{"id":"https://openalex.org/W3091102523","doi":"https://doi.org/10.1145/3379597.3387461","title":"A Machine Learning Approach for Vulnerability Curation","display_name":"A Machine Learning Approach for Vulnerability Curation","publication_year":2020,"publication_date":"2020-06-29","ids":{"openalex":"https://openalex.org/W3091102523","doi":"https://doi.org/10.1145/3379597.3387461","mag":"3091102523"},"language":"en","primary_location":{"id":"doi:10.1145/3379597.3387461","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3379597.3387461","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th International Conference on Mining Software Repositories","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100350503","display_name":"Yang Chen","orcid":"https://orcid.org/0000-0003-4749-3060"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Yang Chen","raw_affiliation_strings":["Veracode"],"affiliations":[{"raw_affiliation_string":"Veracode","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013712945","display_name":"Andrew E. Santosa","orcid":"https://orcid.org/0000-0003-0396-0894"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Andrew E. Santosa","raw_affiliation_strings":["Veracode"],"affiliations":[{"raw_affiliation_string":"Veracode","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053535809","display_name":"Ang Ming Yi","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ang Ming Yi","raw_affiliation_strings":["Veracode"],"affiliations":[{"raw_affiliation_string":"Veracode","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015350971","display_name":"Abhishek Sharma","orcid":"https://orcid.org/0000-0001-6848-1603"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Abhishek Sharma","raw_affiliation_strings":["Veracode"],"affiliations":[{"raw_affiliation_string":"Veracode","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048346296","display_name":"Asankhaya Sharma","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Asankhaya Sharma","raw_affiliation_strings":["Veracode"],"affiliations":[{"raw_affiliation_string":"Veracode","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5081036622","display_name":"David Lo","orcid":"https://orcid.org/0000-0002-4367-7201"},"institutions":[{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"David Lo","raw_affiliation_strings":["Singapore Management University"],"affiliations":[{"raw_affiliation_string":"Singapore Management University","institution_ids":["https://openalex.org/I79891267"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100350503"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":7.7886,"has_fulltext":false,"cited_by_count":44,"citation_normalized_percentile":{"value":0.97449305,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"32","last_page":"42"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9904999732971191,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8317404985427856},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.727195143699646},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.605202853679657},{"id":"https://openalex.org/keywords/metric","display_name":"Metric (unit)","score":0.598168671131134},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5374465584754944},{"id":"https://openalex.org/keywords/word2vec","display_name":"Word2vec","score":0.4927666485309601},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4865495264530182},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4360968768596649},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.41547057032585144},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.3379574418067932},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.16826874017715454}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8317404985427856},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.727195143699646},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.605202853679657},{"id":"https://openalex.org/C176217482","wikidata":"https://www.wikidata.org/wiki/Q860554","display_name":"Metric (unit)","level":2,"score":0.598168671131134},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5374465584754944},{"id":"https://openalex.org/C2776461190","wikidata":"https://www.wikidata.org/wiki/Q22673982","display_name":"Word2vec","level":3,"score":0.4927666485309601},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4865495264530182},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4360968768596649},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.41547057032585144},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.3379574418067932},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.16826874017715454},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3379597.3387461","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3379597.3387461","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th International Conference on Mining Software