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2023,8,1]],"date-time":"2023-08-01T00:00:00Z","timestamp":1690848000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001381","name":"National Research Foundation Singapore","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100001381","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001352","name":"National University of Singapore","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100001352","id-type":"DOI","asserted-by":"publisher"}]},{"name":"National Satellite of Excellence in Trustworthy Software Systems (NSOE-TSS) office"},{"name":"Trustworthy Computing for Secure Smart Nation Grant","award":["NSOE-TSS2020-02"],"award-info":[{"award-number":["NSOE-TSS2020-02"]}]},{"name":"Australian Research Council's Discovery Early Career Researcher Award","award":["DE220101057"],"award-info":[{"award-number":["DE220101057"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IIEEE Trans. Software Eng."],"published-print":{"date-parts":[[2023,8]]},"DOI":"10.1109\/tse.2023.3281275","type":"journal-article","created":{"date-parts":[[2023,5,30]],"date-time":"2023-05-30T17:21:47Z","timestamp":1685467307000},"page":"4035-4057","source":"Crossref","is-referenced-by-count":22,"title":["Multi-Granularity Detector for Vulnerability Fixes"],"prefix":"10.1109","volume":"49","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1057-7650","authenticated-orcid":false,"given":"Truong Giang","family":"Nguyen","sequence":"first","affiliation":[{"name":"School of Computing and Information Systems, Singapore Management University, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9566-324X","authenticated-orcid":false,"given":"Thanh","family":"Le-Cong","sequence":"additional","affiliation":[{"name":"School of Computing and Information Systems, Singapore Management University, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7335-7295","authenticated-orcid":false,"given":"Hong Jin","family":"Kang","sequence":"additional","affiliation":[{"name":"School of Computing and Information Systems, Singapore Management University, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8190-5458","authenticated-orcid":false,"given":"Ratnadira","family":"Widyasari","sequence":"additional","affiliation":[{"name":"School of Computing and Information Systems, Singapore Management University, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6100-8127","authenticated-orcid":false,"given":"Chengran","family":"Yang","sequence":"additional","affiliation":[{"name":"School of Computing and Information Systems, Singapore Management University, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1701-0286","authenticated-orcid":false,"given":"Zhipeng","family":"Zhao","sequence":"additional","affiliation":[{"name":"School of Computing and Information Systems, Singapore Management University, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1006-8493","authenticated-orcid":false,"given":"Bowen","family":"Xu","sequence":"additional","affiliation":[{"name":"School of Computing and Information Systems, Singapore Management University, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5181-3146","authenticated-orcid":false,"given":"Jiayuan","family":"Zhou","sequence":"additional","affiliation":[{"name":"Software Engineering Application Technology Lab, Shenzhen, Guangdong, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6302-3256","authenticated-orcid":false,"given":"Xin","family":"Xia","sequence":"additional","affiliation":[{"name":"Software Engineering Application Technology Lab, Shenzhen, Guangdong, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ahmed E.","family":"Hassan","sequence":"additional","affiliation":[{"name":"School of Computing, Queen's University, Kingston, ON, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5044-1582","authenticated-orcid":false,"given":"Xuan-Bach D.","family":"Le","sequence":"additional","affiliation":[{"name":"School of Computing and Information Systems, The University of Melbourne, Parkville, VIC, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4367-7201","authenticated-orcid":false,"given":"David","family":"Lo","sequence":"additional","affiliation":[{"name":"School of Computing and Information Systems, Singapore Management University, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510146"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1016\/j.neunet.2005.06.042"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3549101"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/MSR52588.2021.00063"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v33i01.33017055"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00067"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1162\/neco.1997.9.8.1735"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2019.00016"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3093761"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-59497-3_175"},{"key":"ref46","article-title":"CodeSearchNet challenge: Evaluating the state of semantic code search","author":"husain","year":"2019"},{"key":"ref45","first-page":"5998","article-title":"Attention is all you need","author":"vaswani","year":"2017","journal-title":"Proc Adv Neural Inf Process Syst"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/5.726791"},{"key":"ref47","year":"2020"},{"key":"ref42","first-page":"705","article-title":"Ensemble versus data sampling: Which option is best suited to improve classification performance of imbalanced bioinformatics data?","author":"khoshgoftaar","year":"2015","journal-title":"Proc IEEE Int Conf Tools Artif Intell"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2016.12.035"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2020.findings-emnlp.139"},{"key":"ref43","doi-asserted-by":"crossref","first-page":"241","DOI":"10.1007\/s11704-019-8208-z","article-title":"A survey on ensemble learning","volume":"14","author":"dong","year":"2020","journal-title":"Front Comput Sci"},{"key":"ref49","first-page":"807","article-title":"Rectified linear units improve restricted Boltzmann machines","author":"nair","year":"2010","journal-title":"Proc Int Conf Mach Learn"},{"key":"ref8","doi-asserted-by":"crossref","first-page":"384","DOI":"10.1007\/s10664-017-9521-5","article-title":"Do developers update their library dependencies?","volume":"23","author":"kula","year":"2018","journal-title":"Empirical Softw Eng"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-57735-7_13"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3029806.3029832"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09830-x"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510142"},{"key":"ref6","first-page":"182","article-title":"Technical lag in software compilations: Measuring how outdated a software deployment is","author":"gonzalez-barahona","year":"2017","journal-title":"Proc IFIP Int Conf Open Source