{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T06:03:04Z","timestamp":1773295384705,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":81,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,13]],"date-time":"2022-11-13T00:00:00Z","timestamp":1668297600000},"content-version":"vor","delay-in-days":366,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U1836210,U1836213,U1736208,61972099,62172105,62102093"],"award-info":[{"award-number":["U1836210,U1836213,U1736208,61972099,62172105,62102093"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100007219","name":"Natural Science Foundation of Shanghai","doi-asserted-by":"publisher","award":["19ZR1404800"],"award-info":[{"award-number":["19ZR1404800"]}],"id":[{"id":"10.13039\/100007219","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100013105","name":"Shanghai Rising-Star Program","doi-asserted-by":"publisher","award":["21QA1400700"],"award-info":[{"award-number":["21QA1400700"]}],"id":[{"id":"10.13039\/501100013105","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006751","name":"U.S. Army","doi-asserted-by":"publisher","award":["W56KGU-20-C-0008"],"award-info":[{"award-number":["W56KGU-20-C-0008"]}],"id":[{"id":"10.13039\/100006751","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484593","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:27Z","timestamp":1636805127000},"page":"3282-3299","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":41,"title":["Locating the Security Patches for Disclosed OSS Vulnerabilities with Vulnerability-Commit Correlation Ranking"],"prefix":"10.1145","author":[{"given":"Xin","family":"Tan","sequence":"first","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"given":"Yuan","family":"Zhang","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"given":"Chenyuan","family":"Mi","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"given":"Jiajun","family":"Cao","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"given":"Kun","family":"Sun","sequence":"additional","affiliation":[{"name":"George Mason University, Fairfax, VA, USA"}]},{"given":"Yifan","family":"Lin","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"given":"Min","family":"Yang","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2019. What are the most secure programming languages? https:\/\/www.whitesourcesoftware.com\/most-secure-programming-languages\/."},{"key":"e_1_3_2_1_2_1","unstructured":"2020. Open source vulnerability management report. https:\/\/www.whitesourcesoftware.com\/open-source-vulnerability-management-report\/."},{"key":"e_1_3_2_1_3_1","unstructured":"2021. FFmpeg. https:\/\/git.ffmpeg.org\/ffmpeg."},{"key":"e_1_3_2_1_4_1","unstructured":"2021. GitPython. https:\/\/github.com\/gitpython-developers\/GitPython."},{"key":"e_1_3_2_1_5_1","unstructured":"2021. Jenkins. https:\/\/github.com\/jenkinsci\/jenkins."},{"key":"e_1_3_2_1_6_1","unstructured":"2021. Linux Kernel. https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/stable\/linux.git."},{"key":"e_1_3_2_1_7_1","unstructured":"2021. QEMU. https:\/\/git.qemu.org\/git\/qemu.git."},{"key":"e_1_3_2_1_8_1","unstructured":"2021. Security Focus. https:\/\/www.securityfocus.com\/."},{"key":"e_1_3_2_1_9_1","unstructured":"2021. Security Tracker. https:\/\/securitytracker.com\/."},{"key":"e_1_3_2_1_10_1","unstructured":"2021. Vulnerable code database Project. https:\/\/github.com\/google\/vulncode-db."},{"key":"e_1_3_2_1_11_1","unstructured":"2021. Wireshark. https:\/\/gitlab.com\/wireshark\/wireshark."},{"key":"e_1_3_2_1_12_1","volume-title":"Proceedings of the 16th International Conference on Mining Software Repositories (MSR).","author":"Shayan","unstructured":"Shayan A. Akbar and Avinash C. Kak. 2019. SCOR: Source Code Retrieval with Semantics and Order. In Proceedings of the 16th International Conference on Mining Software Repositories (MSR)."