{"id":"https://openalex.org/W4385532476","doi":"https://doi.org/10.1109/sera57763.2023.10197730","title":"Commit Message Can Help: Security Patch Detection in Open Source Software via Transformer","display_name":"Commit Message Can Help: Security Patch Detection in Open Source Software via Transformer","publication_year":2023,"publication_date":"2023-05-23","ids":{"openalex":"https://openalex.org/W4385532476","doi":"https://doi.org/10.1109/sera57763.2023.10197730"},"language":"en","primary_location":{"id":"doi:10.1109/sera57763.2023.10197730","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sera57763.2023.10197730","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5049921697","display_name":"Fei Zuo","orcid":"https://orcid.org/0000-0001-8902-1753"},"institutions":[{"id":"https://openalex.org/I139325414","display_name":"University of Central Oklahoma","ror":"https://ror.org/02n455404","country_code":"US","type":"education","lineage":["https://openalex.org/I139325414"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Fei Zuo","raw_affiliation_strings":["University of Central Oklahoma,Edmond,Oklahoma,USA,73034"],"affiliations":[{"raw_affiliation_string":"University of Central Oklahoma,Edmond,Oklahoma,USA,73034","institution_ids":["https://openalex.org/I139325414"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100327327","display_name":"Xin Zhang","orcid":"https://orcid.org/0000-0001-5647-2777"},"institutions":[{"id":"https://openalex.org/I155781252","display_name":"University of South Carolina","ror":"https://ror.org/02b6qw903","country_code":"US","type":"education","lineage":["https://openalex.org/I155781252"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xin Zhang","raw_affiliation_strings":["University of South Carolina,Columbia,South Carolina,USA,29208"],"affiliations":[{"raw_affiliation_string":"University of South Carolina,Columbia,South Carolina,USA,29208","institution_ids":["https://openalex.org/I155781252"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039446470","display_name":"Yuqi Song","orcid":"https://orcid.org/0009-0000-8148-9212"},"institutions":[{"id":"https://openalex.org/I155781252","display_name":"University of South Carolina","ror":"https://ror.org/02b6qw903","country_code":"US","type":"education","lineage":["https://openalex.org/I155781252"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yuqi Song","raw_affiliation_strings":["University of South Carolina,Columbia,South Carolina,USA,29208"],"affiliations":[{"raw_affiliation_string":"University of South Carolina,Columbia,South Carolina,USA,29208","institution_ids":["https://openalex.org/I155781252"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054561146","display_name":"Junghwan Rhee","orcid":"https://orcid.org/0000-0002-4043-9371"},"institutions":[{"id":"https://openalex.org/I139325414","display_name":"University of Central Oklahoma","ror":"https://ror.org/02n455404","country_code":"US","type":"education","lineage":["https://openalex.org/I139325414"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Junghwan Rhee","raw_affiliation_strings":["University of Central Oklahoma,Edmond,Oklahoma,USA,73034"],"affiliations":[{"raw_affiliation_string":"University of Central Oklahoma,Edmond,Oklahoma,USA,73034","institution_ids":["https://openalex.org/I139325414"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5023306268","display_name":"Jicheng Fu","orcid":"https://orcid.org/0000-0003-0601-7914"},"institutions":[{"id":"https://openalex.org/I139325414","display_name":"University of Central Oklahoma","ror":"https://ror.org/02n455404","country_code":"US","type":"education","lineage":["https://openalex.org/I139325414"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jicheng Fu","raw_affiliation_strings":["University of Central Oklahoma,Edmond,Oklahoma,USA,73034"],"affiliations":[{"raw_affiliation_string":"University of Central Oklahoma,Edmond,Oklahoma,USA,73034","institution_ids":["https://openalex.org/I139325414"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5049921697"],"corresponding_institution_ids":["https://openalex.org/I139325414"],"apc_list":null,"apc_paid":null,"fwci":2.7902,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.91965,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"345","last_page":"351"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/commit","display_name":"Commit","score":0.9525732398033142},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7950642108917236},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.6829843521118164},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5855411887168884},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.581586480140686},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.568926215171814},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.4877234399318695},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.42781034111976624},{"id":"https://openalex.org/keywords/software-maintenance","display_name":"Software maintenance","score":0.4208926856517792},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.41692763566970825},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.3351810574531555},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.33436018228530884},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.245759516954422},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.18611440062522888},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.1776007115840912},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.1052219569683075}],"concepts":[{"id":"https://openalex.org/C153180980","wikidata":"https://www.wikidata.org/wiki/Q19776675","display_name":"Commit","level":2,"score":0.9525732398033142},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7950642108917236},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.6829843521118164},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5855411887168884},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.581586480140686},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.568926215171814},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.4877234399318695},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.42781034111976624},{"id":"https://openalex.org/C101317890","wikidata":"https://www.wikidata.org/wiki/Q940053","display_name":"Software