{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,12]],"date-time":"2026-06-12T16:57:56Z","timestamp":1781283476065,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":49,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,15]],"date-time":"2023-11-15T00:00:00Z","timestamp":1700006400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"the Key Research and Development Science and Technology of Hainan Province","award":["GHYF2022010"],"award-info":[{"award-number":["GHYF2022010"]}]},{"name":"the National Key Research and Development Program","award":["2023QY1202"],"award-info":[{"award-number":["2023QY1202"]}]},{"DOI":"10.13039\/501100004543","name":"China Scholarship Council","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100004543","id-type":"DOI","asserted-by":"publisher"}]},{"name":"the National Natural Science Foundation of China","award":["62202462, U1836210"],"award-info":[{"award-number":["62202462, U1836210"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,15]]},"DOI":"10.1145\/3576915.3623188","type":"proceedings-article","created":{"date-parts":[[2023,11,21]],"date-time":"2023-11-21T12:35:13Z","timestamp":1700570113000},"page":"2366-2380","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["Enhancing OSS Patch Backporting with Semantics"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1832-5829","authenticated-orcid":false,"given":"Su","family":"Yang","sequence":"first","affiliation":[{"name":"National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-8009-2252","authenticated-orcid":false,"given":"Yang","family":"Xiao","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences &amp; University of Chinese Academy of Sciences, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8390-7518","authenticated-orcid":false,"given":"Zhengzi","family":"Xu","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-1060-3559","authenticated-orcid":false,"given":"Chengyi","family":"Sun","sequence":"additional","affiliation":[{"name":"National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-4441-3287","authenticated-orcid":false,"given":"Chen","family":"Ji","sequence":"additional","affiliation":[{"name":"Xidian University, Xi'an, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8306-7195","authenticated-orcid":false,"given":"Yuqing","family":"Zhang","sequence":"additional","affiliation":[{"name":"University of Chinese Academy of Sciences, Xidian University, &amp; Hainan University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2023,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2023. Common Vulnerabilities and Exposures. https:\/\/cve.mitre.org\/."},{"key":"e_1_3_2_1_2_1","volume-title":"Linux Kernel CVEs. Retrieved Match 2","year":"2023","unstructured":"2023. Linux Kernel CVEs. Retrieved Match 2, 2023 from https:\/\/www. linuxkernelcves.com\/"},{"key":"e_1_3_2_1_3_1","volume-title":"Ullman","author":"Aho Alfred V.","year":"1986","unstructured":"Alfred V. Aho, Ravi Sethi, and Jeffrey D. Ullman. 1986. Compilers: Principles, Techniques, and Tools. In Addison-Wesley series in computer science \/ World student series edition. https:\/\/api.semanticscholar.org\/CorpusID:42981739"},{"key":"e_1_3_2_1_4_1","volume-title":"USENIX Security Symposium.","author":"Alexopoulos Nikolaos","year":"2022","unstructured":"Nikolaos Alexopoulos, Manuel Brack, Jan Philipp Wagner, and Tim Grube. 2022. How Long Do Vulnerabilities Live in the Code? A Large-Scale Empirical Measurement Study on FOSS Vulnerability Lifetimes. In USENIX Security Symposium."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/390013.808479"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2022.3147265"},{"key":"e_1_3_2_1_7_1","first-page":"1943","article-title":"SequenceR: Sequence-to-Sequence Learning for End-to-End Program Repair","volume":"47","author":"Chen Zimin","year":"2018","unstructured":"Zimin Chen, Steve Kommrusch, Michele Tufano, Louis-No\u00ebl Pouchet, Denys Poshyvanyk, and Monperrus Martin. 