{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T00:34:04Z","timestamp":1777336444485,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":68,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-2207008 CNS-1946273"],"award-info":[{"award-number":["CNS-2207008 CNS-1946273"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7]]},"DOI":"10.1145\/3634737.3657007","type":"proceedings-article","created":{"date-parts":[[2024,6,28]],"date-time":"2024-06-28T11:51:38Z","timestamp":1719575498000},"page":"1128-1142","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["VFCFinder: Pairing Security Advisories and Patches"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9055-4079","authenticated-orcid":false,"given":"Trevor","family":"Dunlap","sequence":"first","affiliation":[{"name":"North Carolina State University, Raleigh, North Carolina, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8856-5062","authenticated-orcid":false,"given":"Elizabeth","family":"Lin","sequence":"additional","affiliation":[{"name":"North Carolina State University, Raleigh, North Carolina, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3043-8092","authenticated-orcid":false,"given":"William","family":"Enck","sequence":"additional","affiliation":[{"name":"North Carolina State University, Raleigh, North Carolina, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7902-1821","authenticated-orcid":false,"given":"Bradley","family":"Reaves","sequence":"additional","affiliation":[{"name":"North Carolina State University, Raleigh, North Carolina, United States of America"}]}],"member":"320","published-online":{"date-parts":[[2024,7]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3125270"},{"key":"e_1_3_2_1_2_1","volume-title":"2020 IEEE Symposium on Computers and Communications (ISCC). 1--7. 10","author":"Aota Masaki","year":"2020","unstructured":"Masaki Aota, Hideaki Kanehara, Masaki Kubo, Noboru Murata, Bo Sun, and Takeshi Takahashi. 2020. Automation of Vulnerability Classification from its Description using Machine Learning. In 2020 IEEE Symposium on Computers and Communications (ISCC). 1--7. 10.1109\/ISCC50000.2020.9219568"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1073\/pnas.1903070116"},{"key":"e_1_3_2_1_4_1","volume-title":"Proceedings of the 30th International Conference on Machine Learning (Proceedings of Machine Learning Research","volume":"123","author":"Bergstra James","year":"2013","unstructured":"James Bergstra, Daniel Yamins, and David Cox. 2013. Making a Science of Model Search: Hyperparameter Optimization in Hundreds of Dimensions for Vision Architectures. In Proceedings of the 30th International Conference on Machine Learning (Proceedings of Machine Learning Research, Vol. 28), Sanjoy Dasgupta and David McAllester (Eds.). PMLR, Atlanta, Georgia, USA, 115--123. https:\/\/proceedings.mlr.press\/v28\/bergstra13.html"},{"key":"e_1_3_2_1_5_1","volume-title":"Proceedings of the 22nd International Conference on Machine Learning","author":"Burges Chris","year":"2005","unstructured":"Chris Burges, Tal Shaked, Erin Renshaw, Ari Lazier, Matt Deeds, Nicole Hamilton, and Greg Hullender. 2005. Learning to rank using gradient descent. In Proceedings of the 22nd International Conference on Machine Learning (Bonn, Germany) (ICML '05). Association for Computing Machinery, New York, NY, USA, 89--96. 10.1145\/1102351.1102363"},{"key":"e_1_3_2_1_6_1","unstructured":"Oliver Chang and Russ Cox. 2023. Open Source Vulnerability Format. https:\/\/ossf.github.io\/osv-schema\/."},{"key":"e_1_3_2_1_7_1","volume-title":"Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining","author":"Chen Tianqi","year":"2016","unstructured":"Tianqi Chen and Carlos Guestrin. 2016. XGBoost: A Scalable Tree Boosting System. In Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (San Francisco, California, USA) (KDD '16). Association for Computing Machinery, New York, NY, USA, 785--794. 10.1145\/2939672.2939785"},{"key":"e_1_3_2_1_8_1","unstructured":"CVE-Search. 2022. Finding potential software vulnerabilities from git commit messages. https:\/\/github.com\/cve-search\/git-vuln-finder"},{"key":"e_1_3_2_1_9_1","unstructured":"CVEProject. 