{"id":"https://openalex.org/W4292258179","doi":"https://doi.org/10.1109/msec.2022.3176058","title":"Machine Learning for Source Code Vulnerability Detection: What Works and What Isn\u2019t There Yet","display_name":"Machine Learning for Source Code Vulnerability Detection: What Works and What Isn\u2019t There Yet","publication_year":2022,"publication_date":"2022-08-17","ids":{"openalex":"https://openalex.org/W4292258179","doi":"https://doi.org/10.1109/msec.2022.3176058"},"language":"en","primary_location":{"id":"doi:10.1109/msec.2022.3176058","is_oa":true,"landing_page_url":"https://doi.org/10.1109/msec.2022.3176058","pdf_url":"https://ieeexplore.ieee.org/ielx7/8013/9888995/09859261.pdf","source":{"id":"https://openalex.org/S61906035","display_name":"IEEE Security & Privacy","issn_l":"1540-7993","issn":["1540-7993","1558-4046"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Security &amp; Privacy","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://ieeexplore.ieee.org/ielx7/8013/9888995/09859261.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5030293818","display_name":"Tina Marjanov","orcid":"https://orcid.org/0000-0003-4225-9590"},"institutions":[{"id":"https://openalex.org/I865915315","display_name":"Vrije Universiteit Amsterdam","ror":"https://ror.org/008xxew50","country_code":"NL","type":"education","lineage":["https://openalex.org/I865915315"]},{"id":"https://openalex.org/I241749","display_name":"University of Cambridge","ror":"https://ror.org/013meh722","country_code":"GB","type":"education","lineage":["https://openalex.org/I241749"]}],"countries":["GB","NL"],"is_corresponding":true,"raw_author_name":"Tina Marjanov","raw_affiliation_strings":["Vrije Universiteit Amsterdam and University of Cambridge"],"affiliations":[{"raw_affiliation_string":"Vrije Universiteit Amsterdam and University of Cambridge","institution_ids":["https://openalex.org/I865915315","https://openalex.org/I241749"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080305727","display_name":"Ivan Pashchenko","orcid":"https://orcid.org/0000-0001-8202-576X"},"institutions":[{"id":"https://openalex.org/I2905213637","display_name":"TomTom (Netherlands)","ror":"https://ror.org/04as6y835","country_code":"NL","type":"company","lineage":["https://openalex.org/I2905213637"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Ivan Pashchenko","raw_affiliation_strings":["TomTom"],"affiliations":[{"raw_affiliation_string":"TomTom","institution_ids":["https://openalex.org/I2905213637"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5085639552","display_name":"Fabio Massacci","orcid":"https://orcid.org/0000-0002-1091-8486"},"institutions":[{"id":"https://openalex.org/I865915315","display_name":"Vrije Universiteit Amsterdam","ror":"https://ror.org/008xxew50","country_code":"NL","type":"education","lineage":["https://openalex.org/I865915315"]},{"id":"https://openalex.org/I193223587","display_name":"University of Trento","ror":"https://ror.org/05trd4x28","country_code":"IT","type":"education","lineage":["https://openalex.org/I193223587"]}],"countries":["IT","NL"],"is_corresponding":false,"raw_author_name":"Fabio Massacci","raw_affiliation_strings":["University of Trento and Vrije Universiteit Amsterdam"],"affiliations":[{"raw_affiliation_string":"University of Trento and Vrije Universiteit Amsterdam","institution_ids":["https://openalex.org/I865915315","https://openalex.org/I193223587"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5030293818"],"corresponding_institution_ids":["https://openalex.org/I241749","https://openalex.org/I865915315"],"apc_list":null,"apc_paid":null,"fwci":8.2816,"has_fulltext":true,"cited_by_count":27,"citation_normalized_percentile":{"value":0.97625047,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":"20","issue":"5","first_page":"60","last_page":"76"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9908999800682068,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.989799976348877,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7431898713111877},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.7010865211486816},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.6987674236297607},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.620029091835022},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5809534788131714},{"id":"https://openalex.org/keywords/open-source","display_name":"Open source","score":0.44077765941619873},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.42580530047416687},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3726619482040405},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.35666918754577637},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2661821246147156},{"id":"https://openalex.org/keywords/geography","display_name":"Geography","score":0.057652056217193604}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7431898713111877},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.7010865211486816},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.6987674236297607},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.620029091835022},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5809534788131714},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.44077765941619873},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.42580530047416687},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3726619482040405},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.35666918754577637},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2661821246147156},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.057652056217193604},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C13280743","wikidata":"https://www.wikidata.org/wiki/Q131089","display_name":"Geodesy","level":1,"score":0.0},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1109/msec.2022.3176058","is_oa":true,"landing_page_url":"https://doi.org/10.1109/msec.2022.3176058","pdf_url":"https://ieeexplore.ieee.org/ielx7/8013/9888995/09859261.pdf","source":{"id":"https://openalex.org/S61906035","display_name":"IEEE