{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T22:56:33Z","timestamp":1773442593376,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":53,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,11,11]],"date-time":"2014-11-11T00:00:00Z","timestamp":1415664000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,11,11]]},"DOI":"10.1145\/2635868.2635880","type":"proceedings-article","created":{"date-parts":[[2014,11,4]],"date-time":"2014-11-04T21:44:36Z","timestamp":1415137476000},"page":"257-268","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":84,"title":["Identifying the characteristics of vulnerable code changes: an empirical study"],"prefix":"10.1145","author":[{"given":"Amiangshu","family":"Bosu","sequence":"first","affiliation":[{"name":"University of Alabama, USA"}]},{"given":"Jeffrey C.","family":"Carver","sequence":"additional","affiliation":[{"name":"University of Alabama, USA"}]},{"given":"Munawar","family":"Hafiz","sequence":"additional","affiliation":[{"name":"Auburn University, USA"}]},{"given":"Patrick","family":"Hilley","sequence":"additional","affiliation":[{"name":"Providence College, USA"}]},{"given":"Derek","family":"Janni","sequence":"additional","affiliation":[{"name":"Lewis & Clark College, USA"}]}],"member":"320","published-online":{"date-parts":[[2014,11,11]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"https:\/\/www. securecoding.cert.org\/confluence\/display\/ seccode\/CERT+C+Secure+Coding+Standard. {Online","author":"Cert","year":"2014","unstructured":"Cert c secure coding standard. https:\/\/www. securecoding.cert.org\/confluence\/display\/ seccode\/CERT+C+Secure+Coding+Standard. {Online ; accessed 6- Mar- 2014 }. Cert c secure coding standard. https:\/\/www. securecoding.cert.org\/confluence\/display\/ seccode\/CERT+C+Secure+Coding+Standard. {Online; accessed 6-Mar-2014}."},{"key":"e_1_3_2_1_2_1","volume-title":"http:\/\/dev.chromium.org\/ developers\/coding-style. {Online","author":"Chromium","year":"2014","unstructured":"Chromium coding style. http:\/\/dev.chromium.org\/ developers\/coding-style. {Online ; accessed 6- Mar- 2014 }. Chromium coding style. http:\/\/dev.chromium.org\/ developers\/coding-style. {Online; accessed 6-Mar-2014}."},{"key":"e_1_3_2_1_3_1","volume-title":"http:\/\/www.chromium. org\/chromium-os\/developer-guide. {Online","author":"Chromium","year":"2014","unstructured":"Chromium developer guide. http:\/\/www.chromium. org\/chromium-os\/developer-guide. {Online ; accessed 6- Mar- 2014 }. Chromium developer guide. http:\/\/www.chromium. org\/chromium-os\/developer-guide. {Online; accessed 6-Mar-2014}."},{"key":"e_1_3_2_1_4_1","volume-title":"https:\/\/code.google.com\/p\/gerrit\/. {Online","author":"Gerrit","year":"2014","unstructured":"Gerrit code review tool. https:\/\/code.google.com\/p\/gerrit\/. {Online ; accessed 6- Mar- 2014 }. Gerrit code review tool. https:\/\/code.google.com\/p\/gerrit\/. {Online; accessed 6-Mar-2014}."},{"key":"e_1_3_2_1_5_1","unstructured":"Klocwork. http:\/\/www.klocwork.com\/.  Klocwork. http:\/\/www.klocwork.com\/."},{"key":"e_1_3_2_1_6_1","volume-title":"http: \/\/qt-project.org\/wiki\/Qt_Coding_Style. {Online","author":"Qt","year":"2014","unstructured":"Qt coding style. http: \/\/qt-project.org\/wiki\/Qt_Coding_Style. {Online ; accessed 6- Mar- 2014 }. Qt coding style. http: \/\/qt-project.org\/wiki\/Qt_Coding_Style. {Online; accessed 6-Mar-2014}."},{"key":"e_1_3_2_1_7_1","unstructured":"Android. Android developer guide. http:\/\/source. android.com\/source\/life-of-a-patch.html. {Online; accessed 6-Mar-2014}.  Android. Android developer guide. http:\/\/source. android.com\/source\/life-of-a-patch.html. {Online; accessed 6-Mar-2014}."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2011.18"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.5555\/2486788.2486882"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.5555\/2486788.2486915"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.799939"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SERE-C.2013.22"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2414721.2414726"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2013.23"},{"key":"e_1_3_2_1_15_1","unstructured":"S. Christey and R. Martin. Vulnerability type distributions in CVE version 1.1. http:\/\/cwe.mitre.org\/ documents\/vuln-trends\/index.html May 2007.  