2023. CVE cache of the official CVE List in CVE JSON 5.0 format. https:\/\/github.com\/CVEProject\/cvelistV5."},{"key":"e_1_3_2_1_10_1","volume-title":"2021 IEEE 8th International Conference on Data Science and Advanced Analytics (DSAA) (2021-10)","author":"Das Siddhartha Shankar","year":"2021","unstructured":"Siddhartha Shankar Das, Edoardo Serra, Mahantesh Halappanavar, Alex Pothen, and Ehab Al-Shaer. 2021. V2W-BERT: A Framework for Effective Hierarchical Multiclass Classification of Software Vulnerabilities. In 2021 IEEE 8th International Conference on Data Science and Advanced Analytics (DSAA) (2021-10). 1--12. 10.1109\/DSAA53316.2021.9564227"},{"key":"e_1_3_2_1_11_1","volume-title":"Towards the Detection of Inconsistencies in Public Security Vulnerability Reports. In 28th USENIX Security Symposium (USENIX Security 19)","author":"Dong Ying","year":"2019","unstructured":"Ying Dong, Wenbo Guo, Yueqi Chen, Xinyu Xing, Yuqing Zhang, and Gang Wang. 2019. Towards the Detection of Inconsistencies in Public Security Vulnerability Reports. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 869--885. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/dong"},{"key":"e_1_3_2_1_12_1","volume-title":"Finding Fixed Vulnerabilities with Off-the-Shelf Static Analysis. In 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P). 489--505","author":"Dunlap Trevor","year":"2023","unstructured":"Trevor Dunlap, Seaver Thorn, William Enck, and Bradley Reaves. 2023. Finding Fixed Vulnerabilities with Off-the-Shelf Static Analysis. In 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P). 489--505. 10.1109\/EuroSP57164.2023.00036"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.48550\/ARXIV.2002.08155"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1162\/neco.1992.4.1.1"},{"key":"e_1_3_2_1_15_1","unstructured":"GitHub. 2022. GitHub Advisory Database. https:\/\/github.com\/github\/advisory-database"},{"key":"e_1_3_2_1_16_1","unstructured":"GitHub. 2023. Best practices for writing repository security advisories - Affected Versions. https:\/\/docs.github.com\/en\/code-security\/security-advisories\/guidance-on-reporting-and-writing-information-about-vulnerabilities\/best-practices-for-writing-repository-security-advisories#affected-versions."},{"key":"e_1_3_2_1_17_1","unstructured":"GitHub. 2023. GitHub Advisory Database - Contributions. https:\/\/github.com\/github\/advisory-database#contributions."},{"key":"e_1_3_2_1_18_1","unstructured":"GitHub. 2023. GitHub Advisory Database - Who reviews the pull requests? https:\/\/github.com\/github\/advisory-database#who-reviews-the-pull-requests."},{"key":"e_1_3_2_1_19_1","unstructured":"GitHub. 2023. GitHub Docs - About releases. https:\/\/docs.github.com\/en\/repositories\/releasing-projects-on-github\/about-releases."},{"key":"e_1_3_2_1_20_1","unstructured":"Google. 2022. OSV - Open Source Vulnerabilities. https:\/\/github.com\/google\/osv.dev https:\/\/github.com\/google\/osv.dev."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3649590"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3197786"},{"key":"e_1_3_2_1_23_1","volume-title":"2018 IEEE 18th International Working Conference on Source Code Analysis and Manipulation (SCAM). 56--61","author":"Jimenez Matthieu","year":"2018","unstructured":"Matthieu Jimenez, Yves Le Traon, and Mike Papadakis. 2018. [Engineering Paper] Enabling the Continuous Analysis of Security Vulnerabilities with VulData7. In 2018 IEEE 18th International Working Conference on Source Code Analysis and Manipulation (SCAM). 56--61. 10.1109\/SCAM.2018.00014"},{"key":"e_1_3_2_1_24_1","volume-title":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS '17)","author":"Li Frank","year":"2017","unstructured":"Frank Li and Vern Paxson. 2017. A Large-Scale Empirical Study of Security Patches. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS '17). Association for Computing Machinery, Dallas, Texas, USA, 2201--2215. 