2018. SequenceR: Sequence-to-Sequence Learning for End-to-End Program Repair. IEEE Transactions on Software Engineering, Vol. 47 (2018), 1943--1959.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484594"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2642937.2642982"},{"key":"e_1_3_2_1_11_1","volume-title":"CodeBERT: A Pre-Trained Model for Programming and Natural Languages. ArXiv","author":"Feng Zhangyin","year":"2020","unstructured":"Zhangyin Feng, Daya Guo, Duyu Tang, Nan Duan, Xiaocheng Feng, Ming Gong, Linjun Shou, Bing Qin, Ting Liu, Daxin Jiang, and Ming Zhou. 2020. CodeBERT: A Pre-Trained Model for Programming and Natural Languages. ArXiv, Vol. abs\/2002.08155 (2020)."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3549098"},{"key":"e_1_3_2_1_13_1","unstructured":"Daya Guo Shuo Ren Shuai Lu Zhangyin Feng Duyu Tang Shujie Liu Long Zhou Nan Duan Jian Yin Daxin Jiang and M. Zhou. 2020. GraphCodeBERT: Pre-training Code Representations with Data Flow. ArXiv Vol. abs\/2009.08366 (2020)."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238219"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00071"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213871"},{"key":"e_1_3_2_1_17_1","volume-title":"Impact of Code Language Models on Automated Program Repair. ArXiv","author":"Jiang Nan","year":"2023","unstructured":"Nan Jiang, Kevin Liu, Thibaud Lutellier, and Lin Tan. 2023. Impact of Code Language Models on Automated Program Repair. ArXiv, Vol. abs\/2302.05020 (2023)."},{"key":"e_1_3_2_1_18_1","unstructured":"Zheyue Jiang Yuan Zhang Jun Xu Xinqian Sun Zhuang Liu and Min Yang. [n. d.]. AEM: Facilitating Cross-Version Exploitability Assessment of Linux Kernel Vulnerabilities. ( [n. d.])."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/2486788.2486893"},{"key":"e_1_3_2_1_20_1","volume-title":"VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery. 2017 IEEE Symposium on Security and Privacy (SP)","author":"Kim Seulbae","year":"2017","unstructured":"Seulbae Kim, Seunghoon Woo, Heejo Lee, and Hakjoo Oh. 2017. VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery. 2017 IEEE Symposium on Security and Privacy (SP) (2017), 595--614."},{"key":"e_1_3_2_1_21_1","volume-title":"Coccinelle: 10 Years of Automated Evolution in the Linux Kernel. In USENIX Annual Technical Conference.","author":"Julia","unstructured":"Julia L. Lawall and Gilles Muller. 2018. Coccinelle: 10 Years of Automated Evolution in the Linux Kernel. In USENIX Annual Technical Conference."},{"key":"e_1_3_2_1_22_1","volume-title":"AVATAR: Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations. 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER)","author":"Liu Kui","year":"2018","unstructured":"Kui Liu, Anil Koyuncu, Dongsun Kim, and Tegawend\u00e9 F. Bissyand\u00e9. 2018. AVATAR: Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations. 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER) (2018), 1--12."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3293882.3330577"},{"key":"e_1_3_2_1_24_1","volume-title":"An Analysis of the Search Spaces for Generate and Validate Patch Generation Systems. 2016 IEEE\/ACM 38th International Conference on Software Engineering (ICSE)","author":"Long Fan","year":"2016","unstructured":"Fan Long and Martin C. Rinard. 2016. An Analysis of the Search Spaces for Generate and Validate Patch Generation Systems. 2016 IEEE\/ACM 38th International Conference on Software Engineering (ICSE) (2016), 702--713."