S. Christey and R. Martin. Vulnerability type distributions in CVE version 1.1. http:\/\/cwe.mitre.org\/ documents\/vuln-trends\/index.html May 2007."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1177\/001316446002000104"},{"key":"e_1_3_2_1_17_1","volume-title":"Smart Bear","author":"Cohen J.","year":"2006","unstructured":"J. Cohen , E. Brown , B. DuRette , and S. Teleki . Best Kept Secrets of Peer Code Review . Smart Bear , 2006 . J. Cohen, E. Brown, B. DuRette, and S. Teleki. Best Kept Secrets of Peer Code Review. Smart Bear, 2006."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2005.73"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2007.21"},{"key":"e_1_3_2_1_20_1","first-page":"573","volume-title":"Reviews and inspections. Software Pioneers\u2013Contributions to Software Engineering","author":"Fagan M.","year":"2002","unstructured":"M. Fagan . Reviews and inspections. Software Pioneers\u2013Contributions to Software Engineering , pages 562\u2013 573 , 2002 . M. Fagan. Reviews and inspections. Software Pioneers\u2013Contributions to Software Engineering, pages 562\u2013573, 2002."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1147\/sj.153.0182"},{"key":"e_1_3_2_1_22_1","unstructured":"I. Feinerer. Introduction to the tm package text mining in r. http:\/\/cran.r-project.org\/web\/packages\/ tm\/index.html 2013.  I. Feinerer. Introduction to the tm package text mining in r. http:\/\/cran.r-project.org\/web\/packages\/ tm\/index.html 2013."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-00199-4_12"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1456362.1456370"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/269012.269020"},{"key":"e_1_3_2_1_26_1","volume-title":"Why hackers do what they do: Understanding motivation and effort in free\/open source software projects. Perspectives on free and open source software, 1:3\u201322","author":"Lakhani K. R.","year":"2005","unstructured":"K. R. Lakhani and R. G. Wolf . Why hackers do what they do: Understanding motivation and effort in free\/open source software projects. Perspectives on free and open source software, 1:3\u201322 , 2005 . K. R. Lakhani and R. G. Wolf. Why hackers do what they do: Understanding motivation and effort in free\/open source software projects. Perspectives on free and open source software, 1:3\u201322, 2005."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2008.33"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2004.1281254"},{"key":"e_1_3_2_1_29_1","volume-title":"Software security: building security","author":"McGraw G.","year":"2006","unstructured":"G. McGraw . Software security: building security in, volume 1 . Addison-Wesley Professional , 2006 . G. McGraw. Software security: building security in, volume 1. Addison-Wesley Professional, 2006."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2008.478"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2013.19"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653717"},{"key":"e_1_3_2_1_33_1","unstructured":"Mitre Coroporation. Common weakness enumeration. http:\/\/cwe.mitre.org\/. {Online; accessed 6-Mar-2014}.  Mitre Coroporation. Common weakness enumeration. http:\/\/cwe.mitre.org\/. {Online; accessed 6-Mar-2014}."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/567793.567795"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1002\/bltj.2229"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.5555\/2487085.2487095"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062514"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315311"},{"key":"e_1_3_2_1_39_1","volume-title":"The open web application security project. https:\/\/www.owasp.org\/index.php\/Category: Vulnerability","author":"OWASP.","year":"2013","unstructured":"OWASP. The open web application security project. https:\/\/www.owasp.org\/index.php\/Category: Vulnerability , 2013 . {Online; accessed 6-Mar-2014}. OWASP. The open web application security project. https:\/\/www.owasp.org\/index.php\/Category: Vulnerability, 2013. {Online; accessed 6-Mar-2014}."