{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T05:57:23Z","timestamp":1763445443980,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,11,8]],"date-time":"2020-11-08T00:00:00Z","timestamp":1604793600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,11,8]]},"DOI":"10.1145\/3416508.3417120","type":"proceedings-article","created":{"date-parts":[[2020,11,6]],"date-time":"2020-11-06T23:02:14Z","timestamp":1604703734000},"page":"11-20","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Improving real-world vulnerability characterization with vulnerable slices"],"prefix":"10.1145","author":[{"given":"Solmaz","family":"Salimi","sequence":"first","affiliation":[{"name":"Sharif University of Technology, Iran"}]},{"given":"Maryam","family":"Ebrahimzadeh","sequence":"additional","affiliation":[{"name":"Sharif University of Technology, Iran"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1773-8314","authenticated-orcid":false,"given":"Mehdi","family":"Kharrazi","sequence":"additional","affiliation":[{"name":"Sharif University of Technology, Iran"}]}],"member":"320","published-online":{"date-parts":[[2020,11,8]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2020. CVE-2019-6977. Retrieved April 2020 from https:\/\/cve.mitre.org\/cgibin\/cvename.cgi?name=CVE-2019-6977"},{"volume-title":"Retrieved","year":"2020","key":"e_1_3_2_1_2_1","unstructured":"2020. Debian Security Tracker. Retrieved March, 2020 from https:\/\/salsa.debian. org\/security-tracker-team\/security-tracker"},{"volume-title":"Retrieved","year":"2020","key":"e_1_3_2_1_3_1","unstructured":"2020. GD Graphics Library. Retrieved April, 2020 from https:\/\/libgd.github.io"},{"key":"e_1_3_2_1_4_1","unstructured":"2020. GitHub. Retrieved March 2020 from https:\/\/github.com"},{"key":"e_1_3_2_1_5_1","unstructured":"2020. NVD Database. Retrieved March 2020 from https:\/\/www.cvedetails.com\/ browse-by-date.php"},{"volume-title":"Retrieved","year":"2020","key":"e_1_3_2_1_6_1","unstructured":"2020. Red Hat CVE Database. Retrieved March, 2020 from https:\/\/access.redhat. com\/security\/security-updates\/#\/cve"},{"key":"e_1_3_2_1_7_1","volume-title":"Slice-Based Cognitive Complexity Metrics for Defect Prediction. In 27th IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2020","author":"Basma","year":"2020","unstructured":"Basma S. Alqadi and Jonathan I. Maletic. 2020. Slice-Based Cognitive Complexity Metrics for Defect Prediction. In 27th IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2020, London, ON, Canada, February 18-21, 2020, Kostas Kontogiannis, Foutse Khomh, Alexander Chatzigeorgiou, Marios-Eleftherios Fokaefs, and Minghui Zhou (Eds.). IEEE, 411-422."},{"key":"e_1_3_2_1_8_1","first-page":"37","volume-title":"Software Metrics and Security Vulnerabilities: Dataset and Exploratory Study. In 12th European Dependable Computing Conference, EDCC 2016","author":"Alves Henrique","year":"2016","unstructured":"Henrique Alves, Baldoino Fonseca, and Nuno Antunes. 2016. Software Metrics and Security Vulnerabilities: Dataset and Exploratory Study. In 12th European Dependable Computing Conference, EDCC 2016, Gothenburg, Sweden, September 5-9, 2016. IEEE Computer Society, 37-44."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1217295.1217297"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/130385.130401"},{"key":"e_1_3_2_1_11_1","volume-title":"Engler","author":"Cadar Cristian","year":"2008","unstructured":"Cristian Cadar, Daniel Dunbar, and Dawson R. Engler. 2008. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In 8th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2008, December 8-10, 2008, San Diego, California, USA, Proceedings, Richard Draves and Robbert van Renesse (Eds.). USENIX Association, 209-224."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2019.2924932"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1950365.1950396"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2010.06.003"},{"volume-title":"Retrieved","year":"2020","key":"e_1_3_2_1_16_1","unstructured":"Clang. 2020. Clang. Retrieved March, 2020 from https:\/\/clang.llvm.org"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33826-7_16"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00024"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978370"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"crossref","unstructured":"Wei Fu and Tim Menzies. 