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3395363.3397369"},{"key":"e_1_3_2_1_26_1","first-page":"1322","article-title":"Shellshock attack on linux systems-bash","volume":"2","author":"Mary C","year":"2015","unstructured":"C Mary. 2015. Shellshock attack on linux systems-bash. International Research Journal of Engineering and Technology, Vol. 2, 8 (2015), 1322--1325.","journal-title":"International Research Journal of Engineering and Technology"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR52588.2021.00063"},{"key":"e_1_3_2_1_28_1","unstructured":"Serguei A. Mokhov Marc-Andr\u00e9 Laverdi\u00e8re and Djamel Benredjem. 2008. Taxonomy of Linux Kernel Vulnerability Solutions. In Innovative Techniques in Instruction Technology E-learning E-assessment and Education."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1352592.1352618"},{"key":"e_1_3_2_1_30_1","unstructured":"Gordon D. Plotkin. 2008. A Note on Inductive Generalization."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115675"},{"key":"e_1_3_2_1_32_1","volume-title":"2016 IEEE\/ACM 38th International Conference on Software Engineering (ICSE)","author":"Sajnani Hitesh","year":"2015","unstructured":"Hitesh Sajnani, Vaibhav Saini, Jeffrey Svajlenko, Chanchal Kumar Roy, and Cristina V. Lopes. 2015. SourcererCC: Scaling Code Clone Detection to Big-Code. 2016 IEEE\/ACM 38th International Conference on Software Engineering (ICSE) (2015), 1157--1168."},{"key":"e_1_3_2_1_33_1","unstructured":"John Schulman Barret Zoph Jacob Hilton Christina Kim Jacob Menick Jiayi Weng Juan Felipe Ceron Uribe Liam Fedus Luke Metz Michael Pokorny Rapha Gontijo Lopes Shengjia Zhao Arun Vijayvergiya Eric Sigler Adam Perelman Chelsea Voss Mike Heaton Joel Parish Dave Cummings Rajeev Nayak Valerie Balcom David Schnurr Tomer Kaftan Chris Hallacy Nicholas Turley Noah Deutsch Vik Goel Jonathan Ward Aris Konstantinidis Wojciech Zaremba Long Ouyang Leonard Bogdonoff Joshua Gross David Medina Sarah Yoo Teddy Lee Ryan Lowe Dan Mossing Joost Huizinga Roger Jiang Carroll Wainwright Diogo Almeida Steph Lin Marvin Zhang Kai Xiao Katarina Slama Steven Bills Alex Gray Jan Leike Jakub Pachocki Phil Tillet Shantanu Jain Greg Brockman and Nick Ryder. 2022. ChatGPT: Optimizing Language Models for Dialogue. (2022). https:\/\/openai.com\/blog\/chatgpt\/"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460319.3464821"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3412376"},{"key":"e_1_3_2_1_36_1","volume-title":"Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches. In USENIX Security Symposium.","author":"Shi You-Qun","year":"2022","unstructured":"You-Qun Shi, Yuan Zhang, Tianhan Luo, Xiangyu Mao, Yinzhi Cao, Ziwen Wang, Yudi Zhao, Zongan Huang, and Min Yang. 2022. Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches. In USENIX Security Symposium."},{"key":"e_1_3_2_1_37_1","volume-title":"On Learning Meaningful Code Changes Via Neural Machine Translation. 2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE)","author":"Tufano Michele","year":"2019","unstructured":"Michele Tufano, Jevgenija Pantiuchina, Cody Watson, Gabriele Bavota, and Denys Poshyvanyk. 2019. On Learning Meaningful Code Changes Via Neural Machine Translation. 2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE) (2019), 25--36."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180179"},{"key":"e_1_3_2_1_39_1","volume-title":"Hoi","author":"Wang Yue","year":"2021","unstructured":"Yue Wang, Weishi Wang, Shafiq R. Joty, and Steven C. H. Hoi. 2021. CodeT5: Identifier-aware Unified Pre-trained Encoder-Decoder Models for Code Understanding and Generation. ArXiv, Vol. abs\/2109.00859 (2021)."},{"key":"e_1_3_2_1_40_1","volume-title":"Context-Aware Patch Generation for Better Automated Program Repair. 2018 IEEE\/ACM 40th International Conference on Software Engineering (ICSE)","author":"Wen Ming","year":"2018","unstructured":"Ming Wen, Junjie Chen, Rongxin Wu, Dan Hao, and S. C. Cheung. 2018. Context-Aware Patch Generation for Better Automated Program Repair. 2018 IEEE\/ACM 40th International Conference on Software Engineering (ICSE) (2018), 1--11."