10.1145\/3133956.3134072"},{"key":"e_1_3_2_1_25_1","volume-title":"Garnett (Eds.)","volume":"30","author":"Lundberg Scott M","year":"2017","unstructured":"Scott M Lundberg and Su-In Lee. 2017. A Unified Approach to Interpreting Model Predictions. In Advances in Neural Information Processing Systems, I. Guyon, U. Von Luxburg, S. Bengio, H. Wallach, R. Fergus, S. Vishwanathan, and R. Garnett (Eds.), Vol. 30. Curran Associates, Inc. https:\/\/proceedings.neurips.cc\/paper_files\/paper\/2017\/file\/8a20a8621978632d76c43dfd28b67767-Paper.pdf"},{"key":"e_1_3_2_1_26_1","volume-title":"Deng","author":"Ma Siqi","year":"2017","unstructured":"Siqi Ma, Ferdian Thung, David Lo, Cong Sun, and Robert H. Deng. 2017. VuRLE: Automatic Vulnerability Detection and Repair by Learning from Examples. In Computer Security - ESORICS 2017, Simon N. Foley, Dieter Gollmann, and Einar Snekkenes (Eds.). Springer International Publishing, Cham, 229--246."},{"key":"e_1_3_2_1_27_1","unstructured":"MITRE. 2022. CWE - CWE-1344: Weaknesses in OWASP Top Ten (2021) (4.9). https:\/\/cwe.mitre.org\/data\/definitions\/1344.html."},{"key":"e_1_3_2_1_28_1","volume-title":"Advances on Broad-Band Wireless Computing","author":"Na Sarang","unstructured":"Sarang Na, Taeeun Kim, and Hwankuk Kim. 2017. A Study on the Classification of Common Vulnerabilities and Exposures using Na\u00efve Bayes. In Advances on Broad-Band Wireless Computing, Communication and Applications, Leonard Barolli, Fatos Xhafa, and Kangbin Yim (Eds.). Springer International Publishing, Cham, 657--662."},{"key":"e_1_3_2_1_29_1","volume-title":"VFFINDER: A Graph-Based Approach for Automated Silent Vulnerability-Fix Identification. In 2023 15th International Conference on Knowledge and Systems Engineering (KSE). 1--6. 10","author":"Nguyen Son","year":"2023","unstructured":"Son Nguyen, Thanh Trong Vu, and Hieu Dinh Vo. 2023. VFFINDER: A Graph-Based Approach for Automated Silent Vulnerability-Fix Identification. In 2023 15th International Conference on Knowledge and Systems Engineering (KSE). 1--6. 10.1109\/KSE59128.2023.10299438"},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE","author":"Nguyen Truong Giang","year":"2022","unstructured":"Truong Giang Nguyen, Thanh Le-Cong, Hong Jin Kang, Xuan-Bach D. Le, and David Lo. 2022. VulCurator: a vulnerability-fixing commit detector. In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE 2022). Association for Computing Machinery, New York, NY, USA, 1726--1730. 10.1145\/3540250.3558936"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2023.3281275"},{"key":"e_1_3_2_1_32_1","volume-title":"Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security","author":"Nguyen Viet Hung","year":"2013","unstructured":"Viet Hung Nguyen and Fabio Massacci. 2013. The (un)reliability of NVD vulnerable versions data: an empirical experiment on Google Chrome vulnerabilities. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security (Hangzhou, China) (ASIA CCS '13). Association for Computing Machinery, New York, NY, USA, 493--498. 10.1145\/2484313.2484377"},{"key":"e_1_3_2_1_33_1","volume-title":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER). 51--62","author":"Nguyen-Truong Giang","year":"2022","unstructured":"Giang Nguyen-Truong, Hong Jin Kang, David Lo, Abhishek Sharma, Andrew E. Santosa, Asankhaya Sharma, and Ming Yi Ang. 2022. HERMES: Using Commit-Issue Linking to Detect Vulnerability-Fixing Commits. In 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER). 51--62. 10.1109\/SANER53432.2022.00018"},{"key":"e_1_3_2_1_34_1","unstructured":"NIS. 2023. Proposal for legislation to improve the UK's cyber resilience. https:\/\/www.gov.uk\/government\/consultations\/proposal-for-legislation-to-improve-the-uks-cyber-resilience\/proposal-for-legislation-to-improve-the-uks-cyber-resilience."},{"key":"e_1_3_2_1_35_1","unstructured":"NIST. 2022. National Vulnerability Database. https:\/\/nvd.nist.gov\/"},{"key":"e_1_3_2_1_36_1","unstructured":"NIST. 2023. CVEs and the NVD Process. https:\/\/nvd.nist.gov\/general\/cve-process."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2023.08.176"},{"key":"e_1_3_2_1_38_1","volume-title":"2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE). 