2017. Revisiting Unsupervised Learning for Defect Prediction. CoRR abs\/1703.00132 ( 2017 ).","DOI":"10.1145\/3106237.3106257"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3196398.3196454"},{"volume-title":"A Systematic Literature Review on Fault Prediction Performance in Software Engineering","author":"Hall Tracy","key":"e_1_3_2_1_22_1","unstructured":"Tracy Hall, Sarah Beecham, David Bowes, David Gray, and Steve Counsell. [n.d.]. A Systematic Literature Review on Fault Prediction Performance in Software Engineering. IEEE Trans. Software Eng. 38, 6 ([n. d.]), 1276-1304."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC.2017.22"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2017.51"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2012.70"},{"key":"e_1_3_2_1_26_1","first-page":"595","volume-title":"VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery. In 2017 IEEE Symposium on Security and Privacy, SP 2017","author":"Kim Seulbae","year":"2017","unstructured":"Seulbae Kim, Seunghoon Woo, Heejo Lee, and Hakjoo Oh. 2017. VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery. In 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 22-26, 2017. 595-614."},{"key":"e_1_3_2_1_27_1","first-page":"207","volume-title":"Dependence Graphs and Compiler Optimizations. In Conference Record of the Eighth Annual ACM Symposium on Principles of Programming Languages","author":"Kuck David J.","year":"1981","unstructured":"David J. Kuck, Robert H. Kuhn, David A. Padua, Bruce Leasure, and Michael Wolfe. 1981. Dependence Graphs and Compiler Optimizations. In Conference Record of the Eighth Annual ACM Symposium on Principles of Programming Languages, Williamsburg, Virginia, USA, January 1981, John White, Richard J. Lipton, and Patricia C. Goldberg (Eds.). ACM Press, 207-218."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"crossref","unstructured":"William Landi. 1992. Undecidability of Static Analysis. LOPLAS 1 4 ( 1992 ) 323-337.","DOI":"10.1145\/161494.161501"},{"key":"e_1_3_2_1_29_1","volume-title":"CLORIFI: software vulnerability discovery using code clone verification. Concurrency and Computation: Practice and Experience 28, 6 ( 2016 )","author":"Li Hongzhe","year":"1900","unstructured":"Hongzhe Li, Hyuckmin Kwon, Jonghoon Kwon, and Heejo Lee. 2016. CLORIFI: software vulnerability discovery using code clone verification. Concurrency and Computation: Practice and Experience 28, 6 ( 2016 ), 1900-1917."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-33630-5_15"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991102"},{"key":"e_1_3_2_1_32_1","unstructured":"Bingchang Liu Guozhu Meng Wei Zou Qi Gong Feng Li Min Lin Dandan Sun Wei Huo and Chao Zhang. 2020. A Large-Scale Empirical Study on Vulnerability Distribution within Projects and the Lessons Learned. In 2020 IEEE\/ACM 42 st International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_33_1","volume-title":"Code Churn: A Neglected Metric in Efort-Aware Just-in-Time Defect Prediction. In 2017 ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017","author":"Liu Jinping","year":"2017","unstructured":"Jinping Liu, Yuming Zhou, Yibiao Yang, Hongmin Lu, and Baowen Xu. 2017. Code Churn: A Neglected Metric in Efort-Aware Just-in-Time Defect Prediction. In 2017 ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017, Toronto, ON, Canada, November 9-10, 2017, Ayse Bener, Burak Turhan, and Stefan Bifl (Eds.). IEEE Computer Society, 11-19."},{"key":"e_1_3_2_1_34_1","volume-title":"Software Security: Building Security In. In 17th International Symposium on Software Reliability Engineering (ISSRE 2006 )","author":"McGraw Gary","year":"2006","unstructured":"Gary McGraw. 2006. Software Security: Building Security In. In 17th International Symposium on Software Reliability Engineering (ISSRE 2006 ), 7-10 November 2006, Raleigh, North Carolina, USA. IEEE Computer Society, 6."},{"key":"e_1_3_2_1_35_1","first-page":"216","volume-title":"28th IEEE International Symposium on Software Reliability Engineering, ISSRE 2017","author":"Da Silva Medeiros Nadia Patricia","year":"2017","unstructured":"Nadia Patricia Da Silva Medeiros, Naghmeh Ivaki, Pedro Costa, and Marco Vieira. 2017. Software Metrics as Indicators of Security Vulnerabilities. In 28th IEEE International Symposium on Software Reliability Engineering, ISSRE 2017, Toulouse, France, October 23-26, 2017. IEEE Computer Society, 216-227."},{"key":"e_1_3_2_1_36_1","first-page":"84","volume-title":"An Approach for Trustworthiness Benchmarking Using Software Metrics. In 23rd IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2018","author":"Da Silva Medeiros Nadia Patricia","year":"2018","unstructured":"Nadia Patricia Da Silva Medeiros, Naghmeh Ivaki, Pedro Costa, and Marco Vieira. 