{"id":"https://openalex.org/W4206563221","doi":"https://doi.org/10.1109/bigdata52589.2021.9671334","title":"Investigating the Changes in Software Metrics after Vulnerability is Fixed","display_name":"Investigating the Changes in Software Metrics after Vulnerability is Fixed","publication_year":2021,"publication_date":"2021-12-15","ids":{"openalex":"https://openalex.org/W4206563221","doi":"https://doi.org/10.1109/bigdata52589.2021.9671334"},"language":"en","primary_location":{"id":"doi:10.1109/bigdata52589.2021.9671334","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata52589.2021.9671334","pdf_url":null,"source":{"id":"https://openalex.org/S4363607718","display_name":"2021 IEEE International Conference on Big Data (Big Data)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE International Conference on Big Data (Big Data)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015739831","display_name":"Andy Zhou","orcid":"https://orcid.org/0000-0002-0872-9520"},"institutions":[{"id":"https://openalex.org/I125687163","display_name":"City College of New York","ror":"https://ror.org/00wmhkr98","country_code":"US","type":"education","lineage":["https://openalex.org/I125687163"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Andy Zhou","raw_affiliation_strings":["Department of Computer Engineering, CUNY City College of New York, New York, NY, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Engineering, CUNY City College of New York, New York, NY, USA","institution_ids":["https://openalex.org/I125687163"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035247633","display_name":"Kazi Zakia Sultana","orcid":"https://orcid.org/0000-0002-0609-5800"},"institutions":[{"id":"https://openalex.org/I166088655","display_name":"Montclair State University","ror":"https://ror.org/01nxc2t48","country_code":"US","type":"education","lineage":["https://openalex.org/I166088655"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kazi Zakia Sultana","raw_affiliation_strings":["Department of Computer Science, Montcalir State University, Montclair, NJ, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Montcalir State University, Montclair, NJ, USA","institution_ids":["https://openalex.org/I166088655"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5022114505","display_name":"Bharath K. Samanthula","orcid":"https://orcid.org/0009-0002-2198-8428"},"institutions":[{"id":"https://openalex.org/I166088655","display_name":"Montclair State University","ror":"https://ror.org/01nxc2t48","country_code":"US","type":"education","lineage":["https://openalex.org/I166088655"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bharath K. Samanthula","raw_affiliation_strings":["Department of Computer Science, Montcalir State University, Montclair, NJ, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Montcalir State University, Montclair, NJ, USA","institution_ids":["https://openalex.org/I166088655"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5015739831"],"corresponding_institution_ids":["https://openalex.org/I125687163"],"apc_list":null,"apc_paid":null,"fwci":0.5672,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.65095229,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"5658","last_page":"5663"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9952999949455261,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7703424692153931},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6352398991584778},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5955853462219238},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5883693099021912},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.5545465350151062},{"id":"https://openalex.org/keywords/metric","display_name":"Metric (unit)","score":0.5394952893257141},{"id":"https://openalex.org/keywords/software-metric","display_name":"Software metric","score":0.4898828864097595},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.489641010761261},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4792885184288025},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.4537447392940521},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.4471726417541504},{"id":"https://openalex.org/keywords/code-review","display_name":"Code review","score":0.42215168476104736},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.414340078830719},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.355544775724411},{"id":"https://openalex.org/keywords/software-quality","display_name":"Software quality","score":0.35043442249298096},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.34966325759887695},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.34542518854141235},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.28599125146865845},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2183091640472412},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.1914563775062561},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.14372873306274414},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.10276299715042114}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7703424692153931},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6352398991584778},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5955853462219238},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5883693099021912},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.5545465350151062},{"id":"https://openalex.org/C176217482","wikidata":"https://www.wikidata.org/wiki/Q860554","display_name":"Metric (unit)","level":2,"score":0.5394952893257141},{"id":"https://openalex.org/C82214349","wikidata":"https://www.wikidata.org/wiki/Q657339","display_name":"Software