},{"key":"e_1_3_2_1_13_1","volume-title":"OPUS: Online Patches and Updates for Security. In Proceedings of the 14th USENIX Security Symposium (USENIX Security).","author":"Altekar Gautam","unstructured":"Gautam Altekar, Ilya Bagrak, Paul Burstein, and Andrew Schultz. [n.d.]. OPUS: Online Patches and Updates for Security. In Proceedings of the 14th USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_1_14_1","volume-title":"Proceedings of the 28th International Conference on Software Engineering (ICSE).","author":"Anvik John","unstructured":"John Anvik, Lyndon Hiew, and Gail C. Murphy. 2006. Who Should Fix This Bug?. In Proceedings of the 28th International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_15_1","volume-title":"Proceedings of the 4th ACM European Conference on Computer Systems (EuroSys).","author":"Arnold Jeff","unstructured":"Jeff Arnold and M. Frans Kaashoek. 2009. Ksplice: Automatic Rebootless Kernel Updates. In Proceedings of the 4th ACM European Conference on Computer Systems (EuroSys)."},{"key":"e_1_3_2_1_16_1","volume-title":"Proceedings of the 24th ACM SIGSAC Conference on Computer and Communications Security (CCS).","author":"B\u00f6hme Marcel","unstructured":"Marcel B\u00f6hme, Van-Thuan Pham, Manh-Dung Nguyen, and Abhik Roychoudhury. [n.d.]. Directed Greybox Fuzzing. In Proceedings of the 24th ACM SIGSAC Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the 19th International Conference on Computational Statistics (COMPSTAT).","author":"Bottou L\u00e9on","unstructured":"L\u00e9on Bottou. [n.d.]. Large-scale Machine Learning with Stochastic Gradient Descent. In Proceedings of the 19th International Conference on Computational Statistics (COMPSTAT)."},{"key":"e_1_3_2_1_18_1","unstructured":"Leo Breiman. [n.d.]. Bagging predictors. Machine learning ([n. d.])."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102351.1102363"},{"key":"e_1_3_2_1_20_1","volume-title":"From RankNet to LambdaRank to LambdaMart: An Overview. Learning","author":"Burges Christopher JC","year":"2010","unstructured":"Christopher JC Burges. 2010. From RankNet to LambdaRank to LambdaMart: An Overview. Learning (2010)."},{"key":"e_1_3_2_1_21_1","volume-title":"Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI).","author":"Cadar Cristian","year":"2008","unstructured":"Cristian Cadar, Daniel Dunbar, and Dawson Engler. 2008. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI)."},{"key":"e_1_3_2_1_22_1","volume-title":"Rank Challenge Overview. In Proceedings of the Learning to Rank Challenge.","author":"Chapelle Olivier","unstructured":"Olivier Chapelle and Yi Chang. [n.d.]. Yahoo! Learning to Rank Challenge Overview. In Proceedings of the Learning to Rank Challenge."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243849"},{"key":"e_1_3_2_1_24_1","volume-title":"Proceedings of the 26th USENIX Security Symposium (USENIX Security).","author":"Chen Yue","year":"2017","unstructured":"Yue Chen, Yulong Zhang, Zhi Wang, Liangzhao Xia, Chenfu Bao, and Tao Wei. 2017. Adaptive Android Kernel Live Patching. In Proceedings of the 26th USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_1_25_1","unstructured":"MITRE Corporation. 2021. Common Vulnerabilities and Exposures. https:\/\/cve.mitre.org\/."},{"key":"e_1_3_2_1_26_1","volume-title":"Proceedings of the 2016 International Joint Conference on Neural Networks (IJCNN).","author":"Cruz Ricardo","unstructured":"Ricardo Cruz, Kelwin Fernandes, Jaime S Cardoso, and Joaquim F Pinto Costa. [n.d.]. Tackling Class Imbalance with Ranking. In Proceedings of the 2016 International Joint Conference on Neural Networks (IJCNN)."