{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T18:47:08Z","timestamp":1772909228715,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":32,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,4,14]],"date-time":"2022-04-14T00:00:00Z","timestamp":1649894400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,4,14]]},"DOI":"10.1145\/3508398.3511495","type":"proceedings-article","created":{"date-parts":[[2022,4,16]],"date-time":"2022-04-16T04:13:31Z","timestamp":1650082411000},"page":"101-106","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["Building a Commit-level Dataset of Real-world Vulnerabilities"],"prefix":"10.1145","author":[{"given":"Alexis","family":"Challande","sequence":"first","affiliation":[{"name":"Quarkslab, Inria, &amp; Institut Polytechnique de Paris, Paris, France"}]},{"given":"Robin","family":"David","sequence":"additional","affiliation":[{"name":"Quarkslab, Paris, France"}]},{"given":"Gu\u00e9na\u00ebl","family":"Renault","sequence":"additional","affiliation":[{"name":"ANSSI, Inria, &amp; Institut Polytechnique de Paris, Paris, France"}]}],"member":"320","published-online":{"date-parts":[[2022,4,15]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"CVE-2015--3873. libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file.  CVE-2015--3873. libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file."},{"key":"e_1_3_2_1_2_1","unstructured":"Universal ctags. original-date: 2010-03--25T10:43:13Z.  Universal ctags. original-date: 2010-03--25T10:43:13Z."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"crossref","unstructured":"Junaid Akram and Luo Ping. How to build a vulnerability benchmark to overcome cyber security attacks. 14(1):60--71.  Junaid Akram and Luo Ping. How to build a vulnerability benchmark to overcome cyber security attacks. 14(1):60--71.","DOI":"10.1049\/iet-ifs.2018.5647"},{"key":"e_1_3_2_1_4_1","unstructured":"Bas van Schaik and Kevin Backhouse. FPs are cheap. show me the CVEs!  Bas van Schaik and Kevin Backhouse. FPs are cheap. show me the CVEs!"},{"key":"e_1_3_2_1_5_1","unstructured":"Guru Prasad Bhandari Amara Naseer and Leon Moonen. CVEfixes: Automated collection of vulnerabilities and their fixes from open-source software.  Guru Prasad Bhandari Amara Naseer and Leon Moonen. CVEfixes: Automated collection of vulnerabilities and their fixes from open-source software."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"crossref","unstructured":"Paul E. Black. A software assurance reference dataset: Thousands of programs with known bugs. 123:123005.  Paul E. Black. A software assurance reference dataset: Thousands of programs with known bugs. 123:123005.","DOI":"10.6028\/jres.123.005"},{"key":"e_1_3_2_1_7_1","unstructured":"Frederick Boland and Paul Black. The juliet 1.1 c\/c  Frederick Boland and Paul Black. The juliet 1.1 c\/c"},{"key":"e_1_3_2_1_8_1","volume-title":"Publisher: Computer","unstructured":"and java test suite. (45). Publisher: Computer ( IEEE Computer) . and java test suite. (45). Publisher: Computer (IEEE Computer)."},{"key":"e_1_3_2_1_9_1","unstructured":"Min-je Choi Sehun Jeong Hakjoo Oh and Jaegul Choo. End-to-end prediction of buffer overruns from raw source code via neural memory networks.  Min-je Choi Sehun Jeong Hakjoo Oh and Jaegul Choo. End-to-end prediction of buffer overruns from raw source code via neural memory networks."},{"key":"e_1_3_2_1_10_1","unstructured":"DARPA. Cyber grand challenge.  DARPA. Cyber grand challenge."},{"key":"e_1_3_2_1_11_1","first-page":"110","volume-title":"2016 IEEE Symposium on Security and Privacy (SP)","author":"Dolan-Gavitt Brendan","unstructured":"Brendan Dolan-Gavitt , Patrick Hulin , Engin Kirda , Tim Leek , Andrea Mambretti , Wil Robertson , Frederick Ulrich , and Ryan Whelan . LAVA : Large-scale automated vulnerability addition . In 2016 IEEE Symposium on Security and Privacy (SP) , pages 110 -- 121 . IEEE. Brendan Dolan-Gavitt, Patrick Hulin, Engin Kirda, Tim Leek, Andrea Mambretti, Wil Robertson, Frederick Ulrich, and Ryan Whelan. LAVA: Large-scale automated vulnerability addition. In 2016 IEEE Symposium on Security and Privacy (SP), pages 110--121. IEEE."