{"id":"https://openalex.org/W4322704102","doi":"https://doi.org/10.1109/tse.2023.3250479","title":"Empirical Validation of Automated Vulnerability Curation and Characterization","display_name":"Empirical Validation of Automated Vulnerability Curation and Characterization","publication_year":2023,"publication_date":"2023-02-28","ids":{"openalex":"https://openalex.org/W4322704102","doi":"https://doi.org/10.1109/tse.2023.3250479"},"language":"en","primary_location":{"id":"doi:10.1109/tse.2023.3250479","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2023.3250479","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5040805050","display_name":"Ahmet Okutan","orcid":"https://orcid.org/0000-0001-6664-515X"},"institutions":[{"id":"https://openalex.org/I114662689","display_name":"Leidos (United States)","ror":"https://ror.org/012cvds63","country_code":"US","type":"company","lineage":["https://openalex.org/I114662689"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Ahmet Okutan","raw_affiliation_strings":["Leidos, Reston, VA, USA"],"raw_orcid":"https://orcid.org/0000-0001-6664-515X","affiliations":[{"raw_affiliation_string":"Leidos, Reston, VA, USA","institution_ids":["https://openalex.org/I114662689"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038083931","display_name":"Peter Mell","orcid":"https://orcid.org/0000-0003-2938-897X"},"institutions":[{"id":"https://openalex.org/I1321296531","display_name":"National Institute of Standards and Technology","ror":"https://ror.org/05xpvk416","country_code":"US","type":"funder","lineage":["https://openalex.org/I1321296531","https://openalex.org/I1343035065"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Peter Mell","raw_affiliation_strings":["National Institute of Standards and Technology, Gaithersburg, MD, USA"],"raw_orcid":"https://orcid.org/0000-0003-2938-897X","affiliations":[{"raw_affiliation_string":"National Institute of Standards and Technology, Gaithersburg, MD, USA","institution_ids":["https://openalex.org/I1321296531"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088410123","display_name":"Mehdi Mirakhorli","orcid":"https://orcid.org/0000-0003-3470-6856"},"institutions":[{"id":"https://openalex.org/I155173764","display_name":"Rochester Institute of Technology","ror":"https://ror.org/00v4yb702","country_code":"US","type":"education","lineage":["https://openalex.org/I155173764"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mehdi Mirakhorli","raw_affiliation_strings":["Department of Software Engineering, Rochester Institute of Technology, Rochester, NY, USA"],"raw_orcid":"https://orcid.org/0000-0003-3470-6856","affiliations":[{"raw_affiliation_string":"Department of Software Engineering, Rochester Institute of Technology, Rochester, NY, USA","institution_ids":["https://openalex.org/I155173764"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050431745","display_name":"Igor Khokhlov","orcid":"https://orcid.org/0000-0002-8438-8959"},"institutions":[{"id":"https://openalex.org/I130186095","display_name":"Sacred Heart University","ror":"https://ror.org/0085j8z36","country_code":"US","type":"education","lineage":["https://openalex.org/I130186095"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Igor Khokhlov","raw_affiliation_strings":["Sacred Heart University, Fairfield, CT, USA"],"raw_orcid":"https://orcid.org/0000-0002-8438-8959","affiliations":[{"raw_affiliation_string":"Sacred Heart University, Fairfield, CT, USA","institution_ids":["https://openalex.org/I130186095"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043541139","display_name":"Joanna C. S. Santos","orcid":"https://orcid.org/0000-0001-8743-2516"},"institutions":[{"id":"https://openalex.org/I107639228","display_name":"University of Notre Dame","ror":"https://ror.org/00mkhxb43","country_code":"US","type":"education","lineage":["https://openalex.org/I107639228"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Joanna C. S. Santos","raw_affiliation_strings":["Department of Computer Science and Engineering, University of Notre Dame, Notre Dame, IN, USA"],"raw_orcid":"https://orcid.org/0000-0001-8743-2516","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, University of Notre Dame, Notre Dame, IN, USA","institution_ids":["https://openalex.org/I107639228"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008739638","display_name":"Danielle Gonzalez","orcid":"https://orcid.org/0000-0001-5507-7556"},"institutions":[{"id":"https://openalex.org/I155173764","display_name":"Rochester Institute of Technology","ror":"https://ror.org/00v4yb702","country_code":"US","type":"education","lineage":["https://openalex.org/I155173764"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Danielle