},{"key":"e_1_3_2_1_27_1","volume-title":"BScout: Direct Whole Patch Presence Test for Java Executables. In Proceedings of the 29th USENIX Security Symposium (USENIX Security).","author":"Dai Jiarun","unstructured":"Jiarun Dai, Yuan Zhang, Zheyue Jiang, Yingtian Zhou, Junyan Chen, Xinyu Xing, Xiaohan Zhang, Xin Tan, Min Yang, and Zhemin Yang. [n.d.]. BScout: Direct Whole Patch Presence Test for Java Executables. In Proceedings of the 29th USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484594"},{"key":"e_1_3_2_1_29_1","volume-title":"Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing: System Demonstrations (EMNLP).","author":"Dernoncourt Franck","unstructured":"Franck Dernoncourt, Ji Young Lee, and Peter Szolovits. [n.d.]. NeuroNER: an Easy-to-use Program for Named-entity Recognition based on Neural Networks. In Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing: System Demonstrations (EMNLP)."},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of the 28th USENIX Security Symposium (USENIX Security).","author":"Dong Ying","year":"2019","unstructured":"Ying Dong, Wenbo Guo, Yueqi Chen, Xinyu Xing, Yuqing Zhang, and Gang Wang. 2019. Towards the Detection of Inconsistencies in Public Security Vulnerability Reports. In Proceedings of the 28th USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_1_31_1","volume-title":"Proceedings of the 29th ACM\/IEEE international conference on Automated software engineering (ASE).","author":"Falleri Jean-R\u00e9my","unstructured":"Jean-R\u00e9my Falleri, Flor\u00e9al Morandat, Xavier Blanc, Matias Martinez, and Martin Monperrus. [n.d.]. Fine-grained and Accurate Source Code Differencing. In Proceedings of the 29th ACM\/IEEE international conference on Automated software engineering (ASE)."},{"key":"e_1_3_2_1_32_1","volume-title":"Proceedings of the 16th IEEE Annual Consumer Communications & Networking Conference (CCNC).","author":"Feng Qian","unstructured":"Qian Feng, Rundong Zhou, Yanhui Zhao, Jia Ma, Yifei Wang, Na Yu, Xudong Jin, Jian Wang, Ahmed Azab, and Peng Ning. [n.d.]. Learning Binary Representationfor Automatic Patch Detection. In Proceedings of the 16th IEEE Annual Consumer Communications & Networking Conference (CCNC)."},{"key":"e_1_3_2_1_33_1","unstructured":"Nir Friedman Dan Geiger and Moises Goldszmidt. [n.d.]. Bayesian Network Classifiers. Machine learning ([n. d.])."},{"key":"e_1_3_2_1_34_1","unstructured":"Guo Haixiang Li Yijing Jennifer Shang Gu Mingyun Huang Yuanyue and Gong Bing. [n.d.]. Learning from Class-imbalanced Data: Review of Methods and Applications. Expert Systems with Applications ([n. d.])."},{"key":"e_1_3_2_1_35_1","volume-title":"Proceedings of the 17th International Conference on Program Comprehension (ICPC).","author":"Hindle Abram","unstructured":"Abram Hindle, Daniel M. German, Michael W. Godfrey, and Richard C. Holt. 2009. Automatic Classification of Large Changes into Maintenance categories. In Proceedings of the 17th International Conference on Program Comprehension (ICPC)."},{"key":"e_1_3_2_1_36_1","volume-title":"Proceedings of the 3rd International Conference on Document Analysis and Recognition (ICDAR).","author":"Tin Kam Ho.","unstructured":"Tin Kam Ho. [n.d.]. Random Decision Forests. In Proceedings of the 3rd International Conference on Document Analysis and Recognition (ICDAR)."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.5555\/3060832.3060845"},{"key":"e_1_3_2_1_38_1","volume-title":"ReDeBug: Finding Unpatched Code Clones in Entire OS Distributions. In Proceedings of the 33rd IEEE Symposium on Security and Privacy (S&P).","author":"Jang Jiyong","unstructured":"Jiyong Jang, Abeer Agrawal, and David Brumley. [n.d.]. ReDeBug: Finding Unpatched Code Clones in Entire OS Distributions. In Proceedings of the 33rd IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417240"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254075"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3077136.3080838"},{"key":"e_1_3_2_1_42_1","volume-title":"Where should we fix this bug? a two-phase recommendation model","author":"Kim Dongsun","unstructured":"Dongsun Kim, Yida Tao, Sunghun Kim, and Andreas Zeller. [n.d.]