},{"key":"e_1_3_2_1_12_1","volume-title":"Proceedings 2020 Network and Distributed System Security Symposium. Internet Society.","author":"Duan Yue","unstructured":"Yue Duan , Xuezixiang Li , Jinghan Wang , and Heng Yin . DeepBinDiff : Learning program-wide code representations for binary diffing . In Proceedings 2020 Network and Distributed System Security Symposium. Internet Society. Yue Duan, Xuezixiang Li, Jinghan Wang, and Heng Yin. DeepBinDiff: Learning program-wide code representations for binary diffing. In Proceedings 2020 Network and Distributed System Security Symposium. Internet Society."},{"key":"e_1_3_2_1_13_1","unstructured":"Alexandre Dulaunoy and Pieter-Jan Moreels. cve-search - a free software to collect search and analyse common vulnerabilities and exposures in software.  Alexandre Dulaunoy and Pieter-Jan Moreels. cve-search - a free software to collect search and analyse common vulnerabilities and exposures in software."},{"key":"e_1_3_2_1_14_1","unstructured":"Sadegh Farhang Mehmet Bahadir Kirdan Aron Laszka and Jens Grossklags. Hey google what exactly do your security patches tell us? a large-scale empirical study on android patched vulnerabilities.  Sadegh Farhang Mehmet Bahadir Kirdan Aron Laszka and Jens Grossklags. Hey google what exactly do your security patches tell us? a large-scale empirical study on android patched vulnerabilities."},{"key":"e_1_3_2_1_15_1","unstructured":"Google. Android security bulletins.  Google. Android security bulletins."},{"key":"e_1_3_2_1_16_1","unstructured":"Google. gitiles - git at google.  Google. gitiles - git at google."},{"key":"e_1_3_2_1_17_1","first-page":"48","volume-title":"2012 IEEE Symposium on Security and Privacy","author":"Jang Jiyong","unstructured":"Jiyong Jang , Abeer Agrawal , and David Brumley . ReDeBug : Finding unpatched code clones in entire OS distributions . In 2012 IEEE Symposium on Security and Privacy , pages 48 -- 62 . IEEE. Jiyong Jang, Abeer Agrawal, and David Brumley. ReDeBug: Finding unpatched code clones in entire OS distributions. In 2012 IEEE Symposium on Security and Privacy, pages 48--62. IEEE."},{"key":"e_1_3_2_1_18_1","first-page":"595","volume-title":"2017 IEEE Symposium on Security and Privacy (SP)","author":"Kim Seulbae","unstructured":"Seulbae Kim , Seunghoon Woo , Heejo Lee , and Hakjoo Oh. VUDDY : A scalable approach for vulnerable code clone discovery . In 2017 IEEE Symposium on Security and Privacy (SP) , pages 595 -- 614 . IEEE. Seulbae Kim, Seunghoon Woo, Heejo Lee, and Hakjoo Oh. VUDDY: A scalable approach for vulnerable code clone discovery. In 2017 IEEE Symposium on Security and Privacy (SP), pages 595--614. IEEE."},{"key":"e_1_3_2_1_19_1","first-page":"2201","volume-title":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","author":"Li Frank","unstructured":"Frank Li and Vern Paxson . A large-scale empirical study of security patches . In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security , pages 2201 -- 2215 . ACM. Frank Li and Vern Paxson. A large-scale empirical study of security patches. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pages 2201--2215. ACM."},{"key":"e_1_3_2_1_20_1","first-page":"201","volume-title":"Proceedings of the 32nd Annual Conference on Computer Security Applications","author":"Li Zhen","unstructured":"Zhen Li , Deqing Zou , Shouhuai Xu , Hai Jin , Hanchao Qi , and Jie Hu. VulPecker : an automated vulnerability detection system based on code similarity analysis . In Proceedings of the 32nd Annual Conference on Computer Security Applications , pages 201 -- 213 . ACM. Zhen Li, Deqing Zou, Shouhuai Xu, Hai Jin, Hanchao Qi, and Jie Hu. VulPecker: an automated vulnerability detection system based on code similarity analysis. In Proceedings of the 32nd Annual Conference on Computer Security Applications, pages 201--213. ACM."