{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,26]],"date-time":"2026-04-26T04:41:24Z","timestamp":1777178484454,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":40,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,6,13]],"date-time":"2022-06-13T00:00:00Z","timestamp":1655078400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001691","name":"Japan Society for the Promotion of Science","doi-asserted-by":"publisher","award":["20K19774, 20H05706"],"award-info":[{"award-number":["20K19774, 20H05706"]}],"id":[{"id":"10.13039\/501100001691","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,6,13]]},"DOI":"10.1145\/3530019.3535304","type":"proceedings-article","created":{"date-parts":[[2022,6,12]],"date-time":"2022-06-12T01:54:00Z","timestamp":1654998840000},"page":"288-293","source":"Crossref","is-referenced-by-count":6,"title":["On the Use of Refactoring in Security Vulnerability Fixes: An Exploratory Study on Maven Libraries"],"prefix":"10.1145","author":[{"given":"Ayano","family":"Ikegami","sequence":"first","affiliation":[{"name":"Nara Institute of Science and Technology (NAIST), Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Raula Gaikovina","family":"Kula","sequence":"additional","affiliation":[{"name":"Nara Institute of Science and Technology (NAIST), Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bodin","family":"Chinthanet","sequence":"additional","affiliation":[{"name":"Nara Institute of Science and Technology (NAIST), Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vittunyuta","family":"Maeprasart","sequence":"additional","affiliation":[{"name":"Nara Institute of Science and Technology (NAIST), Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ali","family":"Ouni","sequence":"additional","affiliation":[{"name":"ETS Montreal, University of Quebec, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Takashi","family":"Ishio","sequence":"additional","affiliation":[{"name":"Nara Institute of Science and Technology (NAIST), Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kenichi","family":"Matsumoto","sequence":"additional","affiliation":[{"name":"Nara Institute of Science and Technology (NAIST), Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2022,6,13]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2020. The State of the Octoverse | The State of the Octoverse explores a year of change with new deep dives into developer productivity security and how we build communities on GitHub.https:\/\/octoverse.github.com\/#securing-software. (Accessed on 13\/10\/2021).  2020. The State of the Octoverse | The State of the Octoverse explores a year of change with new deep dives into developer productivity security and how we build communities on GitHub.https:\/\/octoverse.github.com\/#securing-software. (Accessed on 13\/10\/2021)."},{"key":"e_1_3_2_1_2_1","unstructured":"2021. CVE security vulnerability database. Security vulnerabilities exploits references and more. https:\/\/www.cvedetails.com\/. (Accessed on 02\/24\/2021).  2021. CVE security vulnerability database. Security vulnerabilities exploits references and more. https:\/\/www.cvedetails.com\/. (Accessed on 02\/24\/2021)."},{"key":"e_1_3_2_1_3_1","unstructured":"2021. CWE - CWE-352: Cross-Site Request Forgery (CSRF) (4.5). https:\/\/cwe.mitre.org\/data\/definitions\/352.html. (Accessed on 15\/10\/2021).  2021. CWE - CWE-352: Cross-Site Request Forgery (CSRF) (4.5). https:\/\/cwe.mitre.org\/data\/definitions\/352.html. (Accessed on 15\/10\/2021)."},{"key":"e_1_3_2_1_4_1","unstructured":"2021. CWE - CWE-611: Improper Restriction of XML External Entity Reference (4.5). https:\/\/cwe.mitre.org\/data\/definitions\/611.html. (Accessed on 15\/10\/2021).  2021. CWE - CWE-611: Improper Restriction of XML External Entity Reference (4.5). https:\/\/cwe.mitre.org\/data\/definitions\/611.html. (Accessed on 15\/10\/2021)."},{"key":"e_1_3_2_1_5_1","unstructured":"2021. CWE - CWE-94: Improper Control of Generation of Code (\u2019Code Injection\u2019) (4.5). https:\/\/cwe.mitre.org\/data\/definitions\/94.html. (Accessed on 15\/10\/2021).  2021. CWE - CWE-94: Improper Control of Generation of Code (\u2019Code Injection\u2019) (4.5). https:\/\/cwe.mitre.org\/data\/definitions\/94.html. (Accessed on 15\/10\/2021)."},{"key":"e_1_3_2_1_6_1","unstructured":"2021. [FIX SECURITY-276] Don\u2019t allow open redirect using scheme-rel. URL \u00b7 jenkinsci\/jenkins@2ed0c04. https:\/\/github.com\/jenkinsci\/jenkins\/commit\/2ed0c046dfbb2003a17df27c53777e72c6eaff25. (Accessed on 13\/10\/2021).  2021. [FIX SECURITY-276] Don\u2019t allow open redirect using scheme-rel. URL \u00b7 jenkinsci\/jenkins@2ed0c04. https:\/\/github.com\/jenkinsci\/jenkins\/commit\/2ed0c046dfbb2003a17df27c53777e72c6eaff25. (Accessed on 13\/10\/2021)."},{"key":"e_1_3_2_1_7_1","unstructured":"2021. GitHub Advisory Database. https:\/\/github.com\/advisories\/. (Accessed on 24\/02\/2021).  