},{"key":"e_1_3_2_1_40_1","unstructured":"M. F. Porter. Snowball: A language for stemming algorithms. http:\/\/www.tartarus.org\/\\~{}martin\/ PorterStemmer 2001.  M. F. Porter. Snowball: A language for stemming algorithms. http:\/\/www.tartarus.org\/\\~{}martin\/ PorterStemmer 2001."},{"key":"e_1_3_2_1_41_1","first-page":"298","volume-title":"Open Source Systems: Grounding Research","author":"Pratt L. J.","unstructured":"L. J. Pratt , A. C. MacLean , C. D. Knutson , and E. K. Ringger . Cliff Walls: An analysis of monolithic commits using Latent Dirichlet Allocation . In Open Source Systems: Grounding Research , pages 282\u2013 298 . Springer, 2011. L. J. Pratt, A. C. MacLean, C. D. Knutson, and E. K. Ringger. Cliff Walls: An analysis of monolithic commits using Latent Dirichlet Allocation. In Open Source Systems: Grounding Research, pages 282\u2013298. Springer, 2011."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2005.74"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/1985793.1985860"},{"key":"e_1_3_2_1_44_1","volume-title":"Homesteading the noosphere. First Monday, 3(10)","author":"Raymond E. S.","year":"1998","unstructured":"E. S. Raymond . Homesteading the noosphere. First Monday, 3(10) , 1998 . E. S. Raymond. Homesteading the noosphere. First Monday, 3(10), 1998."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2491411.2491444"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.81"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/1414004.1414065"},{"key":"e_1_3_2_1_48_1","volume-title":"Introduction to Data Mining","author":"Tan P.-N.","year":"2005","unstructured":"P.-N. Tan , M. Steinbach , and V. Kumar . Introduction to Data Mining , volume 1 . Addison-Wesley Longman Publishing Co., Inc. , 2005 . P.-N. Tan, M. Steinbach, and V. Kumar. Introduction to Data Mining, volume 1. Addison-Wesley Longman Publishing Co., Inc., 2005."},{"key":"e_1_3_2_1_49_1"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2009.5314215"},{"key":"e_1_3_2_1_51_1","volume-title":"A practical guide","author":"Wiegers K. E.","year":"2002","unstructured":"K. E. Wiegers . Peer reviews in Software : A practical guide . Addison-Wesley Boston , 2002 . K. E. Wiegers. Peer reviews in Software: A practical guide. Addison-Wesley Boston, 2002."},{"key":"e_1_3_2_1_52_1","volume-title":"Elementary sampling theory","author":"Yamane T.","year":"1967","unstructured":"T. Yamane . Elementary sampling theory . 1967 . T. Yamane. Elementary sampling theory. 1967."},{"key":"e_1_3_2_1_53_1","volume-title":"Morgan Kaufmann Pub. Inc.","author":"Zeller A.","year":"2005","unstructured":"A. Zeller . Why Programs Fail: A Guide to Systematic Debugging . Morgan Kaufmann Pub. Inc. , San Francisco, CA, USA , 2005 . A. Zeller. Why Programs Fail: A Guide to Systematic Debugging. Morgan Kaufmann Pub. Inc., San Francisco, CA, USA, 2005."}],"event":{"name":"SIGSOFT\/FSE'14: 22nd ACM SIGSOFT Symposium on the Foundations of Software Engineering","location":"Hong Kong China","acronym":"SIGSOFT\/FSE'14","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2635868.2635880","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2635868.2635880","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T19:03:44Z","timestamp":1750273424000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2635868.2635880"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,11,11]]},"references-count":53,"alternative-id":["10.1145\/2635868.2635880","10.1145\/2635868"],"URL":"https:\/\/doi.org\/10.1145\/2635868.2635880","relation":{},"subject":[],"published":{"date-parts":[[2014,11,11]]},"assertion":[{"value":"2014-11-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}