},{"key":"e_1_3_2_1_21_1","unstructured":"Zhen Li Deqing Zou Shouhuai Xu Xinyu Ou Hai Jin Sujuan Wang Zhijun Deng and Yuyi Zhong. VulDeePecker: A deep learning-based system for vulnerability detection.  Zhen Li Deqing Zou Shouhuai Xu Xinyu Ou Hai Jin Sujuan Wang Zhijun Deng and Yuyi Zhong. VulDeePecker: A deep learning-based system for vulnerability detection."},{"key":"e_1_3_2_1_22_1","first-page":"667","volume-title":"Proceedings of the 33rd ACM\/IEEE International Conference on Automated Software Engineering - ASE 2018","author":"Liu Bingchang","unstructured":"Bingchang Liu , Wei Huo , Chao Zhang , Wenchao Li , Feng Li , Aihua Piao , and Wei Zou . ?diff : cross-version binary code similarity detection with DNN . In Proceedings of the 33rd ACM\/IEEE International Conference on Automated Software Engineering - ASE 2018 , pages 667 -- 678 . ACM Press. Bingchang Liu, Wei Huo, Chao Zhang, Wenchao Li, Feng Li, Aihua Piao, and Wei Zou. ?diff: cross-version binary code similarity detection with DNN. In Proceedings of the 33rd ACM\/IEEE International Conference on Automated Software Engineering - ASE 2018, pages 667--678. ACM Press."},{"key":"e_1_3_2_1_23_1","first-page":"548","volume-title":"2017 IEEE 3rd Information Technology and Mechatronics Engineering Conference (ITOEC)","author":"Liu Zhen","unstructured":"Zhen Liu , Qiang Wei , and Yan Cao . VFDETECT : A vulnerable code clone detection system based on vulnerability fingerprint . In 2017 IEEE 3rd Information Technology and Mechatronics Engineering Conference (ITOEC) , pages 548 -- 553 . IEEE. Zhen Liu, Qiang Wei, and Yan Cao. VFDETECT: A vulnerable code clone detection system based on vulnerability fingerprint. In 2017 IEEE 3rd Information Technology and Mechatronics Engineering Conference (ITOEC), pages 548--553. IEEE."},{"key":"e_1_3_2_1_24_1","unstructured":"MITRE Corporation. MITRE.  MITRE Corporation. MITRE."},{"key":"e_1_3_2_1_25_1","first-page":"692","volume-title":"2015 IEEE Symposium on Security and Privacy","author":"Nappa Antonio","unstructured":"Antonio Nappa , Richard Johnson , Leyla Bilge , Juan Caballero , and Tudor Dumitras . The attack of the clones: A study of the impact of shared code on vulnerability patching . In 2015 IEEE Symposium on Security and Privacy , pages 692 -- 708 . IEEE. Antonio Nappa, Richard Johnson, Leyla Bilge, Juan Caballero, and Tudor Dumitras. The attack of the clones: A study of the impact of shared code on vulnerability patching. In 2015 IEEE Symposium on Security and Privacy, pages 692--708. IEEE."},{"key":"e_1_3_2_1_26_1","first-page":"426","volume-title":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15","author":"Perl Henning","unstructured":"Henning Perl , Sergej Dechand , Matthew Smith , Daniel Arp , Fabian Yamaguchi , Konrad Rieck , Sascha Fahl , and Yasemin Acar . VCCFinder : Finding potential vulnerabilities in open-source projects to assist code audits . In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15 , pages 426 -- 437 . ACM Press. Henning Perl, Sergej Dechand, Matthew Smith, Daniel Arp, Fabian Yamaguchi, Konrad Rieck, Sascha Fahl, and Yasemin Acar. VCCFinder: Finding potential vulnerabilities in open-source projects to assist code audits. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15, pages 426--437. ACM Press."