2018. An Approach for Trustworthiness Benchmarking Using Software Metrics. In 23rd IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2018, Taipei, Taiwan, December 4-7, 2018. IEEE, 84-93."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"crossref","unstructured":"Barton P. Miller Lars Fredriksen and Bryan So. 1990. An Empirical Study of the Reliability of UNIX Utilities. Commun. ACM 33 12 ( 1990 ) 32-44.","DOI":"10.1145\/96267.96279"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"crossref","unstructured":"Patrick Morrison Rahul Pandita Xusheng Xiao Ram Chillarege and Laurie Williams. 2018. Are vulnerabilities discovered and resolved like other defects? Empirical Software Engineering 23 3 ( 2018 ) 1383-1421.","DOI":"10.1007\/s10664-017-9541-1"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","unstructured":"Sara Moshtari and Ashkan Sami. 2016. Evaluating and comparing complexity coupling and a new proposed set of coupling metrics in cross-project vulnerability prediction. ( 2016 ) 1415-1421.","DOI":"10.1145\/2851613.2851777"},{"key":"e_1_3_2_1_40_1","first-page":"692","volume-title":"The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching. In 2015 IEEE Symposium on Security and Privacy, SP 2015","author":"Nappa Antonio","year":"2015","unstructured":"Antonio Nappa, Richard Johnson, Leyla Bilge, Juan Caballero, and Tudor Dumitras. 2015. The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015. 692-708."},{"key":"e_1_3_2_1_41_1","first-page":"71","volume-title":"Proceedings of the First International Software Metrics Symposium, METRICS 1993","author":"Linda","year":"1993","unstructured":"Linda M. Ott and Jefrey J. Thuss. 1993. Slice based metrics for estimating cohesion. In Proceedings of the First International Software Metrics Symposium, METRICS 1993, May 21-22, 1993, Balimore, Maryland, USA. IEEE Computer Society, 71-81."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"crossref","unstructured":"Danijel Radjenovic Marjan Hericko Richard Torkar and Ales Zivkovic. 2013. Software fault prediction metrics: A systematic literature review. Inf. Softw. Technol. 55 8 ( 2013 ) 1397-1418.","DOI":"10.1016\/j.infsof.2013.02.009"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2014.2340398"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.26"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"e_1_3_2_1_46_1","article-title":"A survey of program slicing techniques","volume":"3","author":"Tip Frank","year":"1995","unstructured":"Frank Tip. 1995. A survey of program slicing techniques. J. Prog. Lang. 3, 3 ( 1995 ). http:\/\/compscinet.dcs.kcl.ac.uk\/JP\/jp030301.abs.html","journal-title":"J. Prog. Lang."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2014.32"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1984.5010248"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950353"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2895963"},{"key":"e_1_3_2_1_51_1","first-page":"40","volume-title":"Combining Software Metrics and Text Features for Vulnerable File Prediction. In 20th International Conference on Engineering of Complex Computer Systems, ICECCS 2015","author":"Zhang Yun","year":"2015","unstructured":"Yun Zhang, David Lo, Xin Xia, Bowen Xu, Jianling Sun, and Shanping Li. 2015. Combining Software Metrics and Text Features for Vulnerable File Prediction. In 20th International Conference on Engineering of Complex Computer Systems, ICECCS 2015, Gold Coast, Australia, December 9-12, 2015. IEEE Computer Society, 40-49."}],"event":{"name":"PROMISE '20: 16th International Conference on Predictive Models and Data Analytics in Software Engineering","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"],"location":"Virtual USA","acronym":"PROMISE '20"},"container-title":["Proceedings of the 16th ACM International Conference on Predictive Models and Data Analytics in Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3416508.3417120","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3416508.3417120","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:41:30Z","timestamp":1750200090000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3416508.3417120"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,8]]},"references-count":51,"alternative-id":["10.1145\/3416508.3417120","10.1145\/3416508"],"URL":"https:\/\/doi.org\/10.1145\/3416508.3417120","relation":{},"subject":[],"published":{"date-parts":[[2020,11,8]]},"assertion":[{"value":"2020-11-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}