},{"key":"e_1_3_2_1_41_1","volume-title":"https:\/\/en.wikipedia.org\/wiki\/Backporting Retrieved Match 2","year":"2023","unstructured":"Wikipedia. 2023. Backporting. https:\/\/en.wikipedia.org\/wiki\/Backporting Retrieved Match 2, 2023 from"},{"key":"e_1_3_2_1_42_1","volume-title":"CENTRIS: A Precise and Scalable Approach for Identifying Modified Open-Source Software Reuse. 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE)","author":"Woo Seunghoon","year":"2021","unstructured":"Seunghoon Woo, Sung-Hwuy Park, Seulbae Kim, Heejo Lee, and Hakjoo Oh. 2021. CENTRIS: A Precise and Scalable Approach for Identifying Modified Open-Source Software Reuse. 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE) (2021), 860--872."},{"key":"e_1_3_2_1_43_1","volume-title":"Keep the Conversation Going: Fixing 162 out of 337 bugs for $0.42 each using ChatGPT. ArXiv","author":"Xia Chun","year":"2023","unstructured":"Chun Xia and Lingming Zhang. 2023. Keep the Conversation Going: Fixing 162 out of 337 bugs for $0.42 each using ChatGPT. ArXiv, Vol. abs\/2304.00385 (2023)."},{"key":"e_1_3_2_1_44_1","volume-title":"USENIX Security Symposium.","author":"Xiao Yang","year":"2020","unstructured":"Yang Xiao, Bihuan Chen, Chendong Yu, Zhengzi Xu, Zimu Yuan, Feng Li, Binghong Liu, Yang Liu, Wei Huo, Wei Zou, and Wenchang Shi. 2020. MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures. In USENIX Security Symposium."},{"key":"e_1_3_2_1_45_1","volume-title":"Automatic Hot Patch Generation for Android Kernels. In USENIX Security Symposium.","author":"Xu Zhengzi","year":"2020","unstructured":"Zhengzi Xu, Yulong Zhang, Longri Zheng, Liangzhao Xia, Chenfu Bao, Zhi Wang, and Yang Liu. 2020. Automatic Hot Patch Generation for Android Kernels. In USENIX Security Symposium."},{"key":"e_1_3_2_1_46_1","volume-title":"Modeling and Discovering Vulnerabilities with Code Property Graphs. 2014 IEEE Symposium on Security and Privacy","author":"Yamaguchi Fabian","year":"2014","unstructured":"Fabian Yamaguchi, Nico Golde, Dan Arp, and Konrad Rieck. 2014a. Modeling and Discovering Vulnerabilities with Code Property Graphs. 2014 IEEE Symposium on Security and Privacy (2014), 590--604."},{"key":"e_1_3_2_1_47_1","volume-title":"Modeling and Discovering Vulnerabilities with Code Property Graphs. 2014 IEEE Symposium on Security and Privacy","author":"Yamaguchi Fabian","year":"2014","unstructured":"Fabian Yamaguchi, Nico Golde, Dan Arp, and Konrad Rieck. 2014b. Modeling and Discovering Vulnerabilities with Code Property Graphs. 2014 IEEE Symposium on Security and Privacy (2014), 590--604."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2018.2874648"},{"key":"e_1_3_2_1_49_1","volume-title":"Compatible Remediation on Vulnerabilities from Third-Party Libraries for Java Projects. ArXiv","author":"Zhang Lyuye","year":"2023","unstructured":"Lyuye Zhang, Chengwei Liu, Zhengzi Xu, Sen Chen, Lingling Fan, Lida Zhao, Jiahui Wu, and Yang Liu. 2023. Compatible Remediation on Vulnerabilities from Third-Party Libraries for Java Projects. ArXiv, Vol. abs\/2301.08434 (2023)."}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","location":"Copenhagen Denmark","acronym":"CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3623188","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3576915.3623188","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T01:48:16Z","timestamp":1755740896000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3623188"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,15]]},"references-count":49,"alternative-id":["10.1145\/3576915.3623188","10.1145\/3576915"],"URL":"https:\/\/doi.org\/10.1145\/3576915.3623188","relation":{},"subject":[],"published":{"date-parts":[[2023,11,15]]},"assertion":[{"value":"2023-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}