metric","level":5,"score":0.4898828864097595},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.489641010761261},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4792885184288025},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.4537447392940521},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.4471726417541504},{"id":"https://openalex.org/C150292731","wikidata":"https://www.wikidata.org/wiki/Q1342704","display_name":"Code review","level":5,"score":0.42215168476104736},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.414340078830719},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.355544775724411},{"id":"https://openalex.org/C117447612","wikidata":"https://www.wikidata.org/wiki/Q1412670","display_name":"Software quality","level":4,"score":0.35043442249298096},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.34966325759887695},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.34542518854141235},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.28599125146865845},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2183091640472412},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.1914563775062561},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.14372873306274414},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.10276299715042114},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/bigdata52589.2021.9671334","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata52589.2021.9671334","pdf_url":null,"source":{"id":"https://openalex.org/S4363607718","display_name":"2021 IEEE International Conference on Big Data (Big Data)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE International Conference on Big Data (Big Data)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W1966682079","https://openalex.org/W1979810153","https://openalex.org/W1997236144","https://openalex.org/W2004758929","https://openalex.org/W2043837581","https://openalex.org/W2055765785","https://openalex.org/W2069205948","https://openalex.org/W2137789775","https://openalex.org/W2154398797","https://openalex.org/W2508791575","https://openalex.org/W2565690877","https://openalex.org/W2607665225","https://openalex.org/W3048297080"],"related_works":["https://openalex.org/W2392503306","https://openalex.org/W2560421591","https://openalex.org/W2007984522","https://openalex.org/W2796094063","https://openalex.org/W1978034799","https://openalex.org/W4384518368","https://openalex.org/W125279808","https://openalex.org/W2123075981","https://openalex.org/W2910203822","https://openalex.org/W4239788664"],"abstract_inverted_index":{"Preventing":[0],"software":[1,47,70,101,121,151,258,262],"vulnerabilities":[2,83],"while":[3,49],"writing":[4,56],"code":[5,33,51,211],"is":[6,88,114,212],"one":[7],"of":[8,99,106,111,132,160,199,225,233],"the":[9,32,85,97,104,117,124,149,174,200,215,226],"most":[10],"effective":[11],"ways":[12],"for":[13,28],"avoiding":[14],"cyber":[15],"attacks":[16],"on":[17,64,103,140,148],"any":[18],"developed":[19],"system.":[20],"Although":[21],"developers":[22,54,255],"follow":[23],"some":[24],"standard":[25],"guiding":[26],"principles":[27],"ensuring":[29],"secure":[30,265],"code,":[31],"can":[34,52],"still":[35],"have":[36,61,156,229],"security":[37,48,191,259],"bottlenecks":[38],"and":[39,66,166,177,204,219],"be":[40],"compromised":[41],"by":[42,214],"an":[43,230],"attacker.":[44],"Therefore,":[45],"assessing":[46],"developing":[50],"help":[53,254],"in":[55,81,119,187,264],"vulnerability":[57,71,144],"free":[58],"code.":[59],"Researchers":[60],"already":[62],"focused":[63],"metrics-based":[65],"text":[67],"mining":[68],"based":[69,76,147],"prediction":[72,145],"models.":[73],"The":[74,108,130],"metrics":[75,198,228,241,263],"models":[77,146],"showed":[78],"higher":[79],"precision":[80],"predicting":[82],"although":[84],"recall":[86],"rate":[87],"low.":[89],"In":[90,153],"addition,":[91],"current":[92],"research":[93,134,139],"did":[94],"not":[95],"investigate":[96],"impact":[98],"individual":[100],"metric":[102,122],"occurrences":[105],"vulnerabilities.":[107],"main":[109],"objective":[110],"this":[112],"paper":[113],"to":[115,237,256],"track":[116],"changes":[118],"every":[120],"after":[123],"developer":[125],"fixes":[126],"a":[127,158,194],"particular":[128],"vulnerability.":[129],"results":[131],"our":[133],"will":[135,253],"potentially":[136],"motivate":[137],"further":[138],"building":[141],"more":[142],"accurate":[143],"appropriate":[150],"metrics.":[152],"particular,":[154],"we":[155],"compared":[157],"total":[159],"250":[161],"files":[162,170,184,203,207],"from":[163,173,235],"Apache":[164,167,175,181],"Tomcat":[165],"CXF.":[168],"These":[169,240],"were":[171,178,217],"extracted":[172,218],"database":[176],"chosen":[179],"because":[180],"released":[182],"these":[183],"as":[185],"vulnerable":[186,202,210,236],"their":[188],"publicly":[189],"available":[190],"advisories.":[192],"Using":[193],"static":[195],"analysis":[196],"tool,":[197],"targeted":[201],"relevant":[205],"fixed":[206,238],"(files":[208],"where":[209],"removed":[213],"developers)":[216],"compared.":[220],"We":[221],"show":[222],"that":[223],"eight":[224],"40":[227],"average":[231],"increase":[232],"2%":[234],"files.":[239],"include":[242],"CountDeclClass,":[243],"CountDeclClassMethod,":[244],"CountDeclClassVariable,":[245],"CountDeclInstanceVariable,":[246],"CountDeclMethodDefault,":[247],"CountLineCode,":[248],"MaxCyclomaticStrict,":[249],"MaxNesting.":[250],"This":[251],"study":[252],"assess":[257],"through":[260],"utilizing":[261],"coding":[266],"practices.":[267]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2022,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}