. Where should we fix this bug? a two-phase recommendation model. IEEE transactions on software Engineering 39, 11 ([n. d.])."},{"key":"e_1_3_2_1_43_1","volume-title":"VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery. In Proceedings of the 38th IEEE Symposium on Security and Privacy (S&P).","author":"Kim Seulbae","unstructured":"Seulbae Kim, Seunghoon Woo, Heejo Lee, and Hakjoo Oh. [n.d.]. VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery. In Proceedings of the 38th IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_1_44_1","volume-title":"Proceedings of the 25th International Conference on Program Comprehension (ICPC).","author":"Lam An Ngoc","unstructured":"An Ngoc Lam, Anh Tuan Nguyen, Hoan Anh Nguyen, and Tien N. Nguyen. 2017. Bug Localization with Combination of Deep Learning and Information Retrieval. In Proceedings of the 25th International Conference on Program Comprehension (ICPC)."},{"key":"e_1_3_2_1_45_1","volume-title":"Proceedings of the 24th ACM SIGSAC Conference on Computer and Communications Security (CCS).","author":"Li Frank","unstructured":"Frank Li and Vern Paxson. [n.d.]. A Large-scale Empirical Study of Security Patches. In Proceedings of the 24th ACM SIGSAC Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_46_1","volume-title":"Deep learning with customized abstract syntax tree for bug localization","author":"Liang Hongliang","unstructured":"Hongliang Liang, Lu Sun, Meilin Wang, and Yuxing Yang. [n.d.]. Deep learning with customized abstract syntax tree for bug localization. IEEE Access 7 ([n. d.])."},{"key":"e_1_3_2_1_47_1","volume-title":"Vfdetect: A Vulnerable Code Clone Detection System Based on Vulnerability Fingerprint. In Proceedings of the 3rd Information Technology and Mechatronics Engineering Conference (ITOEC).","author":"Liu Zhen","unstructured":"Zhen Liu, Qiang Wei, and Yan Cao. [n.d.]. Vfdetect: A Vulnerable Code Clone Detection System Based on Vulnerability Fingerprint. In Proceedings of the 3rd Information Technology and Mechatronics Engineering Conference (ITOEC)."},{"key":"e_1_3_2_1_48_1","volume-title":"NLTK: the Natural Language Toolkit. In Proceedings of the ACL-02 Workshop on Effective tools and methodologies for teaching natural language processing and computational linguistics-Volume 1.","author":"Loper Edward","unstructured":"Edward Loper and Steven Bird. [n.d.]. NLTK: the Natural Language Toolkit. In Proceedings of the ACL-02 Workshop on Effective tools and methodologies for teaching natural language processing and computational linguistics-Volume 1."},{"key":"e_1_3_2_1_49_1","unstructured":"Victoria L\u00f3pez Alberto Fern\u00e1ndez Salvador Garc\u00eda Vasile Palade and Francisco Herrera. [n.d.]. An Insight into Classification with Imbalanced Data: Empirical Results and Current Trends on Using Data Intrinsic Characteristics. Information sciences ([n. d.])."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00038"},{"key":"e_1_3_2_1_51_1","volume-title":"Proceedings of the 27th USENIX Security Symposium (USENIX Security).","author":"Mu Dongliang","year":"2018","unstructured":"Dongliang Mu, Alejandro Cuevas, Limin Yang, Hang Hu, Xinyu Xing, Bing Mao, and Gang Wang. 2018. Understanding the Reproducibility of Crowd-reported Security Vulnerabilities. In Proceedings of the 27th USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_1_52_1","volume-title":"Patchdroid: Scalable Third-party Security Patches for Android Devices. In Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC).","author":"Mulliner Collin","unstructured":"Collin Mulliner, Jon Oberheide, William Robertson, and Engin Kirda. [n.d.]