957--969","author":"Pan Shengyi","year":"2023","unstructured":"Shengyi Pan, Lingfeng Bao, Xin Xia, David Lo, and Shanping Li. 2023. Finegrained Commit-level Vulnerability Type Prediction by CWE Tree Structure. In 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE). 957--969. 10.1109\/ICSE48619.2023.00088"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.3025443"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09830-x"},{"key":"e_1_3_2_1_41_1","volume-title":"2019 IEEE\/ACM 16th International Conference on Mining Software Repositories (MSR). 383--387","author":"Ponta Serena Elisa","year":"2019","unstructured":"Serena Elisa Ponta, Henrik Plate, Antonino Sabetta, Michele Bezzi, and C\u00e9dric Dangremont. 2019. A Manually-Curated Dataset of Fixes to Vulnerabilities of Open-Source Software. In 2019 IEEE\/ACM 16th International Conference on Mining Software Repositories (MSR). 383--387. 10.1109\/MSR.2019.00064"},{"key":"e_1_3_2_1_42_1","volume-title":"Sentence-bert: Sentence embeddings using siamese bert-networks. arXiv preprint arXiv:1908.10084","author":"Reimers Nils","year":"2019","unstructured":"Nils Reimers and Iryna Gurevych. 2019. Sentence-bert: Sentence embeddings using siamese bert-networks. arXiv preprint arXiv:1908.10084 (2019)."},{"key":"e_1_3_2_1_43_1","volume-title":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","author":"Reis Sofia","year":"2023","unstructured":"Sofia Reis, Rui Abreu, and Corina Pasareanu. 2023. Are security commit messages informative? Not enough!. In Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering (Oulu, Finland) (EASE '23). Association for Computing Machinery, New York, NY, USA, 196--199. 10.1145\/3593434.3593481"},{"key":"e_1_3_2_1_44_1","volume-title":"Toward Validation of Textual Information Retrieval Techniques for Software Weaknesses","author":"Ruohonen Jukka","unstructured":"Jukka Ruohonen and Ville Lepp\u00e4nen. 2018. Toward Validation of Textual Information Retrieval Techniques for Software Weaknesses. In Database and Expert Systems Applications, Mourad Elloumi, Michael Granitzer, Abdelkader Hameurlain, Christin Seifert, Benno Stein, A Min Tjoa, and Roland Wagner (Eds.). Springer International Publishing, Cham, 265--277."},{"key":"e_1_3_2_1_45_1","volume-title":"2018 IEEE International Conference on Software Maintenance and Evolution (ICSME). 579--582","author":"Sabetta Antonino","year":"2018","unstructured":"Antonino Sabetta and Michele Bezzi. 2018. A Practical Approach to the Automatic Classification of Security-Relevant Commits. In 2018 IEEE International Conference on Software Maintenance and Evolution (ICSME). 579--582. ISSN: 2576-3148. 10.1109\/ICSME.2018.00058"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-022-10168-9"},{"key":"e_1_3_2_1_47_1","volume-title":"Patchmatch: A Tool for Locating Patches of Open Source Project Vulnerabilities. In 2023 IEEE\/ACM 45th International Conference on Software Engineering: Companion Proceedings (ICSE-Companion). 175--179","author":"Shen Kedi","year":"2023","unstructured":"Kedi Shen, Yun Zhang, Lingfeng Bao, Zhiyuan Wan, Zhuorong Li, and Minghui Wu. 2023. Patchmatch: A Tool for Locating Patches of Open Source Project Vulnerabilities. In 2023 IEEE\/ACM 45th International Conference on Software Engineering: Companion Proceedings (ICSE-Companion). 175--179. 10.1109\/ICSE-Companion58688.2023.00049"},{"key":"e_1_3_2_1_48_1","unstructured":"Snyk. 2023. How are patches validated? https:\/\/support.snyk.io\/hc\/en-us\/articles\/360000925338-How-are-patches-validated-."},{"key":"e_1_3_2_1_49_1","volume-title":"Silent Vulnerable Dependency Alert Prediction with Vulnerability Key Aspect Explanation. In 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE). 970--982","author":"Sun Jiamou","year":"2023","unstructured":"Jiamou Sun, Zhenchang Xing, Qinghua Lu, Xiwei Xu, Liming Zhu, Thong Hoang, and Dehai Zhao. 2023. Silent Vulnerable Dependency Alert Prediction with Vulnerability Key Aspect Explanation. In 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE). 970--982. 10.1109\/ICSE48619.2023.00089"},{"key":"e_1_3_2_1_50_1","volume-title":"2022 IEEE International Conference on Software Maintenance and Evolution (ICSME). 