{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T03:59:48Z","timestamp":1782878388020,"version":"3.54.5"},"publisher-location":"New York, NY, USA","reference-count":73,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,4,12]],"date-time":"2024-04-12T00:00:00Z","timestamp":1712880000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2021YFB2701102"],"award-info":[{"award-number":["2021YFB2701102"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"name":"National Science Foundation of China","award":["62372398"],"award-info":[{"award-number":["62372398"]}]},{"name":"National Science Foundation of China","award":["62141222"],"award-info":[{"award-number":["62141222"]}]},{"name":"National Science Foundation of China","award":["U20A20173"],"award-info":[{"award-number":["U20A20173"]}]},{"DOI":"10.13039\/501100012226","name":"Fundamental Research Funds for the Central Universities","doi-asserted-by":"publisher","award":["226-2022-00064"],"award-info":[{"award-number":["226-2022-00064"]}],"id":[{"id":"10.13039\/501100012226","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,4,12]]},"DOI":"10.1145\/3597503.3639110","type":"proceedings-article","created":{"date-parts":[[2024,4,12]],"date-time":"2024-04-12T16:43:26Z","timestamp":1712940206000},"page":"1-13","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Towards More Practical Automation of Vulnerability Assessment"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9471-9638","authenticated-orcid":false,"given":"Shengyi","family":"Pan","sequence":"first","affiliation":[{"name":"The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1846-0921","authenticated-orcid":false,"given":"Lingfeng","family":"Bao","sequence":"additional","affiliation":[{"name":"The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5181-3146","authenticated-orcid":false,"given":"Jiayuan","family":"Zhou","sequence":"additional","affiliation":[{"name":"Huawei, Toronto, Ontario, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0093-3292","authenticated-orcid":false,"given":"Xing","family":"Hu","sequence":"additional","affiliation":[{"name":"The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Ningbo, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6302-3256","authenticated-orcid":false,"given":"Xin","family":"Xia","sequence":"additional","affiliation":[{"name":"Huawei, Shenzhen, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2615-9792","authenticated-orcid":false,"given":"Shanping","family":"Li","sequence":"additional","affiliation":[{"name":"The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,4,12]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2023. ASF Project Security for Committers (apache.org). https:\/\/www.apache.org\/security\/committers.html"},{"key":"e_1_3_2_1_2_1","unstructured":"2023. bert-base-uncased \u00b7 Hugging Face. https:\/\/huggingface.co\/bert-base-uncased"},{"key":"e_1_3_2_1_3_1","unstructured":"2023. Common Vulnerability Scoring System (CVSS). https:\/\/www.first.org\/cvss\/."},{"key":"e_1_3_2_1_4_1","unstructured":"2023. CVE-2004-0113. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2004-0113."},{"key":"e_1_3_2_1_5_1","unstructured":"2023. CVE-2022-31267. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-31267."},{"key":"e_1_3_2_1_6_1","unstructured":"2023. CVSS Specification Document. https:\/\/www.first.org\/cvss\/v3.1\/specification-document."},{"key":"e_1_3_2_1_7_1","unstructured":"2023. CVSS v4.0 Public Preview Documentation & Resources. https:\/\/www.first.org\/cvss\/v4-0\/."},{"key":"e_1_3_2_1_8_1","unstructured":"2023. Exploiting Old Vulnerabilities. https:\/\/www.recordedfuture.com\/exploiting-old-vulnerabilities."},{"key":"e_1_3_2_1_9_1","unstructured":"2023. GHArchive. https:\/\/www.gharchive.org\/"},{"key":"e_1_3_2_1_10_1","unstructured":"2023. Gitblit. http:\/\/www.gitblit.com\/."},{"key":"e_1_3_2_1_11_1","unstructured":"2023. gitblit-org\/gitblit#1410. https:\/\/github.com\/gitblit-org\/gitblit\/issues\/1410."},{"key":"e_1_3_2_1_12_1","unstructured":"2023. GitHub Documents About Coordinated Disclosure of Security Vulnerabilities. https:\/\/docs.github.com\/en\/code-security\/repository-security-advisories\/about-coordinated-disclosure-of-security-vulnerabilities."