Gonzalez","raw_affiliation_strings":["Department of Software Engineering, Rochester Institute of Technology, Rochester, NY, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Software Engineering, Rochester Institute of Technology, Rochester, NY, USA","institution_ids":["https://openalex.org/I155173764"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5069469449","display_name":"Steven Simmons","orcid":"https://orcid.org/0000-0003-3081-8500"},"institutions":[{"id":"https://openalex.org/I155173764","display_name":"Rochester Institute of Technology","ror":"https://ror.org/00v4yb702","country_code":"US","type":"education","lineage":["https://openalex.org/I155173764"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Steven Simmons","raw_affiliation_strings":["Department of Software Engineering, Rochester Institute of Technology, Rochester, NY, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Software Engineering, Rochester Institute of Technology, Rochester, NY, USA","institution_ids":["https://openalex.org/I155173764"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5040805050"],"corresponding_institution_ids":["https://openalex.org/I114662689"],"apc_list":null,"apc_paid":null,"fwci":4.9326,"has_fulltext":false,"cited_by_count":11,"citation_normalized_percentile":{"value":0.95300965,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"49","issue":"5","first_page":"3241","last_page":"3260"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9962000250816345,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.847055971622467},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.8452800512313843},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5581967234611511},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.49487894773483276},{"id":"https://openalex.org/keywords/ontology","display_name":"Ontology","score":0.49198243021965027},{"id":"https://openalex.org/keywords/nist","display_name":"NIST","score":0.4796614944934845},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.4449041485786438},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3846949636936188},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3801216781139374},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.34087398648262024},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3269606828689575},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.3231022357940674},{"id":"https://openalex.org/keywords/natural-language-processing","display_name":"Natural language processing","score":0.18079930543899536}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.847055971622467},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.8452800512313843},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5581967234611511},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.49487894773483276},{"id":"https://openalex.org/C25810664","wikidata":"https://www.wikidata.org/wiki/Q44325","display_name":"Ontology","level":2,"score":0.49198243021965027},{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.4796614944934845},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.4449041485786438},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3846949636936188},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3801216781139374},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.34087398648262024},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3269606828689575},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.3231022357940674},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.18079930543899536},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tse.2023.3250479","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2023.3250479","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G6187270464","display_name":null,"funder_award_id":"70RSAT19CB0000020","funder_id":"https://openalex.org/F4320306110","funder_display_name":"U.S. Department of Homeland Security"}],"funders":[{"id":"https://openalex.org/F4320306110","display_name":"U.S. Department of Homeland