. Patchdroid: Scalable Third-party Security Patches for Android Devices. In Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC)."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315311"},{"key":"e_1_3_2_1_54_1","first-page":"2016","volume":"201","author":"U.S. National Institute of Standards and","unstructured":"U.S. National Institute of Standards and Technology. 2016. NVD - CVE-2016--4417. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016--4417.","journal-title":"Technology."},{"key":"e_1_3_2_1_55_1","unstructured":"U.S. National Institute of Standards and Technology. 2021. National Vulnerability Database. https:\/\/nvd.nist.gov\/home.cfm."},{"key":"e_1_3_2_1_56_1","volume-title":"Proceedings of the 32nd Advances in Neural Information Processing Systems (NIPS).","author":"Paszke Adam","unstructured":"Adam Paszke, Sam Gross, Francisco Massa, Adam Lerer, James Bradbury, Gregory Chanan, Trevor Killeen, Zeming Lin, Natalia Gimelshein, Luca Antiga, Alban Desmaison, Andreas Kopf, Edward Yang, Zachary DeVito, Martin Raison, Alykhan Tejani, Sasank Chilamkurthy, Benoit Steiner, Lu Fang, Junjie Bai, and Soumith Chintala. [n.d.]. In Proceedings of the 32nd Advances in Neural Information Processing Systems (NIPS)."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813604"},{"key":"e_1_3_2_1_58_1","volume-title":"Advances in Kernel Methods","author":"Platt John C","unstructured":"John C Platt. [n.d.]. Advances in Kernel Methods. Chapter Fast Training of Support Vector Machines using Sequential Minimal Optimization. MIT Press, Cambridge, MA, USA ([n. d.])."},{"key":"e_1_3_2_1_59_1","volume-title":"Proceedings of the 29th USENIX Security Symposium (USENIX Security).","author":"Poeplau Sebastian","unstructured":"Sebastian Poeplau and Aur\u00e9lien Francillon. [n.d.]. Symbolic Execution with SymCC: Don't Interpret, Compile!. In Proceedings of the 29th USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_1_60_1","volume-title":"Proceedings of the 12th USENIX Security Symposium (USENIX Security).","author":"Rescorla Eric","unstructured":"Eric Rescorla. [n.d.]. Security holes... Who cares?. In Proceedings of the 12th USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_1_61_1","volume-title":"Proceedings of the 28th IEEE\/ACM International Conference on Automated Software Engineering (ASE).","author":"Saha Ripon K.","unstructured":"Ripon K. Saha, Matthew Lease, Sarfraz Khurshid, and Dewayne E. Perry. 2013. Improving Bug Localization Using Structured Information Retrieval. In Proceedings of the 28th IEEE\/ACM International Conference on Automated Software Engineering (ASE)."},{"key":"e_1_3_2_1_62_1","volume-title":"Proceedings of the 2017 International Conference on Passive and Active Network Measurement (PAM).","author":"Sarabi Armin","unstructured":"Armin Sarabi, Ziyun Zhu, Chaowei Xiao, Mingyan Liu, and Tudor Dumitra?. [n.d.]. Patch Me If You Can: A Study on the Effects of Individual User Behavior on the End-Host Vulnerability State. In Proceedings of the 2017 International Conference on Passive and Active Network Measurement (PAM)."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/2556195.2556234"},{"key":"e_1_3_2_1_64_1","volume-title":"Proceedings of the 13th Working Conference on Mining Software Repositories (MSR).","author":"Soto Mauricio","unstructured":"Mauricio Soto, Ferdian Thung, Chu-Pan Wong, Claire Le Goues, and David Lo.2016. A Deeper Look into Bug Fixes: Patterns, Replacements, Deletions, and Additions. In Proceedings of the 13th Working Conference on Mining Software Repositories (MSR)."},{"key":"e_1_3_2_1_65_1","volume-title":"SVF: Interprocedural Static Value-Flow Analysis in LLVM. In Proceedings of the 25th International Conference on Compiler Construction (CC).","author":"Sui Yulei","unstructured":"Yulei Sui and Jingling Xue. [n.d.]