},{"key":"e_1_3_2_1_13_1","unstructured":"2023. GPT vs. BERT: What Are the Differences Between the Two Most Popular Language Models? (makeuseof.com). https:\/\/www.makeuseof.com\/gpt-vs-bert\/."},{"key":"e_1_3_2_1_14_1","unstructured":"2023. How noise filters help fix vulnerability false positives? https:\/\/www.kennasecurity.com\/blog\/how-noise-filters-help-fix-vulnerability-false-positives\/."},{"key":"e_1_3_2_1_15_1","unstructured":"2023. National Vulnerability Database. https:\/\/nvd.nist.gov\/"},{"key":"e_1_3_2_1_16_1","unstructured":"2023. NVD - Retirement of CVSS v2. https:\/\/nvd.nist.gov\/general\/news\/retire-cvss-v2."},{"key":"e_1_3_2_1_17_1","unstructured":"2023. NVD - Vulnerability Metrics. https:\/\/nvd.nist.gov\/vuln-metrics\/cvss."},{"key":"e_1_3_2_1_18_1","unstructured":"2023. OSV Vulnerability Database. https:\/\/osv.dev\/."},{"key":"e_1_3_2_1_19_1","unstructured":"2023. Synk Vulnerability Database. https:\/\/security.snyk.io\/."},{"key":"e_1_3_2_1_20_1","unstructured":"2023. Using SLAs for better vulnerability management. https:\/\/phoenix.security\/using-slas-for-better-vulnerability-management-remediation-improving-developers-workflow\/."},{"key":"e_1_3_2_1_21_1","unstructured":"2023. Vuldb. https:\/\/vuldb.com\/?doc.sources"},{"key":"e_1_3_2_1_22_1","unstructured":"2023. What is CVSS score. https:\/\/debricked.com\/blog\/what-is-cvss-score\/."},{"key":"e_1_3_2_1_23_1","unstructured":"2023. What is vulnerability management prioritization? https:\/\/www.kennasecurity.com\/blog\/what-is-vulnerability-management-prioritization\/."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","unstructured":"2024. Replication Package. 10.5281\/zenodo.10510950","DOI":"10.5281\/zenodo.10510950"},{"key":"e_1_3_2_1_25_1","volume-title":"Multiple correspondence analysis. Encyclopedia of measurement and statistics 2, 4","author":"Abdi Herv\u00e9","year":"2007","unstructured":"Herv\u00e9 Abdi and Dominique Valentin. 2007. Multiple correspondence analysis. Encyclopedia of measurement and statistics 2, 4 (2007), 651--657."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382284"},{"key":"e_1_3_2_1_27_1","volume-title":"Multi-task learning with deep neural networks: A survey. arXiv preprint arXiv:2009.09796","author":"Crawshaw Michael","year":"2020","unstructured":"Michael Crawshaw. 2020. Multi-task learning with deep neural networks: A survey. arXiv preprint arXiv:2009.09796 (2020)."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER53432.2022.00050"},{"key":"e_1_3_2_1_29_1","volume-title":"Proceedings of the 17th Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (HLT-NAACL). 4171--4186","author":"Devlin Jacob","year":"2019","unstructured":"Jacob Devlin, Ming-Wei Chang, Kenton Lee, and Kristina Toutanova. 2019. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. In Proceedings of the 17th Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (HLT-NAACL). 4171--4186."},{"key":"e_1_3_2_1_30_1","volume-title":"An Empirical Study of Automation in Software Security Patch Management. In 37th IEEE\/ACM International Conference on Automated Software Engineering. 1--13","author":"Dissanayake Nesara","year":"2022","unstructured":"Nesara Dissanayake, Asangi Jayatilaka, Mansooreh Zahedi, and Muhammad Ali Babar. 2022. An Empirical Study of Automation in Software Security Patch Management. In 37th IEEE\/ACM International Conference on Automated Software Engineering. 1--13."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS47738.2020.9110460"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09868-x"},{"key":"e_1_3_2_1_33_1","volume-title":"Vulnerability management","author":"Foreman Park","unstructured":"Park Foreman. 2019. Vulnerability management. Auerbach Publications."},{"key":"e_1_3_2_1_34_1","volume-title":"AIBugHunter: A Practical Tool for Predicting, Classifying and Repairing Software Vulnerabilities. Empirical Software Engineering (EMSE)","author":"Fu Michael","year":"2023","unstructured":"Michael Fu, Chakkrit Tantithamthavorn, Trung Le, Yuki Kume, Van Nguyen, Dinh Phung, and John Grundy. 