Security","ror":"https://ror.org/00jyr0d86"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":74,"referenced_works":["https://openalex.org/W48212787","https://openalex.org/W110007310","https://openalex.org/W172316423","https://openalex.org/W384698140","https://openalex.org/W1483994939","https://openalex.org/W1512098439","https://openalex.org/W1579838312","https://openalex.org/W1707806712","https://openalex.org/W1912123407","https://openalex.org/W1948712562","https://openalex.org/W1965555277","https://openalex.org/W1976339648","https://openalex.org/W1976782117","https://openalex.org/W1979820341","https://openalex.org/W1983551905","https://openalex.org/W2003275871","https://openalex.org/W2004584049","https://openalex.org/W2022913925","https://openalex.org/W2072729271","https://openalex.org/W2078283664","https://openalex.org/W2087347434","https://openalex.org/W2100583963","https://openalex.org/W2118888384","https://openalex.org/W2121627172","https://openalex.org/W2125055259","https://openalex.org/W2128180557","https://openalex.org/W2144511191","https://openalex.org/W2155055334","https://openalex.org/W2162739315","https://openalex.org/W2163049969","https://openalex.org/W2165597437","https://openalex.org/W2166139292","https://openalex.org/W2181514837","https://openalex.org/W2274324447","https://openalex.org/W2296164881","https://openalex.org/W2341612996","https://openalex.org/W2487152776","https://openalex.org/W2506526044","https://openalex.org/W2515891506","https://openalex.org/W2530418686","https://openalex.org/W2742353928","https://openalex.org/W2775899375","https://openalex.org/W2884642766","https://openalex.org/W2888989071","https://openalex.org/W2889412429","https://openalex.org/W2893079038","https://openalex.org/W2911964244","https://openalex.org/W2920420505","https://openalex.org/W2963926786","https://openalex.org/W2964738734","https://openalex.org/W2974889942","https://openalex.org/W2982413960","https://openalex.org/W2994281666","https://openalex.org/W3015751692","https://openalex.org/W3016199683","https://openalex.org/W3023529513","https://openalex.org/W3039245527","https://openalex.org/W3091588759","https://openalex.org/W3100479002","https://openalex.org/W3103647149","https://openalex.org/W6601980818","https://openalex.org/W6607023274","https://openalex.org/W6630527977","https://openalex.org/W6637554470","https://openalex.org/W6640114639","https://openalex.org/W6640966339","https://openalex.org/W6661564250","https://openalex.org/W6728764989","https://openalex.org/W6753901488","https://openalex.org/W6754182100","https://openalex.org/W6754908715","https://openalex.org/W6766458556","https://openalex.org/W6776874932","https://openalex.org/W6792840881"],"related_works":["https://openalex.org/W2393340519","https://openalex.org/W4298219515","https://openalex.org/W3118510577","https://openalex.org/W2021298062","https://openalex.org/W2185499427","https://openalex.org/W4251326955","https://openalex.org/W1883246888","https://openalex.org/W2371301679","https://openalex.org/W2527966616","https://openalex.org/W4200316191"],"abstract_inverted_index":{"Prior":[0],"research":[1],"has":[2,24],"shown":[3],"that":[4,138],"public":[5],"vulnerability":[6,33,42,49,55,68,84],"systems":[7],"such":[8],"as":[9],"US":[10],"National":[11,89],"Vulnerability":[12,96],"Database":[13],"(NVD)":[14],"rely":[15],"on":[16],"a":[17],"manual,":[18],"time-consuming,":[19],"and":[20,28,46,76,82,93,111,125,161],"error-prone":[21],"process":[22],"which":[23],"led":[25],"to":[26,40,51,59,117,144,169],"inconsistencies":[27],"delays":[29],"in":[30,44,132],"releasing":[31],"final":[32],"results.":[34],"This":[35],"work":[36,102],"provides":[37],"an":[38],"approach":[39,165],"curate":[41],"reports":[43,50],"real-time":[45,123],"map":[47],"textual":[48],"machine":[52],"readable":[53],"structured":[54],"attribute":[56],"data.":[57],"Designed":[58],"support":[60],"the":[61,70,73,83,88,162,172],"time":[62,173],"consuming":[63],"human":[64],"analysis":[65],"done":[66],"by":[67,87],"databases,":[69],"system":[71],"leverages":[72],"Common":[74],"Vulnerabilities":[75],"Exposures":[77],"(CVE)":[78],"list":[79],"of":[80,91,127,171],"vulnerabilities":[81,128,139],"attributes":[85,131],"described":[86],"Institute":[90],"Standards":[92],"Technology":[94],"(NIST)":[95],"Description":[97],"Ontology":[98],"(VDO)":[99],"framework.":[100],"Our":[101],"uses":[103],"Natural":[104],"Language":[105],"Processing":[106],"(NLP),":[107],"Machine":[108],"Learning":[109],"(ML)":[110],"novel":[112],"Information":[113],"Theoretical":[114],"(IT)":[115],"methods":[116],"provide":[118],"automated":[119,164],"techniques":[120],"for":[121,175],"near":[122],"publishing,":[124],"characterization":[126],"using":[129,149],"28":[130],"5":[133],"domains.":[134],"Experiment":[135],"results":[136],"indicate":[137],"can":[140,153],"be":[141,154],"evaluated":[142],"up":[143,168],"95":[145],"hours":[146],"earlier":[147],"than":[148],"manual":[150],"methods,":[151],"they":[152],"characterized":[155],"with":[156],"F-Measure":[157],"values":[158],"over":[159],"0.9,":[160],"proposed":[163],"could":[166],"save":[167],"47%":[170],"spent":[174],"CVE":[176],"characterization.":[177]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}