maintenance","level":4,"score":0.4208926856517792},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.41692763566970825},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.3351810574531555},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.33436018228530884},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.245759516954422},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.18611440062522888},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.1776007115840912},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.1052219569683075},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sera57763.2023.10197730","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sera57763.2023.10197730","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5400000214576721,"display_name":"Quality Education","id":"https://metadata.un.org/sdg/4"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":33,"referenced_works":["https://openalex.org/W168564468","https://openalex.org/W639708223","https://openalex.org/W1521626219","https://openalex.org/W1522301498","https://openalex.org/W1614298861","https://openalex.org/W2044340178","https://openalex.org/W2069268700","https://openalex.org/W2154183829","https://openalex.org/W2194775991","https://openalex.org/W2740329368","https://openalex.org/W2806746626","https://openalex.org/W2886694146","https://openalex.org/W2962698568","https://openalex.org/W2963408280","https://openalex.org/W2963723316","https://openalex.org/W2969343988","https://openalex.org/W2987314840","https://openalex.org/W3142656464","https://openalex.org/W3167558987","https://openalex.org/W3202579690","https://openalex.org/W4200580785","https://openalex.org/W4210493608","https://openalex.org/W4225484397","https://openalex.org/W4283750846","https://openalex.org/W4287889995","https://openalex.org/W4294170691","https://openalex.org/W4385245566","https://openalex.org/W6620707391","https://openalex.org/W6631190155","https://openalex.org/W6636510571","https://openalex.org/W6682691769","https://openalex.org/W6739901393","https://openalex.org/W6795764579"],"related_works":["https://openalex.org/W2100022726","https://openalex.org/W1978034799","https://openalex.org/W2003584227","https://openalex.org/W4385532476","https://openalex.org/W2167539342","https://openalex.org/W2126366602","https://openalex.org/W2352736757","https://openalex.org/W4384518368","https://openalex.org/W3135867972","https://openalex.org/W2964681997"],"abstract_inverted_index":{"As":[0],"open":[1],"source":[2],"software":[3,36,178],"is":[4],"widely":[5],"used,":[6],"the":[7,45,73,106,116,139,143,168,176],"vulnerabilities":[8,25],"contained":[9],"therein":[10],"are":[11,29],"also":[12,184],"rapidly":[13],"propagated":[14],"to":[15,34,42,80],"a":[16,60,124,153],"large":[17],"number":[18],"of":[19,47,59,72,156,171],"innocent":[20],"applications.":[21],"Even":[22],"worse,":[23],"many":[24],"in":[26,76],"open-source":[27],"projects":[28],"secretly":[30],"fixed,":[31],"which":[32,129,190],"leads":[33],"affected":[35,194],"being":[37],"unaware":[38],"and":[39,85,158],"thus":[40],"exposed":[41],"risks.":[43],"For":[44],"purpose":[46],"protecting":[48],"deployed":[49],"software,":[50],"designing":[51],"an":[52,63],"effective":[53],"patch":[54,127],"classification":[55],"system":[56],"becomes":[57],"more":[58],"need":[61],"than":[62],"option.":[64],"To":[65],"this":[66,120],"end,":[67],"some":[68],"researchers":[69],"take":[70],"advantage":[71],"recent":[74],"advancements":[75],"natural":[77],"language":[78],"processing":[79],"learn":[81],"both":[82],"commit":[83,111,173],"messages":[84,174],"code":[86,134],"changes.":[87],"However,":[88],"they":[89],"often":[90],"incur":[91],"high":[92,154],"false":[93,160],"positive":[94,161],"rates.":[95],"Not":[96],"only":[97],"that,":[98],"existing":[99],"works":[100],"cannot":[101],"yet":[102],"answer":[103],"how":[104],"much":[105],"textual":[107],"description":[108],"(such":[109],"as":[110,136],"messages)":[112],"alone":[113],"can":[114,146,191],"influence":[115],"final":[117],"triage.":[118],"In":[119],"paper,":[121],"we":[122],"propose":[123],"Transformer":[125],"based":[126],"classifier,":[128],"does":[130],"not":[131],"use":[132],"any":[133],"changes":[135],"inputs.":[137],"Surprisingly,":[138],"extensive":[140],"experiment":[141],"shows":[142],"proposed":[144],"approach":[145],"significantly":[147],"outperform":[148],"other":[149],"state-of-the-art":[150],"work":[151],"with":[152],"precision":[155],"93.0%":[157],"low":[159],"rate.":[162],"Therefore,":[163],"our":[164,181],"research":[165],"further":[166],"confirms":[167],"critical":[169],"importance":[170],"well-crafted":[172],"for":[175],"later":[177],"maintenance.":[179],"Finally,":[180],"case":[182],"study":[183],"identifies":[185],"48":[186],"silent":[187],"security":[188],"patches,":[189],"benefit":[192],"those":[193],"software.":[195]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":1}],"updated_date":"2026-03-09T08:58:05.943551","created_date":"2025-10-10T00:00:00"}