2021. GitHub Advisory Database. https:\/\/github.com\/advisories\/. (Accessed on 24\/02\/2021)."},{"key":"e_1_3_2_1_8_1","unstructured":"2021. jenkinsci\/jenkins: Jenkins automation server. https:\/\/github.com\/jenkinsci\/jenkins. (Accessed on 13\/10\/2021).  2021. jenkinsci\/jenkins: Jenkins automation server. https:\/\/github.com\/jenkinsci\/jenkins. (Accessed on 13\/10\/2021)."},{"key":"e_1_3_2_1_9_1","unstructured":"2021. Maven Central Repository Search. https:\/\/search.maven.org\/. (Accessed on 10\/16\/2021).  2021. Maven Central Repository Search. https:\/\/search.maven.org\/. (Accessed on 10\/16\/2021)."},{"key":"e_1_3_2_1_10_1","unstructured":"2021. NVD - CVE-2016-3726. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-3726. (Accessed on 13\/10\/2021).  2021. NVD - CVE-2016-3726. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-3726. (Accessed on 13\/10\/2021)."},{"key":"e_1_3_2_1_11_1","unstructured":"2021. NVD - National Vulnerability Database. https:\/\/nvd.nist.gov\/. (Accessed on 10\/10\/2021).  2021. NVD - National Vulnerability Database. https:\/\/nvd.nist.gov\/. (Accessed on 10\/10\/2021)."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3387940.3392193"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.3005995"},{"key":"e_1_3_2_1_14_1","volume-title":"Empirical Analysis of Security Vulnerabilities in Python Packages. In International Conference on Software Analysis, Evolution and Reengineering (SANER).","author":"Alfadel Mahmoud","year":"2021","unstructured":"Mahmoud Alfadel , Diego Costa , and Emad Shihab . 2021 . Empirical Analysis of Security Vulnerabilities in Python Packages. In International Conference on Software Analysis, Evolution and Reengineering (SANER). Mahmoud Alfadel, Diego Costa, and Emad Shihab. 2021. Empirical Analysis of Security Vulnerabilities in Python Packages. In International Conference on Software Analysis, Evolution and Reengineering (SANER)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM.2012.20"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"crossref","unstructured":"Bodin Chinthanet Raula\u00a0Gaikovina Kula Shane McIntosh Takashi Ishio Akinori Ihara and Kenichi Matsumoto. 2021. Lags in the Release Adoption and Propagation of npm Vulnerability Fixes. Empirical Software Engineering (ESME)(2021).  Bodin Chinthanet Raula\u00a0Gaikovina Kula Shane McIntosh Takashi Ishio Akinori Ihara and Kenichi Matsumoto. 2021. Lags in the Release Adoption and Propagation of npm Vulnerability Fixes. Empirical Software Engineering (ESME)(2021).","DOI":"10.1007\/s10664-021-09951-x"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Fl\u00e1via Coelho Nikolaos Tsantalis Tiago Massoni and Everton Alves. 2021. An Empirical Study on Refactoring-Inducing Pull Requests. 1\u201312. https:\/\/doi.org\/10.1145\/3475716.3475785  Fl\u00e1via Coelho Nikolaos Tsantalis Tiago Massoni and Everton Alves. 2021. An Empirical Study on Refactoring-Inducing Pull Requests. 1\u201312. https:\/\/doi.org\/10.1145\/3475716.3475785","DOI":"10.1145\/3475716.3475785"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2018.00050"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409695"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409695"},{"key":"e_1_3_2_1_21_1","volume-title":"LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment Through Program Metrics. In International Conference on Software Engineering (ICSE).","author":"Du Xiaoning","year":"2019","unstructured":"Xiaoning Du , Bihuan Chen , Yuekang Li , Jianmin Guo , Yaqin Zhou , Yang Liu , and Yu Jiang . 2019 . LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment Through Program Metrics. In International Conference on Software Engineering (ICSE). Xiaoning Du, Bihuan Chen, Yuekang Li, Jianmin Guo, Yaqin Zhou, Yang Liu, and Yu Jiang. 2019. LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment Through Program Metrics. In International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_1_22_1","volume-title":"The Measure of Association in a 2 \u00d7 2 Table. Journal of the Royal Statistical Society1","author":"Edwards W.","year":"1963","unstructured":"A.\u00a0 W. Edwards . 1963. The Measure of Association in a 2 \u00d7 2 Table. Journal of the Royal Statistical Society1 ( 1963 ). A.\u00a0W. Edwards. 1963. The Measure of Association in a 2 \u00d7 2 Table. Journal of the Royal Statistical Society1 (1963)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3379597.3387501"},{"key":"e_1_3_2_1_24_1","volume-title":"Refactoring: Improving the Design of Existing Code","author":"Fowler Martin","year":"1999","unstructured":"Martin Fowler . 1999 . Refactoring: Improving the Design of Existing Code . Addison-Wesley . Martin Fowler. 1999. Refactoring: Improving the Design of Existing Code. Addison-Wesley."},{"key":"e_1_3_2_1_25_1","unstructured":"GitHub. 