},{"key":"e_1_3_2_1_27_1","first-page":"383","volume-title":"2019 IEEE\/ACM 16th International Conference on Mining Software Repositories (MSR)","author":"Ponta Serena Elisa","unstructured":"Serena Elisa Ponta , Henrik Plate , Antonino Sabetta , Michele Bezzi , and Cedric Dangremont . A manually-curated dataset of fixes to vulnerabilities of open-source software . In 2019 IEEE\/ACM 16th International Conference on Mining Software Repositories (MSR) , pages 383 -- 387 . IEEE. Serena Elisa Ponta, Henrik Plate, Antonino Sabetta, Michele Bezzi, and Cedric Dangremont. A manually-curated dataset of fixes to vulnerabilities of open-source software. In 2019 IEEE\/ACM 16th International Conference on Mining Software Repositories (MSR), pages 383--387. IEEE."},{"key":"e_1_3_2_1_28_1","first-page":"485 1530","volume-title":"2019 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN)","author":"Wang Xinda","unstructured":"Xinda Wang , Kun Sun , Archer Batcheller , and Sushil Jajodia . Detecting \"0-day\" vulnerability : An empirical study of secret security patch in OSS . In 2019 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN) , pages 485 -- 492 . ISSN: 1530 - 0889 . Xinda Wang, Kun Sun, Archer Batcheller, and Sushil Jajodia. Detecting \"0-day\" vulnerability: An empirical study of secret security patch in OSS. In 2019 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pages 485--492. ISSN: 1530-0889."},{"key":"e_1_3_2_1_29_1","first-page":"363","volume-title":"Neural network-based graph embedding for cross-platform binary code similarity detection","author":"Xu Xiaojun","unstructured":"Xiaojun Xu , Chang Liu , Qian Feng , Heng Yin , Le Song , and Dawn Song . Neural network-based graph embedding for cross-platform binary code similarity detection . pages 363 -- 376 . Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, and Dawn Song. Neural network-based graph embedding for cross-platform binary code similarity detection. pages 363--376."},{"key":"e_1_3_2_1_30_1","first-page":"376","volume-title":"Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis","author":"Xu Yifei","unstructured":"Yifei Xu , Zhengzi Xu , Bihuan Chen , Fu Song , Yang Liu , and Ting Liu . BinXRay : Patch based vulnerability matching for binary programs . In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis , pages 376 -- 387 . ACM. Yifei Xu, Zhengzi Xu, Bihuan Chen, Fu Song, Yang Liu, and Ting Liu. BinXRay: Patch based vulnerability matching for binary programs. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 376--387. ACM."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Yinxing Xue Zhengzi Xu Mahinthan Chandramohan and Yang Liu. Accurate and scalable cross-architecture cross-OS binary code search with emulation. 45(11):1125--1149.  Yinxing Xue Zhengzi Xu Mahinthan Chandramohan and Yang Liu. Accurate and scalable cross-architecture cross-OS binary code search with emulation. 45(11):1125--1149.","DOI":"10.1109\/TSE.2018.2827379"},{"key":"e_1_3_2_1_32_1","first-page":"887","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Zhang Hang","unstructured":"Hang Zhang and Zhiyun Qian . Precise and accurate patch presence test for binaries . In 27th USENIX Security Symposium (USENIX Security 18) , pages 887 -- 902 . USENIX Association. Hang Zhang and Zhiyun Qian. Precise and accurate patch presence test for binaries. In 27th USENIX Security Symposium (USENIX Security 18), pages 887--902. USENIX Association."}],"event":{"name":"CODASPY '22: Twelveth ACM Conference on Data and Application Security and Privacy","location":"Baltimore MD USA","acronym":"CODASPY '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3508398.3511495","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3508398.3511495","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:49:37Z","timestamp":1750182577000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3508398.3511495"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,4,14]]},"references-count":32,"alternative-id":["10.1145\/3508398.3511495","10.1145\/3508398"],"URL":"https:\/\/doi.org\/10.1145\/3508398.3511495","relation":{},"subject":[],"published":{"date-parts":[[2022,4,14]]},"assertion":[{"value":"2022-04-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}