{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T21:31:45Z","timestamp":1771018305158,"version":"3.50.1"},"reference-count":78,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T00:00:00Z","timestamp":1769904000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T00:00:00Z","timestamp":1769904000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T00:00:00Z","timestamp":1769904000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IIEEE Trans. Software Eng."],"published-print":{"date-parts":[[2026,2]]},"DOI":"10.1109\/tse.2025.3599581","type":"journal-article","created":{"date-parts":[[2025,8,19]],"date-time":"2025-08-19T18:15:55Z","timestamp":1755627355000},"page":"376-394","source":"Crossref","is-referenced-by-count":0,"title":["Vercation: Precise Vulnerable Open-Source Software Version Identification Based on Static Analysis and LLM"],"prefix":"10.1109","volume":"52","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-9333-356X","authenticated-orcid":false,"given":"Yiran","family":"Cheng","sequence":"first","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6001-1372","authenticated-orcid":false,"given":"Ting","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Computing and Information Systems, Singapore Management University, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5130-0407","authenticated-orcid":false,"given":"Lwin Khin","family":"Shar","sequence":"additional","affiliation":[{"name":"Monash University, Clayton, VIC, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4385-8261","authenticated-orcid":false,"given":"Shouguo","family":"Yang","sequence":"additional","affiliation":[{"name":"Zhongguancun Laboratory, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-4729-7778","authenticated-orcid":false,"given":"Chaopeng","family":"Dong","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4367-7201","authenticated-orcid":false,"given":"David","family":"Lo","sequence":"additional","affiliation":[{"name":"Monash University, Clayton, VIC, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0549-0999","authenticated-orcid":false,"given":"Shichao","family":"Lv","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6168-8003","authenticated-orcid":false,"given":"Zhiqiang","family":"Shi","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2745-7521","authenticated-orcid":false,"given":"Limin","family":"Sun","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]}],"member":"263","reference":[{"key":"ref1","article-title":"NVD - home","year":"2009"},{"key":"ref2","article-title":"CVE-2018-5785","year":"2018"},{"key":"ref3","first-page":"869","article-title":"Towards the detection of inconsistencies in public security vulnerability reports","volume-title":"Proc. 28th USENIX Secur. Symp. (USENIX Secur. 19)","author":"Dong","year":"2019"},{"key":"ref4","first-page":"919","article-title":"Understanding the reproducibility of crowd-reported security vulnerabilities","volume-title":"Proc. 27th USENIX Secur. Symp. (USENIX Secur. 18)","author":"Mu","year":"2018"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484593"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/2484313.2484377"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484594"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2016.2616306"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00049"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-015-9408-2"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-019-09781-y"},{"key":"ref12","first-page":"1165","article-title":"MVP: Detecting vulnerabilities using patch-enhanced vulnerability signatures","volume-title":"Proc. 29th USENIX Secur. Symp. (USENIX Secur. 20)","author":"Xiao","year":"2020"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/3551349.3556933"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.13"},{"key":"ref15","first-page":"3037","article-title":"MOVERY: A precise approach for modified vulnerable code clone discovery from modified open-source software components","volume-title":"Proc. 31st USENIX Secur. Symp. (USENIX Secur. 22)","author":"Woo","year":"2022"},{"key":"ref16","first-page":"3041","article-title":"V0finder: Discovering the correct origin of publicly reported software vulnerabilities","volume-title":"Proc. 30th USENIX Secur. Symp. (USENIX Secur. 21)","author":"Woo","year":"2021"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510113"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3395363.3397362"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639219"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3715908"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639183"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3551349.3559555"},{"key":"ref23","article-title":"Long-context LLMs struggle with long in-context learning","author":"Li","year":"2024"},{"key":"ref24","article-title":"Hierarchical context merging: Better long context understanding for pre-trained LLMs","author":"Song","year":"2024"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3524842.3527949"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2019\/648"},{"key":"ref27","first-page":"6541","article-title":"V1SCAN: Discovering 1-day vulnerabilities in reused C\/C++ open-source software components using code classification techniques","volume-title":"Proc. 32nd USENIX Secur. Symp. (USENIX Secur. 