Repositories","raw_type":"proceedings-article"},{"id":"pmh:oai:ink.library.smu.edu.sg:sis_research-6630","is_oa":false,"landing_page_url":"https://ink.library.smu.edu.sg/sis_research/5627","pdf_url":null,"source":{"id":"https://openalex.org/S4377196871","display_name":"Institutional Knowledge (InK) - Institutional Knowledge at Singapore Management University (Singapore Management University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79891267","host_organization_name":"Singapore Management University","host_organization_lineage":["https://openalex.org/I79891267"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"https://doi.org/10.1145/3379597.3387461","raw_type":"Conference Proceeding Article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W133470593","https://openalex.org/W1479807131","https://openalex.org/W1965895350","https://openalex.org/W1976526581","https://openalex.org/W2003315002","https://openalex.org/W2015452969","https://openalex.org/W2037603696","https://openalex.org/W2048679005","https://openalex.org/W2069268700","https://openalex.org/W2070425304","https://openalex.org/W2079057609","https://openalex.org/W2094947835","https://openalex.org/W2101210369","https://openalex.org/W2118978333","https://openalex.org/W2120457925","https://openalex.org/W2128182542","https://openalex.org/W2137952932","https://openalex.org/W2139578439","https://openalex.org/W2295598076","https://openalex.org/W2297419069","https://openalex.org/W2562319768","https://openalex.org/W2598645805","https://openalex.org/W2714550548","https://openalex.org/W2740329368","https://openalex.org/W2748690817","https://openalex.org/W2768348081","https://openalex.org/W2898227265","https://openalex.org/W2950577311","https://openalex.org/W2962698568","https://openalex.org/W2962739339","https://openalex.org/W2963341956","https://openalex.org/W2967556797","https://openalex.org/W2971950580","https://openalex.org/W3090843874","https://openalex.org/W3102476541","https://openalex.org/W3142656464"],"related_works":["https://openalex.org/W2980729574","https://openalex.org/W1560851690","https://openalex.org/W3092047717","https://openalex.org/W4390881630","https://openalex.org/W2770162183","https://openalex.org/W3110772647","https://openalex.org/W2947721150","https://openalex.org/W2894231409","https://openalex.org/W3127365535","https://openalex.org/W2995297654"],"abstract_inverted_index":{"Software":[0],"composition":[1],"analysis":[2],"depends":[3],"on":[4],"database":[5],"of":[6,32,47,66,95,120,142,158,164,172,175,182,198,215],"open-source":[7],"library":[8],"vulerabilities,":[9],"curated":[10],"by":[11,41,42],"security":[12],"researchers":[13],"using":[14],"various":[15],"sources,":[16],"such":[17,159],"as":[18,79],"bug":[19],"tracking":[20],"systems,":[21],"commits,":[22],"and":[23,30,61,90,206],"mailing":[24],"lists.":[25],"We":[26,85,110,134,167,194],"report":[27],"the":[28,39,45,64,93,96,101,104,118,121,137,140,143,156,170,173,176,180,186,189,196],"design":[29],"implementation":[31],"a":[33,53,162],"machine":[34],"learning":[35],"system":[36],"to":[37,63,75,88,116,130,179],"help":[38],"curation":[40],"automatically":[43,91],"predicting":[44],"vulnerability-relatedness":[46],"each":[48,108],"data":[49,57,82,165,220],"item.":[50],"It":[51,71],"supports":[52],"complete":[54],"pipeline":[55],"from":[56],"collection,":[58],"model":[59],"training":[60,97],"prediction,":[62],"validation":[65],"new":[67,80,112,122],"models":[68,78,123,144],"before":[69,124],"deployment.":[70],"is":[72,155,211],"executed":[73],"iteratively":[74],"generate":[76],"better":[77],"input":[81],"become":[83],"available.":[84],"use":[86],"self-training":[87,199],"significantly":[89],"increase":[92],"size":[94],"dataset,":[98],"opportunistically":[99],"maximizing":[100],"improvement":[102,138],"in":[103,139,145],"models'":[105],"quality":[106,119],"at":[107],"iteration.":[109],"devised":[111],"deployment":[113,125],"stability":[114],"metric":[115],"evaluate":[117,136],"into":[126],"production,":[127],"which":[128],"helped":[129],"discover":[131,168,208],"an":[132],"error.":[133],"experimentally":[135],"performance":[141],"one":[146],"iteration,":[147],"with":[148,201],"27.59%":[149],"maximum":[150],"PR":[151,203],"AUC":[152,204],"improvements.":[153],"Ours":[154],"first":[157],"study":[160],"across":[161,219],"variety":[163],"sources.":[166,221],"that":[169,192,209],"addition":[171],"features":[174,181],"corresponding":[177],"commits":[178],"issues/pull":[183],"requests":[184],"improve":[185],"precision":[187],"for":[188],"recall":[190],"values":[191],"matter.":[193],"demonstrate":[195],"effectiveness":[197],"alone,":[200],"10.50%":[202],"improvement,":[205],"we":[207],"there":[210],"no":[212],"uniform":[213],"ordering":[214],"word2vec":[216],"parameters":[217],"sensitivity":[218]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":12},{"year":2022,"cited_by_count":10},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":1}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}