329--339","author":"Sun Qing","year":"2022","unstructured":"Qing Sun, Lili Xu, Yang Xiao, Feng Li, He Su, Yiming Liu, Hongyun Huang, and Wei Huo. 2022. VERJava: Vulnerable Version Identification for Java OSS with a Two-Stage Analysis. In 2022 IEEE International Conference on Software Maintenance and Evolution (ICSME). 329--339. 10.1109\/ICSME55016.2022.00037"},{"key":"e_1_3_2_1_51_1","volume-title":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (Virtual Event, Republic of Korea) (CCS '21)","author":"Tan Xin","year":"2021","unstructured":"Xin Tan, Yuan Zhang, Chenyuan Mi, Jiajun Cao, Kun Sun, Yifan Lin, and Min Yang. 2021. Locating the Security Patches for Disclosed OSS Vulnerabilities with Vulnerability-Commit Correlation Ranking. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (Virtual Event, Republic of Korea) (CCS '21). Association for Computing Machinery, New York, NY, USA, 3282--3299. 10.1145\/3460120.3484593"},{"key":"e_1_3_2_1_52_1","volume-title":"Advances in Neural Information Processing Systems","author":"Vaswani Ashish","year":"2017","unstructured":"Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N Gomez, \u0141ukasz Kaiser, and Illia Polosukhin. 2017. Attention is All you Need. In Advances in Neural Information Processing Systems, I. Guyon, U. Von Luxburg, S. Bengio, H. Wallach, R. Fergus, S. Vishwanathan, and R. Garnett (Eds.), Vol. 30. Curran Associates, Inc. https:\/\/proceedings.neurips.cc\/paper_files\/paper\/2017\/file\/3f5ee243547dee91fbd053c1c4a845aa-Paper.pdf"},{"key":"e_1_3_2_1_53_1","volume-title":"GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics. In 2023 IEEE Symposium on Security and Privacy (SP). 2409--2426","author":"Wang Shu","year":"2023","unstructured":"Shu Wang, Xinda Wang, Kun Sun, Sushil Jajodia, Haining Wang, and Qi Li. 2023. GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics. In 2023 IEEE Symposium on Security and Privacy (SP). 2409--2426. 10.1109\/SP46215.2023.10179479"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","unstructured":"Shichao Wang Yun Zhang Liagfeng Bao Xin Xia and Minghui Wu. 2022. VC-Match: A Ranking-based Approach for Automatic Security Patches Localization for OSS Vulnerabilities. In 2022 IEEE International Conference on Software Analysis Evolution and Reengineering (SANER). 589--600. 10.1109\/SANER53432.2022.00076","DOI":"10.1109\/SANER53432.2022.00076"},{"key":"e_1_3_2_1_55_1","volume-title":"2019 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). 485--492","author":"Wang X.","year":"2019","unstructured":"X. Wang, K. Sun, A. Batcheller, and S. Jajodia. 2019. Detecting \"0-Day\" Vulnerability: An Empirical Study of Secret Security Patch in OSS. In 2019 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). 485--492. ISSN: 1530-0889. 10.1109\/DSN.2019.00056"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2020.emnlp-demos.6"},{"key":"e_1_3_2_1_57_1","volume-title":"Keep the Conversation Going: Fixing 162 out of 337 bugs for $0.42 each using ChatGPT. arXiv preprint arXiv:2304.00385","author":"Xia Chunqiu Steven","year":"2023","unstructured":"Chunqiu Steven Xia and Lingming Zhang. 2023. Keep the Conversation Going: Fixing 162 out of 337 bugs for $0.42 each using ChatGPT. arXiv preprint arXiv:2304.00385 (2023)."},{"key":"e_1_3_2_1_58_1","volume-title":"Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","author":"Xu Congying","year":"2022","unstructured":"Congying Xu, Bihuan Chen, Chenhao Lu, Kaifeng Huang, Xin Peng, and Yang Liu. 2022. Tracking patches for open source software vulnerabilities. In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (Singapore, Singapore) (ESEC\/FSE 2022). Association for Computing Machinery, New York, NY, USA, 860--871. 10.1145\/3540250.3549125"},{"key":"e_1_3_2_1_59_1","unstructured":"Shalanda Young. 2022. Enhancing the Security of the Software Supply Chain through Secure Software Development Practices. https:\/\/www.whitehouse.gov\/wp-content\/uploads\/2022\/09\/M-22-18.pdf."