23)","author":"Woo","year":"2023"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME55016.2022.00037"},{"key":"ref29","first-page":"1447","article-title":"Vision: Identifying affected library versions for open source software vulnerabilities","volume-title":"Proc. 39th IEEE\/ACM Int. Conf. Automated Softw. Eng.","author":"Wu","year":"2024"},{"key":"ref30","article-title":"GPT-4 Technical Report","author":"Achiam","year":"2023"},{"key":"ref31","article-title":"Code Llama: Open foundation models for code","author":"Roziere","year":"2023"},{"key":"ref32","article-title":"DeepSeek-V3 technical report","author":"DeepSeek","year":"2024"},{"key":"ref33","article-title":"JOERN - home","year":"2014"},{"key":"ref34","first-page":"1877","article-title":"Language models are few-shot learners","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"33","author":"Brown","year":"2020"},{"key":"ref35","article-title":"DeepSeek-Coder: When the large language model meets programming\u2013the rise of code intelligence","author":"Guo","year":"2024"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00128"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3660773"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2023.emnlp-main.68"},{"key":"ref39","article-title":"Large language models are human-level prompt engineers","author":"Zhou","year":"2022"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1016\/j.patter.2025.101260"},{"key":"ref41","article-title":"Cve-2017-14169","year":"2017"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2004.33"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0293742"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1984.5010248"},{"key":"ref45","article-title":"Automated CVE analysis for threat prioritization and impact prediction","author":"Aghaei","year":"2023"},{"key":"ref46","first-page":"24824","article-title":"Chain-of-thought prompting elicits reasoning in large language models","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"35","author":"Wei","year":"2022"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/DSN48987.2021.00036"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/3524610.3527880"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3029806.3029832"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2017.04.002"},{"key":"ref51","article-title":"CVE-2021-20294","year":"2021"},{"key":"ref52","article-title":"CPE - home","year":"2009"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2006.23"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/2642937.2642982"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3639476.3639764"},{"key":"ref56","article-title":"Cve-2021-30499","year":"2021"},{"key":"ref57","article-title":"Cve-2017-14152","year":"2017"},{"key":"ref58","article-title":"Cve-2021-33815","year":"2021"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2929761"},{"key":"ref60","article-title":"Cve-2020-35965","year":"2021"},{"key":"ref61","article-title":"Cve-2022-1355","year":"2021"},{"key":"ref62","article-title":"Llama 2: Open foundation and fine-tuned chat models","author":"Touvron","year":"2023"},{"key":"ref63","article-title":"GPT-4 turbo","year":"2023"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/IntelCIS.2015.7397263"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2010.5609665"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/3551349.3561165"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1145\/2892208.2892235"},{"key":"ref68","first-page":"332","article-title":"What developers want and need from program analysis: An empirical study","volume-title":"Proc. 31st IEEE\/ACM Int. Conf. Automated Softw. Eng.","author":"Christakis","year":"2016"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2021.106811"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991102"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3051525"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23158"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813604"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.62"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1145\/3705309"},{"key":"ref76","article-title":"30 years of software refactoring research: A systematic literature review","author":"Abid","year":"2020"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-SEIP52600.2021.00044"},{"key":"ref78","first-page":"821","article-title":"SCDetector: Software functional clone detection based on semantic tokens analysis","volume-title":"Proc. 35th IEEE\/ACM Int. Conf. Automated Softw. Eng.","author":"Wu","year":"2020"}],"container-title":["IEEE Transactions on Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/32\/11395383\/11129942.pdf?arnumber=11129942","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T20:49:46Z","timestamp":1771015786000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11129942\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2]]},"references-count":78,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/tse.2025.3599581","relation":{},"ISSN":["0098-5589","1939-3520","2326-3881"],"issn-type":[{"value":"0098-5589","type":"print"},{"value":"1939-3520","type":"electronic"},{"value":"2326-3881","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2]]}}}