2023. AIBugHunter: A Practical Tool for Predicting, Classifying and Repairing Software Vulnerabilities. Empirical Software Engineering (EMSE) (2023)."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2021.acl-long.295"},{"key":"e_1_3_2_1_36_1","volume-title":"Comparing two K-category assignments by a K-category correlation coefficient. Computational biology and chemistry 28, 5--6","author":"Gorodkin Jan","year":"2004","unstructured":"Jan Gorodkin. 2004. Comparing two K-category assignments by a K-category correlation coefficient. Computational biology and chemistry 28, 5--6 (2004), 367--374."},{"key":"e_1_3_2_1_37_1","volume-title":"Multiple correspondence analysis and related methods","author":"Greenacre Michael","unstructured":"Michael Greenacre and Jorg Blasius. 2006. Multiple correspondence analysis and related methods. CRC press."},{"key":"e_1_3_2_1_38_1","unstructured":"Max Halford. [n.d.]. Prince. https:\/\/github.com\/MaxHalford\/prince"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2017.52"},{"key":"e_1_3_2_1_40_1","volume-title":"Open or Sneaky? Fast or Slow? Light or Heavy?: Investigating Security Releases of Open Source Packages","author":"Imtiaz Nasif","year":"2022","unstructured":"Nasif Imtiaz, Aniqa Khanom, and Laurie Williams. 2022. Open or Sneaky? Fast or Slow? Light or Heavy?: Investigating Security Releases of Open Source Packages. IEEE Transactions on Software Engineering (2022)."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3338941"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2010.5609530"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2012.70"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/QRS.2019.00041"},{"key":"e_1_3_2_1_45_1","volume-title":"A survey on data-driven software vulnerability assessment and prioritization. arXiv preprint arXiv:2107.08364","author":"Le Triet HM","year":"2021","unstructured":"Triet HM Le, Huaming Chen, and M Ali Babar. 2021. A survey on data-driven software vulnerability assessment and prioritization. arXiv preprint arXiv:2107.08364 (2021)."},{"key":"e_1_3_2_1_46_1","volume-title":"Proceedings of the 19th International Conference on Mining Software Repositories. 621--633","author":"Minh Le Triet Huynh","year":"2022","unstructured":"Triet Huynh Minh Le and M Ali Babar. 2022. On the use of fine-grained vulnerable code statements for software vulnerability assessment models. In Proceedings of the 19th International Conference on Mining Software Repositories. 621--633."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE51524.2021.9678622"},{"key":"e_1_3_2_1_48_1","volume-title":"2019 IEEE\/ACM 16th International Conference on Mining Software Repositories (MSR). IEEE, 371--382","author":"Minh Le Triet Huynh","year":"2019","unstructured":"Triet Huynh Minh Le, Bushra Sabir, and Muhammad Ali Babar. 2019. Automated software vulnerability assessment with concept drift. In 2019 IEEE\/ACM 16th International Conference on Mining Software Repositories (MSR). IEEE, 371--382."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134072"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2021.acl-long.353"},{"key":"e_1_3_2_1_51_1","first-page":"1","article-title":"Pre-train, prompt, and predict: A systematic survey of prompting methods in natural language processing","volume":"55","author":"Liu Pengfei","year":"2023","unstructured":"Pengfei Liu, Weizhe Yuan, Jinlan Fu, Zhengbao Jiang, Hiroaki Hayashi, and Graham Neubig. 2023. Pre-train, prompt, and predict: A systematic survey of prompting methods in natural language processing. Comput. Surveys 55, 9 (2023), 1--35.","journal-title":"Comput. Surveys"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2010.04.006"},{"key":"e_1_3_2_1_53_1","volume-title":"Decoupled weight decay regularization. arXiv preprint arXiv:1711.05101","author":"Loshchilov Ilya","year":"2017","unstructured":"Ilya Loshchilov and Frank Hutter. 2017. Decoupled weight decay regularization. arXiv preprint arXiv:1711.05101 (2017)."},{"key":"e_1_3_2_1_54_1","volume-title":"AAAI-98 workshop on learning for text categorization","volume":"752","author":"McCallum Andrew","year":"1998","unstructured":"Andrew McCallum, Kamal Nigam, et al. 1998. A comparison of event models for naive bayes text classification. In AAAI-98 workshop on learning for text categorization, Vol. 752. Citeseer, 41--48."