. SVF: Interprocedural Static Value-Flow Analysis in LLVM. In Proceedings of the 25th International Conference on Compiler Construction (CC)."},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.5555\/2337223.2337269"},{"key":"e_1_3_2_1_67_1","unstructured":"Princeton University. 2010. WordNet. https:\/\/wordnet.princeton.edu\/."},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/2597008.2597148"},{"key":"e_1_3_2_1_69_1","volume-title":"Vulnerability: An Empirical Study of Secret Security Patch in OSS. In Proceedings of the 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN).","author":"Wang Xinda","unstructured":"Xinda Wang, Kun Sun, Archer Batcheller, and Sushil Jajodia. [n.d.]. Detecting \"0-Day\" Vulnerability: An Empirical Study of Secret Security Patch in OSS. In Proceedings of the 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN)."},{"key":"e_1_3_2_1_70_1","volume-title":"PatchDB: A Large-Scale Security Patch Dataset. In 2021 51st Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN).","author":"Wang Xinda","year":"2021","unstructured":"Xinda Wang, Shu Wang, Pengbin Feng, Kun Sun, and Sushil Jajodia. 2021. PatchDB: A Large-Scale Security Patch Dataset. In 2021 51st Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN)."},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/2970276.2970359"},{"key":"e_1_3_2_1_72_1","unstructured":"Wireshark. 2016. Patch of CVE-2016--4417. https:\/\/gitlab.com\/wireshark\/wireshark\/-\/commit\/c31425f9ae15067e26ccc6183c206c34713cb256."},{"key":"e_1_3_2_1_73_1","volume-title":"Proceedings of the 29th USENIX Security Symposium (USENIX Security).","author":"Xiao Yang","year":"2020","unstructured":"Yang Xiao, Bihuan Chen, Chendong Yu, Zhengzi Xu, Zimu Yuan, Feng Li, Binghong Liu, Yang Liu, Wei Huo, Wei Zou, and Wenchang Shi. 2020. MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures. In Proceedings of the 29th USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/3395363.3397361"},{"key":"e_1_3_2_1_75_1","volume-title":"Proceedings of the 39th International Conference on Software Engineering (ICSE).","author":"Xu Zhengzi","unstructured":"Zhengzi Xu, Bihuan Chen, Mahinthan Chandramohan, Yang Liu, and Fu Song. [n.d.]. SPAIN: security patch analysis for binaries towards understanding the pain and pills. In Proceedings of the 39th International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635874"},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1145\/2025113.2025121"},{"key":"e_1_3_2_1_78_1","volume-title":"Asia-Pacific Software Engineering Conference (APSEC).","author":"Youm Klaus Changsun","unstructured":"Klaus Changsun Youm, June Ahn, Jeongho Kim, and Eunseok Lee. [n.d.]. Bug localization based on code change histories and bug reports. In Asia-Pacific Software Engineering Conference (APSEC)."},{"key":"e_1_3_2_1_79_1","volume-title":"Proceedings of the 27th USENIX Security Symposium (USENIX Security). USA.","author":"Zhang Hang","year":"2018","unstructured":"Hang Zhang and Zhiyun Qian. 2018. Precise and Accurate Patch Presence Test for Binaries. In Proceedings of the 27th USENIX Security Symposium (USENIX Security). USA."},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.101"},{"key":"e_1_3_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2012.6227210"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484593","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484593","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484593","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:45:42Z","timestamp":1763498742000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484593"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":81,"alternative-id":["10.1145\/3460120.3484593","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484593","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}