{"id":"https://openalex.org/W2740329368","doi":"https://doi.org/10.1145/3106237.3117771","title":"Automated identification of security issues from commit messages and bug reports","display_name":"Automated identification of security issues from commit messages and bug reports","publication_year":2017,"publication_date":"2017-08-02","ids":{"openalex":"https://openalex.org/W2740329368","doi":"https://doi.org/10.1145/3106237.3117771","mag":"2740329368"},"language":"en","primary_location":{"id":"doi:10.1145/3106237.3117771","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3106237.3117771","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5010280426","display_name":"Yaqin Zhou","orcid":"https://orcid.org/0000-0003-3788-8122"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Yaqin Zhou","raw_affiliation_strings":["SourceClear, Singapore"],"affiliations":[{"raw_affiliation_string":"SourceClear, Singapore","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5048346296","display_name":"Asankhaya Sharma","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Asankhaya Sharma","raw_affiliation_strings":["SourceClear, Singapore"],"affiliations":[{"raw_affiliation_string":"SourceClear, Singapore","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5010280426"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":16.1405,"has_fulltext":false,"cited_by_count":169,"citation_normalized_percentile":{"value":0.99016719,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"914","last_page":"919"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/commit","display_name":"Commit","score":0.8751760125160217},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8131310939788818},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.5302455425262451},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.5275896191596985},{"id":"https://openalex.org/keywords/precision-and-recall","display_name":"Precision and recall","score":0.5005011558532715},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4715937376022339},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.4422793686389923},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.44011086225509644},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4275251030921936},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4190892279148102},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.38657280802726746},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.19103053212165833},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.1883983314037323},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.17548689246177673},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.16888868808746338}],"concepts":[{"id":"https://openalex.org/C153180980","wikidata":"https://www.wikidata.org/wiki/Q19776675","display_name":"Commit","level":2,"score":0.8751760125160217},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8131310939788818},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.5302455425262451},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.5275896191596985},{"id":"https://openalex.org/C81669768","wikidata":"https://www.wikidata.org/wiki/Q2359161","display_name":"Precision and recall","level":2,"score":0.5005011558532715},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4715937376022339},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.4422793686389923},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.44011086225509644},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4275251030921936},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4190892279148102},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.38657280802726746},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.19103053212165833},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.1883983314037323},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.17548689246177673},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.16888868808746338},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3106237.3117771","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3106237.3117771","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W1531203382","https://openalex.org/W1576442155","https://openalex.org/W1707806712","https://openalex.org/W1710734607","https://openalex.org/W1971800255","https://openalex.org/W1992114977","https://openalex.org/W1997389706","https://openalex.org/W2069268700","https://openalex.org/W2099454382","https://openalex.org/W2101512909","https://openalex.org/W2104167780","https://openalex.org/W2105742204","https://openalex.org/W2112962899","https://openalex.org/W2123493477","https://openalex.org/W2137952932","https://openalex.org/W2148143831","https://openalex.org/W2153579005","https://openalex.org/W2338318698","https://openalex.org/W2580641941"],"related_works":["https://openalex.org/W4367365664","https://openalex.org/W4293227618","https://openalex.org/W2136634148","https://openalex.org/W3122851392","https://openalex.org/W3122800671","https://openalex.org/W4250708772","https://openalex.org/W4288862737","https://openalex.org/W1984769753","https://openalex.org/W2401620832","https://openalex.org/W3044342969"],"abstract_inverted_index":{"The":[0],"number":[1],"of":[2,14,30,119,153,158,196],"vulnerabilities":[3,24,51],"in":[4,52,74,96,124,130,173],"open":[5,39,53,97],"source":[6,40,54,98],"libraries":[7,41,55],"is":[8],"increasing":[9],"rapidly.":[10],"However,":[11],"the":[12,87,117,120,140,168,192,197],"majority":[13],"them":[15],"do":[16],"not":[17],"go":[18],"through":[19],"public":[20],"disclosure.":[21],"These":[22],"unidentified":[23,50],"put":[25],"developers'":[26],"products":[27],"at":[28,171],"risk":[29],"being":[31],"hacked":[32],"since":[33],"they":[34],"are":[35],"increasingly":[36],"relying":[37],"on":[38,112,127],"to":[42,116,161],"assemble":[43],"and":[44,56,81,93,103,155,186,194],"build":[45],"software":[46,59],"quickly.":[47],"To":[48],"find":[49],"secure":[57],"modern":[58],"development,":[60],"we":[61,133,147],"describe":[62],"an":[63],"efficient":[64],"automatic":[65],"vulnerability":[66,113,128],"identification":[67,129],"system":[68],"geared":[69],"towards":[70],"tracking":[71],"large-scale":[72],"projects":[73,99],"real":[75],"time":[76],"using":[77,100],"natural":[78],"language":[79],"processing":[80],"machine":[82],"learning":[83],"techniques.":[84],"Built":[85],"upon":[86],"latent":[88],"information":[89],"underlying":[90],"commit":[91,131],"messages":[92],"bug":[94,145],"reports":[95],"GitHub,":[101],"JIRA,":[102],"Bugzilla,":[104],"our":[105],"K-fold":[106],"stacking":[107],"classifier":[108,123],"achieves":[109],"promising":[110],"results":[111],"identification.":[114],"Compared":[115],"state":[118],"art":[121],"SVM-based":[122],"prior":[125],"work":[126],"messages,":[132],"improve":[134],"precision":[135,152],"by":[136],"54.55%":[137],"while":[138],"maintaining":[139],"same":[141],"recall":[142,156,184],"rate.":[143],"For":[144],"reports,":[146],"achieve":[148],"a":[149],"much":[150],"higher":[151],"0.70":[154],"rate":[157],"0.71":[159],"compared":[160],"existing":[162],"work.":[163],"Moreover,":[164],"observations":[165],"from":[166],"running":[167],"trained":[169],"model":[170],"SourceClear":[172],"production":[174],"for":[175],"over":[176],"3":[177],"months":[178],"has":[179],"shown":[180],"0.83":[181],"precision,":[182],"0.74":[183],"rate,":[185],"detected":[187],"349":[188],"hidden":[189],"vulnerabilities,":[190],"proving":[191],"effectiveness":[193],"generality":[195],"proposed":[198],"approach.":[199]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":22},{"year":2024,"cited_by_count":30},{"year":2023,"cited_by_count":31},{"year":2022,"cited_by_count":22},{"year":2021,"cited_by_count":31},{"year":2020,"cited_by_count":17},{"year":2019,"cited_by_count":10},{"year":2018,"cited_by_count":5}],"updated_date":"2026-03-18T14:38:29.013473","created_date":"2025-10-10T00:00:00"}