{"id":"https://openalex.org/W4402896850","doi":"https://doi.org/10.1109/sera61261.2024.10685587","title":"Characterising Contributions that Coincide with Vulnerability Mitigation in NPM Libraries","display_name":"Characterising Contributions that Coincide with Vulnerability Mitigation in NPM Libraries","publication_year":2024,"publication_date":"2024-05-30","ids":{"openalex":"https://openalex.org/W4402896850","doi":"https://doi.org/10.1109/sera61261.2024.10685587"},"language":"en","primary_location":{"id":"doi:10.1109/sera61261.2024.10685587","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/sera61261.2024.10685587","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE/ACIS 22nd International Conference on Software Engineering Research, Management and Applications (SERA)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5099230571","display_name":"Ruksit Rojpaisarnkit","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Ruksit Rojpaisarnkit","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5093836231","display_name":"Hathaichanok Damrongsiri","orcid":"https://orcid.org/0009-0008-7568-6883"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hathaichanok Damrongsiri","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077658936","display_name":"Christoph Treude","orcid":"https://orcid.org/0000-0002-6919-2149"},"institutions":[{"id":"https://openalex.org/I75917431","display_name":"Nara Institute of Science and Technology","ror":"https://ror.org/05bhada84","country_code":"JP","type":"education","lineage":["https://openalex.org/I75917431"]},{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["JP","SG"],"is_corresponding":false,"raw_author_name":"Christoph Treude","raw_affiliation_strings":["Nara Institute of Science and Technology, Japan Singapore Management University,Singapore"],"affiliations":[{"raw_affiliation_string":"Nara Institute of Science and Technology, Japan Singapore Management University,Singapore","institution_ids":["https://openalex.org/I79891267","https://openalex.org/I75917431"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090942200","display_name":"Ali Ouni","orcid":"https://orcid.org/0000-0003-4708-0362"},"institutions":[{"id":"https://openalex.org/I159129438","display_name":"Universit\u00e9 du Qu\u00e9bec \u00e0 Montr\u00e9al","ror":"https://ror.org/002rjbv21","country_code":"CA","type":"education","lineage":["https://openalex.org/I159129438","https://openalex.org/I49663120"]},{"id":"https://openalex.org/I9736820","display_name":"\u00c9cole de Technologie Sup\u00e9rieure","ror":"https://ror.org/0020snb74","country_code":"CA","type":"education","lineage":["https://openalex.org/I49663120","https://openalex.org/I9736820"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Ali Ouni","raw_affiliation_strings":["ETS Montreal, University of Quebec,Canada"],"affiliations":[{"raw_affiliation_string":"ETS Montreal, University of Quebec,Canada","institution_ids":["https://openalex.org/I9736820","https://openalex.org/I159129438"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5091820517","display_name":"Raula Gaikovina Kula","orcid":"https://orcid.org/0000-0003-2324-0608"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Raula Gaikovina Kula","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5099230571"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.25673219,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"20","issue":null,"first_page":"237","last_page":"242"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9054999947547913,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9054999947547913,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6684340238571167},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5195439457893372},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.1212523877620697}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6684340238571167},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5195439457893372},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.1212523877620697}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/sera61261.2024.10685587","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/sera61261.2024.10685587","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE/ACIS 22nd International Conference on Software Engineering Research, Management and Applications (SERA)","raw_type":"proceedings-article"},{"id":"pmh:oai:espace2.etsmtl.ca:29767","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4306402392","display_name":"Espace \u00c9TS (ETS)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1341030882","host_organization_name":"Educational Testing Service","host_organization_lineage":["https://openalex.org/I1341030882"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Compte rendu de conf\u00e9rence"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W1792587773","https://openalex.org/W1969622507","https://openalex.org/W2004758929","https://openalex.org/W2113693268","https://openalex.org/W2144827892","https://openalex.org/W2548749170","https://openalex.org/W2574490029","https://openalex.org/W2603712331","https://openalex.org/W2733373979","https://openalex.org/W2767231363","https://openalex.org/W2801591443","https://openalex.org/W2963748706","https://openalex.org/W3036270494","https://openalex.org/W3108826526","https://openalex.org/W3121596715","https://openalex.org/W3150814957","https://openalex.org/W3162867182","https://openalex.org/W3172189288","https://openalex.org/W4256420017","https://openalex.org/W6647456584","https://openalex.org/W6713166798","https://openalex.org/W6748952102"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382290278","https://openalex.org/W4395014643"],"abstract_inverted_index":{"With":[0],"the":[1,33,50,64,113],"urgent":[2],"need":[3],"to":[4,42,81,115],"secure":[5],"supply":[6],"chains":[7],"among":[8],"Open":[9],"Source":[10],"libraries,":[11],"attention":[12],"has":[13,24],"focused":[14],"on":[15],"mitigating":[16],"vulnerabilities":[17],"detected":[18],"in":[19,32],"these":[20,67,73],"libraries.":[21],"Although":[22],"awareness":[23],"improved":[25,107],"recently,":[26],"most":[27],"studies":[28],"still":[29,40],"report":[30],"delays":[31],"mitigation":[34,123],"process.":[35,124],"This":[36],"suggests":[37],"that":[38,47,103],"developers":[39,111],"have":[41,112],"deal":[43],"with":[44],"other":[45],"contributions":[46,68],"occur":[48],"during":[49],"period":[51],"of":[52,66,95],"fixing":[53],"vulnerabilities,":[54],"such":[55],"as":[56],"coinciding":[57,97],"Pull":[58],"Requests":[59],"(PRs)":[60],"and":[61,99,106,120],"Issues,":[62],"yet":[63],"impact":[65],"remains":[69],"unclear.":[70],"To":[71],"characterize":[72],"contributions,":[74],"we":[75],"conducted":[76],"a":[77,93,117],"mixed-method":[78],"empirical":[79],"study":[80],"analyze":[82],"NPM":[83],"GitHub":[84],"projects":[85],"affected":[86],"by":[87],"554":[88],"different":[89],"vulnerability":[90,122],"advisories,":[91],"mining":[92],"total":[94],"4,699":[96],"PRs":[98],"Issues.":[100],"We":[101],"believe":[102],"tool":[104],"development":[105],"workload":[108],"management":[109],"for":[110],"potential":[114],"create":[116],"more":[118],"efficient":[119],"effective":[121]},"counts_by_year":[],"updated_date":"2025-12-23T23:11:35.936235","created_date":"2025-10-10T00:00:00"}