{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,7]],"date-time":"2026-07-07T15:45:29Z","timestamp":1783439129998,"version":"3.54.6"},"reference-count":62,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"8","license":[{"start":{"date-parts":[[2025,8,1]],"date-time":"2025-08-01T00:00:00Z","timestamp":1754006400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,8,1]],"date-time":"2025-08-01T00:00:00Z","timestamp":1754006400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,8,1]],"date-time":"2025-08-01T00:00:00Z","timestamp":1754006400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"National Key Research and Development Program and Development Program of China","award":["2022YFB3103904"],"award-info":[{"award-number":["2022YFB3103904"]}]},{"DOI":"10.13039\/501100004739","name":"Youth Innovation Promotion Association of the Chinese Academy of Sciences","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100004739","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IIEEE Trans. Software Eng."],"published-print":{"date-parts":[[2025,8]]},"DOI":"10.1109\/tse.2025.3584774","type":"journal-article","created":{"date-parts":[[2025,7,3]],"date-time":"2025-07-03T13:28:45Z","timestamp":1751549325000},"page":"2396-2411","source":"Crossref","is-referenced-by-count":2,"title":["TransferFuzz-Pro: Large Language Model Driven Code Debugging Technology for Verifying Propagated Vulnerability"],"prefix":"10.1109","volume":"51","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-4096-1209","authenticated-orcid":false,"given":"Siyuan","family":"Li","sequence":"first","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-1269-7710","authenticated-orcid":false,"given":"Kaiyu","family":"Xie","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4382-0757","authenticated-orcid":false,"given":"Yuekang","family":"Li","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, The University of New South Wales, Sydney, NSW, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1353-7838","authenticated-orcid":false,"given":"Hong","family":"Li","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7543-0326","authenticated-orcid":false,"given":"Yimo","family":"Ren","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2745-7521","authenticated-orcid":false,"given":"Limin","family":"Sun","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3720-7403","authenticated-orcid":false,"given":"Hongsong","family":"Zhu","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","article-title":"GitHub","year":"2008"},{"key":"ref2","article-title":"SourceForge","year":"2003"},{"key":"ref3","article-title":"VCPKG","year":"2016"},{"key":"ref4","article-title":"Synopsys 2024 open source security and risk analysis report","year":"2024"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3625294"},{"key":"ref6","article-title":"CVE","year":"1999"},{"key":"ref7","article-title":"NVD","year":"2005"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134048"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2019.00100"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534366"},{"key":"ref11","first-page":"887","article-title":"Precise and accurate patch presence test for binaries","volume-title":"Proc. 27th USENIX Secur. Symp. (USENIX Secur.)","author":"Zhang","year":"2018"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417240"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3623336"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/3604608"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134020"},{"key":"ref16","first-page":"47","article-title":"Binary-level directed fuzzing for Use-After-Free vulnerabilities","volume-title":"Proc. 23rd Int. Symp. Res. Attacks, Intrusions Defenses (RAID)","author":"Nguyen","year":"2020"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833751"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510197"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/icse55347.2025.00061"},{"key":"ref20","first-page":"4931","article-title":"DAFL: Directed grey-box fuzzing guided by data dependency","volume-title":"Proc. 32nd USENIX Secur. Symp. (USENIX Secur.)","author":"Kim","year":"2023"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179296"},{"key":"ref22","first-page":"1919","article-title":"CarpetFuzz: Automatic program option constraint extraction from documentation for fuzzing","volume-title":"Proc. 32nd USENIX Secur. Symp. (USENIX Secur.)","author":"Wang","year":"2023"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3690231"},{"key":"ref24","first-page":"2255","article-title":"FuzzGuard: Filtering out unreachable inputs in directed grey-box fuzzing through deep learning","volume-title":"Proc. 29th USENIX Secur. Symp. (USENIX Secur.)","author":"Zong","year":"2020"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484594"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534367"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/DSN48987.2021.00036"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/DSN48987.2021.00032"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1126\/science.220.4598.671"},{"key":"ref30","first-page":"1","article-title":"AFL++: Combining incremental steps of fuzzing research","volume-title":"Proc. 14th USENIX Workshop Offensive Technol. (WOOT)","author":"Fioraldi","year":"2020"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23371"},{"key":"ref32","article-title":"GDB","year":"1986"},{"key":"ref33","article-title":"PIN","year":"2017"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/3446371"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/1985441.1985453"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/SANER48275.2020.9054845"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3062341.3062387"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/SANER50967.2021.00028"},{"key":"ref39","first-page":"253","article-title":"BinSim: Trace-based semantic binary diffing via system call sliced segment equivalence checking","volume-title":"Proc. 26th USENIX Secur. Symp. (USENIX Secur.)","author":"Ming","year":"2017"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950350"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134018"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510627"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/3524842.3528442"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-22038-9_15"},{"key":"ref45","first-page":"1165","article-title":"MVP: Detecting vulnerabilities using Patch-Enhanced vulnerability signatures","volume-title":"29th USENIX Secur. Symp. (USENIX Secur.)","author":"Xiao","year":"2020"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/3314221.3314651"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-28865-9_18"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/SANER53432.2022.00089"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23263"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00081"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/3485832.3488022"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00114"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00017"},{"key":"ref54","first-page":"167","article-title":"kAFL:\u201cHardware-Assisted,\u201d \u201cfeedback fuzzing for,\u201d OS \u201ckernels","volume-title":"Proc. 26th USENIX Secur. Symp. (USENIX Secur.)","author":"Schumilo","year":"2017"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409748"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/3395363.3397372"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2946563"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243849"},{"key":"ref59","article-title":"Crewai","year":"2023"},{"key":"ref60","article-title":"Xbow","year":"2024"},{"key":"ref61","article-title":"Runsybil","year":"2023"},{"key":"ref62","article-title":"Cropzone AI","year":"2020"}],"container-title":["IEEE Transactions on Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/32\/11126986\/11066171.pdf?arnumber=11066171","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,18]],"date-time":"2025-08-18T19:43:31Z","timestamp":1755546211000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11066171\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8]]},"references-count":62,"journal-issue":{"issue":"8"},"URL":"https:\/\/doi.org\/10.1109\/tse.2025.3584774","relation":{},"ISSN":["0098-5589","1939-3520","2326-3881"],"issn-type":[{"value":"0098-5589","type":"print"},{"value":"1939-3520","type":"electronic"},{"value":"2326-3881","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,8]]}}}