Syst"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3196398.3196401"},{"key":"ref100","year":"2023"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1145\/3524610.3527917"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4419-9326-7_1"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510166"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/3485483"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3071750"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3549175"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3460348"},{"key":"ref30","article-title":"The cert guide to coordinated vulnerability disclosure","author":"householder","year":"2023"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3473135"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3276517"},{"key":"ref39","first-page":"134","article-title":"Helping developers help themselves: automatic decomposition of code review changesets","author":"barnett","year":"2015","journal-title":"Proceedings of the International Conference on Software Engineering ICSE'94"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/3505247"},{"key":"ref24","first-page":"1147","article-title":"BScout: Direct whole patch presence test for Java executables","author":"dai","year":"2020","journal-title":"Proc 29th USENIX Secur Symp"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23126"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3379597.3387461"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2019.00064"},{"key":"ref20","year":"0"},{"key":"ref22","first-page":"1","article-title":"The unfortunate reality of insecure libraries","author":"williams","year":"2012","journal-title":"Aspect Security Inc"},{"key":"ref21","year":"2021"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3192631"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3411495.3421360"},{"key":"ref29","year":"2018"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534398"},{"key":"ref12","year":"2020"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3117771"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2022.3181010"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-019-09688-8"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4612-4380-9_16"},{"key":"ref11","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s10664-020-09908-6","article-title":"A multi-dimensional analysis of technical lag in Debian-based Docker images","volume":"26","author":"zerouali","year":"2021","journal-title":"Empirical Softw Eng"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00075"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-021-09951-x"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.2978819"},{"key":"ref17","first-page":"51","article-title":"HERMES: Using commit-issue linking to detect vulnerability-fixing commits","author":"truong-giang","year":"2022","journal-title":"Proc IEEE 29th Int Conf Softw Anal Evol Reengineering"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2018.00058"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/ASE51524.2021.9678720"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3558936"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00064"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00094"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1145\/3527325"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510153"},{"key":"ref91","first-page":"729","article-title":"Tesseract: Eliminating experimental bias in malware classification across space and time","author":"pendlebury","year":"2019","journal-title":"Proc 28th USENIX Secur Symp"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2010.03.016"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2008.11.016"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-018-9679-5"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1002\/wics.101"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30220-6_1"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1109\/TNN.2006.883010"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1109\/ICICV50876.2021.9388622"},{"key":"ref81","first-page":"856","article-title":"Feature selection for high-dimensional data: A fast correlation-based filter solution","author":"yu","year":"2003","journal-title":"Proc 20th Int Conf Mach Learn"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-15-2329-8_31"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1049\/iet-sen.2020.0119"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1016\/0169-7439(87)80084-9"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2011.6080797"},{"key":"ref78","author":"pett","year":"2015","journal-title":"Nonparametric Statistics for Health Care Research Statistics for Small Samples and Unusual Distributions"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115677"},{"key":"ref104","article-title":"DeepCVA: Automated commit-level vulnerability assessment with deep multi-task learning","author":"le","year":"2021"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380361"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.2996975"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568254"},{"key":"ref102","first-page":"1","article-title":"SPI: Automated identification of security patches via commits","volume":"31","author":"zhou","year":"2021","journal-title":"ACM Trans Softw Eng Methodol"},{"key":"ref77","author":"brown","year":"1988","journal-title":"Understanding Research in Second Language Learning A Teacher's Guide to Statistics and Research Design"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813604"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2015.7081877"},{"key":"ref2","year":"2021"},{"key":"ref1","year":"2021"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2019.8668033"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2012.70"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-018-9661-2"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950353"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/CSMR.2010.18"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2008.35"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1109\/32.553637"},{"key":"ref64","article-title":"Adam: A method for stochastic optimization","author":"kingma","year":"2014"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/72.554195"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1148\/radiology.143.1.7063747"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1145\/3460319.3464819"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/2642937.2642982"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.3115\/v1\/P14-1062"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00108"}],"container-title":["IEEE Transactions on Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/32\/10217078\/10138621.pdf?arnumber=10138621","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,6,11]],"date-time":"2024-06-11T21:58:28Z","timestamp":1718143108000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10138621\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,8]]},"references-count":106,"journal-issue":{"issue":"8"},"URL":"https:\/\/doi.org\/10.1109\/tse.2023.3281275","relation":{},"ISSN":["0098-5589","1939-3520","2326-3881"],"issn-type":[{"value":"0098-5589","type":"print"},{"value":"1939-3520","type":"electronic"},{"value":"2326-3881","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,8]]}}}