},{"key":"e_1_3_2_1_60_1","volume-title":"Precise and Accurate Patch Presence Test for Binaries. In 27th USENIX Security Symposium (USENIX Security 18)","author":"Zhang Hang","year":"2018","unstructured":"Hang Zhang and Zhiyun Qian. 2018. Precise and Accurate Patch Presence Test for Binaries. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 887--902. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/zhang-hang"},{"key":"e_1_3_2_1_61_1","volume-title":"CoLeFunDa: Explainable Silent Vulnerability Fix Identification. In 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE). 2565--2577","author":"Zhou Jiayuan","year":"2023","unstructured":"Jiayuan Zhou, Michael Pacheco, Jinfu Chen, Xing Hu, Xin Xia, David Lo, and Ahmed E. Hassan. 2023. CoLeFunDa: Explainable Silent Vulnerability Fix Identification. In 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE). 2565--2577. 10.1109\/ICSE48619.2023.00214"},{"key":"e_1_3_2_1_62_1","volume-title":"2021 36th IEEE\/ACM International Conference on Automated Software Engineering (ASE). 705--716","author":"Zhou Jiayuan","year":"2021","unstructured":"Jiayuan Zhou, Michael Pacheco, Zhiyuan Wan, Xin Xia, David Lo, Yuan Wang, and Ahmed E. Hassan. 2021. Finding A Needle in a Haystack: Automated Mining of Silent Vulnerability Fixes. In 2021 36th IEEE\/ACM International Conference on Automated Software Engineering (ASE). 705--716. ISSN: 2643-1572. 10.1109\/ASE51524.2021.9678720"},{"key":"e_1_3_2_1_63_1","volume-title":"2021 36th IEEE\/ACM International Conference on Automated Software Engineering (ASE). 705--716","author":"Zhou Jiayuan","year":"2021","unstructured":"Jiayuan Zhou, Michael Pacheco, Zhiyuan Wan, Xin Xia, David Lo, Yuan Wang, and Ahmed E. Hassan. 2021. Finding A Needle in a Haystack: Automated Mining of Silent Vulnerability Fixes. In 2021 36th IEEE\/ACM International Conference on Automated Software Engineering (ASE). 705--716. 10.1109\/ASE51524.2021.9678720"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.3390\/app13063938"},{"key":"e_1_3_2_1_65_1","volume-title":"CCBERT: Self-Supervised Code Change Representation Learning. In 2023 IEEE International Conference on Software Maintenance and Evolution (ICSME). 182--193","author":"Zhou Xin","year":"2023","unstructured":"Xin Zhou, Bowen Xu, DongGyun Han, Zhou Yang, Junda He, and David Lo. 2023. CCBERT: Self-Supervised Code Change Representation Learning. In 2023 IEEE International Conference on Software Maintenance and Evolution (ICSME). 182--193. 10.1109\/ICSME58846.2023.00028"},{"key":"e_1_3_2_1_66_1","volume-title":"Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (ESEC\/FSE","author":"Zhou Yaqin","year":"2017","unstructured":"Yaqin Zhou and Asankhaya Sharma. 2017. Automated identification of security issues from commit messages and bug reports. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (ESEC\/FSE 2017). Association for Computing Machinery, New York, NY, USA, 914--919. 10.1145\/3106237.3117771"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3468854"},{"key":"e_1_3_2_1_68_1","volume-title":"2023 IEEE\/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA). 345--351","author":"Zuo Fei","year":"2023","unstructured":"Fei Zuo, Xin Zhang, Yuqi Song, Junghwan Rhee, and Jicheng Fu. 2023. Commit Message Can Help: Security Patch Detection in Open Source Software via Transformer. In 2023 IEEE\/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA). 345--351. 10.1109\/SERA57763.2023.10197730"}],"event":{"name":"ASIA CCS '24: 19th ACM Asia Conference on Computer and Communications Security","location":"Singapore Singapore","acronym":"ASIA CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 19th ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3657007","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:44:07Z","timestamp":1750290247000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3657007"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7]]},"references-count":68,"alternative-id":["10.1145\/3634737.3657007","10.1145\/3634737"],"URL":"https:\/\/doi.org\/10.1145\/3634737.3657007","relation":{},"subject":[],"published":{"date-parts":[[2024,7]]},"assertion":[{"value":"2024-07-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}