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSMR.2010.18"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.3001739"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243127.3243130"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00088"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3549156"},{"key":"e_1_3_2_1_60_1","volume-title":"Bidirectional Language Models Are Also Few-shot Learners. In The Eleventh International Conference on Learning Representations.","author":"Patel Ajay","year":"2022","unstructured":"Ajay Patel, Bryan Li, Mohammad Sadegh Rasooli, Noah Constant, Colin Raffel, and Chris Callison-Burch. 2022. Bidirectional Language Models Are Also Few-shot Learners. In The Eleventh International Conference on Learning Representations."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.3115\/v1\/D14-1162"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2017.2787653"},{"key":"e_1_3_2_1_63_1","volume-title":"Jacques Klein, and Naouel Moha.","author":"Sawadogo Arthur D","year":"2021","unstructured":"Arthur D Sawadogo, Quentin Guimard, Tegawend\u00e9 F Bissyand\u00e9, Abdoul Kader Kabor\u00e9, Jacques Klein, and Naouel Moha. 2021. Early Detection of Security-Relevant Bug Reports using Machine Learning: How Far Are We? arXiv preprint arXiv:2112.10123 (2021)."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2021.eacl-main.20"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2018.09.039"},{"key":"e_1_3_2_1_66_1","volume-title":"Dropout: a simple way to prevent neural networks from overfitting. The journal of machine learning research 15, 1","author":"Srivastava Nitish","year":"2014","unstructured":"Nitish Srivastava, Geoffrey Hinton, Alex Krizhevsky, Ilya Sutskever, and Ruslan Salakhutdinov. 2014. Dropout: a simple way to prevent neural networks from overfitting. The journal of machine learning research 15, 1 (2014), 1929--1958."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.5555\/3295222.3295349"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICACI.2019.8778469"},{"key":"e_1_3_2_1_69_1","first-page":"4555","article-title":"A survey on curriculum learning","volume":"44","author":"Wang Xin","year":"2021","unstructured":"Xin Wang, Yudong Chen, and Wenwu Zhu. 2021. A survey on curriculum learning. IEEE Transactions on Pattern Analysis and Machine Intelligence 44, 9 (2021), 4555--4576.","journal-title":"IEEE Transactions on Pattern Analysis and Machine Intelligence"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3192631"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1109\/BADGERS.2015.018"},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE51524.2021.9678720"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3468854","article-title":"SPI: Automated Identification of Security Patches via Commits","volume":"31","author":"Zhou Yaqin","year":"2021","unstructured":"Yaqin Zhou, Jing Kai Siow, Chenyu Wang, Shangqing Liu, and Yang Liu. 2021. SPI: Automated Identification of Security Patches via Commits. ACM Transactions on Software Engineering and Methodology (TOSEM) 31, 1 (2021), 1--27.","journal-title":"ACM Transactions on Software Engineering and Methodology (TOSEM)"}],"event":{"name":"ICSE '24: IEEE\/ACM 46th International Conference on Software Engineering","location":"Lisbon Portugal","acronym":"ICSE '24","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS","Faculty of Engineering of University of Porto"]},"container-title":["Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3597503.3639110","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3597503.3639110","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:49:11Z","timestamp":1750286951000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3597503.3639110"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,12]]},"references-count":73,"alternative-id":["10.1145\/3597503.3639110","10.1145\/3597503"],"URL":"https:\/\/doi.org\/10.1145\/3597503.3639110","relation":{},"subject":[],"published":{"date-parts":[[2024,4,12]]},"assertion":[{"value":"2024-04-12","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}