Security & Privacy","issn_l":"1540-7993","issn":["1540-7993","1558-4046"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Security &amp; Privacy","raw_type":"journal-article"},{"id":"pmh:oai:research.vu.nl:openaire/4b702371-906b-4e6c-876d-918ba7d836e4","is_oa":true,"landing_page_url":"https://research.vu.nl/en/publications/4b702371-906b-4e6c-876d-918ba7d836e4","pdf_url":null,"source":{"id":"https://openalex.org/S4306401107","display_name":"VU Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I865915315","host_organization_name":"Vrije Universiteit Amsterdam","host_organization_lineage":["https://openalex.org/I865915315"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Marjanov, T, Pashchenko, I & Massacci, F 2022, 'Machine Learning for Source Code Vulnerability Detection : What Works and What Isn't There Yet', IEEE Security and Privacy, vol. 20, no. 5, pp. 60-76. https://doi.org/10.1109/MSEC.2022.3176058","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:iris.unitn.it:11572/445490","is_oa":true,"landing_page_url":"https://hdl.handle.net/11572/445490","pdf_url":null,"source":{"id":"https://openalex.org/S4306401913","display_name":"Institutional Research Information System (Universit\u00e0 degli Studi di Trento)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I193223587","host_organization_name":"University of Trento","host_organization_lineage":["https://openalex.org/I193223587"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/article"},{"id":"pmh:oai:www.repository.cam.ac.uk:1810/352650","is_oa":true,"landing_page_url":"https://www.repository.cam.ac.uk/handle/1810/352650","pdf_url":null,"source":{"id":"https://openalex.org/S4306401777","display_name":"Apollo (University of Cambridge)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I241749","host_organization_name":"University of Cambridge","host_organization_lineage":["https://openalex.org/I241749"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"}],"best_oa_location":{"id":"doi:10.1109/msec.2022.3176058","is_oa":true,"landing_page_url":"https://doi.org/10.1109/msec.2022.3176058","pdf_url":"https://ieeexplore.ieee.org/ielx7/8013/9888995/09859261.pdf","source":{"id":"https://openalex.org/S61906035","display_name":"IEEE Security & Privacy","issn_l":"1540-7993","issn":["1540-7993","1558-4046"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Security &amp; Privacy","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4292258179.pdf","grobid_xml":"https://content.openalex.org/works/W4292258179.grobid-xml"},"referenced_works_count":54,"referenced_works":["https://openalex.org/W1992114977","https://openalex.org/W2098337300","https://openalex.org/W2127637733","https://openalex.org/W2360967250","https://openalex.org/W2474318526","https://openalex.org/W2514084604","https://openalex.org/W2736762043","https://openalex.org/W2743316948","https://openalex.org/W2765858138","https://openalex.org/W2766875678","https://openalex.org/W2795753518","https://openalex.org/W2806718802","https://openalex.org/W2885030880","https://openalex.org/W2886081451","https://openalex.org/W2901941771","https://openalex.org/W2905087861","https://openalex.org/W2905288168","https://openalex.org/W2907705732","https://openalex.org/W2914933759","https://openalex.org/W2943748428","https://openalex.org/W2946845319","https://openalex.org/W2955426500","https://openalex.org/W2962960733","https://openalex.org/W2963499994","https://openalex.org/W2963935794","https://openalex.org/W2967096374","https://openalex.org/W2970186524","https://openalex.org/W2972082064","https://openalex.org/W2976184969","https://openalex.org/W2979566992","https://openalex.org/W2996248296","https://openalex.org/W2998011150","https://openalex.org/W2998879504","https://openalex.org/W3003472398","https://openalex.org/W3009129408","https://openalex.org/W3018599005","https://openalex.org/W3027453785","https://openalex.org/W3035171481","https://openalex.org/W3088149880","https://openalex.org/W3089183726","https://openalex.org/W3089621332","https://openalex.org/W3089869718","https://openalex.org/W3101228802","https://openalex.org/W3103170042","https://openalex.org/W3104849875","https://openalex.org/W3106029585","https://openalex.org/W3127736190","https://openalex.org/W3160406113","https://openalex.org/W3161938055","https://openalex.org/W3166095789","https://openalex.org/W3173687593","https://openalex.org/W4288614128","https://openalex.org/W4365799828","https://openalex.org/W6745034332"],"related_works":["https://openalex.org/W2378211422","https://openalex.org/W2113128227","https://openalex.org/W632256878","https://openalex.org/W4211197663","https://openalex.org/W2491403535","https://openalex.org/W3081644756","https://openalex.org/W3123068371","https://openalex.org/W2479811461","https://openalex.org/W2104915799","https://openalex.org/W2355429491"],"abstract_inverted_index":{"We":[0],"review":[1],"machine":[2],"learning":[3],"approaches":[4],"for":[5],"detecting":[6],"(and":[7],"correcting)":[8],"vulnerabilities":[9],"in":[10],"source":[11],"code,":[12],"finding":[13],"that":[14,33],"the":[15,37],"biggest":[16],"challenges":[17],"ahead":[18],"involve":[19],"agreeing":[20],"to":[21],"a":[22],"benchmark,":[23],"increasing":[24],"language":[25],"and":[26,30],"error":[27],"type":[28],"coverage,":[29],"using":[31],"pipelines":[32],"do":[34],"not":[35],"flatten":[36],"code\u2019s":[38],"structure.":[39]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":11},{"year":2024,"cited_by_count":12},{"year":2023,"cited_by_count":3}],"updated_date":"2026-03-05T09:29:38.588285","created_date":"2022-08-19T00:00:00"}