2020. Keep all your packages up to date with Dependabot - The GitHub Blog. https:\/\/github.blog\/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot\/. (Accessed on 10\/09\/2020).  GitHub. 2020. Keep all your packages up to date with Dependabot - The GitHub Blog. https:\/\/github.blog\/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot\/. (Accessed on 10\/09\/2020)."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2021.106699"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2019.00029"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.55"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2017.09.007"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134072"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SATE.2016.11"},{"key":"e_1_3_2_1_32_1","volume-title":"SECURE REFACTORING - Improving the Security Level of Existing Code. In International Conference on Software and Data Technologies (ICSOFT). 222\u2013229","author":"Maruyama Katsuhisa","year":"2007","unstructured":"Katsuhisa Maruyama . 2007 . SECURE REFACTORING - Improving the Security Level of Existing Code. In International Conference on Software and Data Technologies (ICSOFT). 222\u2013229 . Katsuhisa Maruyama. 2007. SECURE REFACTORING - Improving the Security Level of Existing Code. In International Conference on Software and Data Technologies (ICSOFT). 222\u2013229."},{"key":"e_1_3_2_1_33_1","unstructured":"Mitre Corporation. 2018. CVE - Common Vulnerabilities and Exposures (CVE). https:\/\/cve.mitre.org\/. (Accessed on 20\/04\/2020).  Mitre Corporation. 2018. CVE - Common Vulnerabilities and Exposures (CVE). https:\/\/cve.mitre.org\/. (Accessed on 20\/04\/2020)."},{"key":"e_1_3_2_1_34_1","unstructured":"Mitre Corporation. 2018. CWE - Common Weakness Enumeration. https:\/\/cwe.mitre.org\/. (Accessed on 20\/04\/2020).  Mitre Corporation. 2018. CWE - Common Weakness Enumeration. https:\/\/cwe.mitre.org\/. (Accessed on 20\/04\/2020)."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2017.11.010"},{"key":"e_1_3_2_1_36_1","volume-title":"VCCFinder. In ACM SIGSAC Conference on Computer and Communications Security (CCS).","author":"Perl Henning","year":"2015","unstructured":"Henning Perl , Sergej Dechand , Matthew Smith , Daniel Arp , Fabian Yamaguchi , Konrad Rieck , Sascha Fahl , and Yasemin Acar . 2015 . VCCFinder. In ACM SIGSAC Conference on Computer and Communications Security (CCS). Henning Perl, Sergej Dechand, Matthew Smith, Daniel Arp, Fabian Yamaguchi, Konrad Rieck, Sascha Fahl, and Yasemin Acar. 2015. VCCFinder. In ACM SIGSAC Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_37_1","unstructured":"Snyk. 2015. Vulnerability DB. https:\/\/snyk.io\/vuln. (Accessed on 04\/20\/2020).  Snyk. 2015. Vulnerability DB. https:\/\/snyk.io\/vuln. (Accessed on 04\/20\/2020)."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"crossref","unstructured":"Nikolaos Tsantalis Ameya Ketkar and Danny Dig. 2020. RefactoringMiner 2.0. IEEE Transactions on Software Engineering(2020) 21\u00a0pages. https:\/\/doi.org\/10.1109\/TSE.2020.3007722  Nikolaos Tsantalis Ameya Ketkar and Danny Dig. 2020. RefactoringMiner 2.0. IEEE Transactions on Software Engineering(2020) 21\u00a0pages. https:\/\/doi.org\/10.1109\/TSE.2020.3007722","DOI":"10.1109\/TSE.2020.3007722"},{"key":"e_1_3_2_1_39_1","volume-title":"Accurate and Efficient Refactoring Detection in Commit History. In International Conference on Software Engineering (ICSE). 483\u2013494","author":"Tsantalis Nikolaos","year":"2018","unstructured":"Nikolaos Tsantalis , Matin Mansouri , Laleh\u00a0 M. Eshkevari , Davood Mazinanian , and Danny Dig . 2018 . Accurate and Efficient Refactoring Detection in Commit History. In International Conference on Software Engineering (ICSE). 483\u2013494 . Nikolaos Tsantalis, Matin Mansouri, Laleh\u00a0M. Eshkevari, Davood Mazinanian, and Danny Dig. 2018. Accurate and Efficient Refactoring Detection in Commit History. In International Conference on Software Engineering (ICSE). 483\u2013494."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-90421-4_6"}],"event":{"name":"EASE 2022: The International Conference on Evaluation and Assessment in Software Engineering 2022","location":"Gothenburg Sweden","acronym":"EASE 2022"},"container-title":["The International Conference on Evaluation and Assessment in Software Engineering 2022"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3530019.3535304","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3530019.3535304","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:59Z","timestamp":1750188659000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3530019.3535304"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,6,13]]},"references-count":40,"alternative-id":["10.1145\/3530019.3535304","10.1145\/3530019"],"URL":"https:\/\/doi.org\/10.1145\/3530019.3535304","relation":{},"subject":[],"published":{"date-parts":[[2022,6,13]]}}}