{"id":"https://openalex.org/W3202579690","doi":"https://doi.org/10.1145/3468854","title":"SPI: Automated Identification of Security Patches via Commits","display_name":"SPI: Automated Identification of Security Patches via Commits","publication_year":2021,"publication_date":"2021-09-28","ids":{"openalex":"https://openalex.org/W3202579690","doi":"https://doi.org/10.1145/3468854","mag":"3202579690"},"language":"en","primary_location":{"id":"doi:10.1145/3468854","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3468854","pdf_url":null,"source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101467355","display_name":"Yaqin Zhou","orcid":"https://orcid.org/0000-0001-7375-0556"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Yaqin Zhou","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003704066","display_name":"Jing Kai Siow","orcid":null},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Jing Kai Siow","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100385875","display_name":"Chenyu Wang","orcid":"https://orcid.org/0000-0002-6527-2897"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Chenyu Wang","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045943684","display_name":"Shangqing Liu","orcid":"https://orcid.org/0000-0002-5598-4006"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Shangqing Liu","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100355692","display_name":"Yang Liu","orcid":"https://orcid.org/0000-0001-7300-9215"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Yang Liu","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5101467355"],"corresponding_institution_ids":["https://openalex.org/I172675005"],"apc_list":null,"apc_paid":null,"fwci":10.5239,"has_fulltext":false,"cited_by_count":57,"citation_normalized_percentile":{"value":0.98243363,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":"31","issue":"1","first_page":"1","last_page":"27"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9962000250816345,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7883122563362122},{"id":"https://openalex.org/keywords/commit","display_name":"Commit","score":0.7730944156646729},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7268781065940857},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.6915677189826965},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5706939697265625},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.5475602149963379},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.5427783131599426},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.5305643081665039},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.4684116244316101},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.45908844470977783},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.45295724272727966},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.4406163990497589},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.37534239888191223},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.27940359711647034},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.19659775495529175}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7883122563362122},{"id":"https://openalex.org/C153180980","wikidata":"https://www.wikidata.org/wiki/Q19776675","display_name":"Commit","level":2,"score":0.7730944156646729},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7268781065940857},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.6915677189826965},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5706939697265625},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.5475602149963379},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.5427783131599426},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.5305643081665039},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.4684116244316101},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.45908844470977783},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.45295724272727966},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.4406163990497589},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.37534239888191223},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.27940359711647034},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.19659775495529175},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3468854","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3468854","pdf_url":null,"source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G478423709","display_name":null,"funder_award_id":"AISG2-RP-2020-019","funder_id":"https://openalex.org/F4320320709","funder_display_name":"National Research Foundation Singapore"},{"id":"https://openalex.org/G4921399682","display_name":null,"funder_award_id":"NRF2018NCR-NCR005-0001","funder_id":"https://openalex.org/F4320320709","funder_display_name":"National Research Foundation Singapore"},{"id":"https://openalex.org/G6828898563","display_name":null,"funder_award_id":"NRF2018NCR-NSOE003-0001","funder_id":"https://openalex.org/F4320320671","funder_display_name":"National Research Foundation"}],"funders":[{"id":"https://openalex.org/F4320320671","display_name":"National Research Foundation","ror":"https://ror.org/05s0g1g46"},{"id":"https://openalex.org/F4320320709","display_name":"National Research Foundation Singapore","ror":"https://ror.org/03cpyc314"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":42,"referenced_works":["https://openalex.org/W1522301498","https://openalex.org/W1736726159","https://openalex.org/W1832693441","https://openalex.org/W2022371098","https://openalex.org/W2043837581","https://openalex.org/W2069268700","https://openalex.org/W2137789775","https://openalex.org/W2142958724","https://openalex.org/W2143861926","https://openalex.org/W2146649871","https://openalex.org/W2153579005","https://openalex.org/W2154398797","https://openalex.org/W2360967250","https://openalex.org/W2402619042","https://openalex.org/W2680688782","https://openalex.org/W2740329368","https://openalex.org/W2741271950","https://openalex.org/W2766411424","https://openalex.org/W2767011015","https://openalex.org/W2781021471","https://openalex.org/W2781491433","https://openalex.org/W2792256830","https://openalex.org/W2794601162","https://openalex.org/W2806718802","https://openalex.org/W2888328667","https://openalex.org/W2901941771","https://openalex.org/W2952829418","https://openalex.org/W2962960733","https://openalex.org/W2963218483","https://openalex.org/W2964046515","https://openalex.org/W2964150020","https://openalex.org/W2996248296","https://openalex.org/W3014394502","https://openalex.org/W3089621332","https://openalex.org/W3090843874","https://openalex.org/W3091102523","https://openalex.org/W3099130275","https://openalex.org/W3101228802","https://openalex.org/W3121385509","https://openalex.org/W3127736190","https://openalex.org/W4255309623","https://openalex.org/W4306985937"],"related_works":["https://openalex.org/W4384518368","https://openalex.org/W3189065608","https://openalex.org/W4313307479","https://openalex.org/W3117252235","https://openalex.org/W658105165","https://openalex.org/W2293678011","https://openalex.org/W3208699506","https://openalex.org/W3163146719","https://openalex.org/W4287279928","https://openalex.org/W2018644264"],"abstract_inverted_index":{"Security":[0,19,259],"patches":[1,53,75,88,102,128,131,171,344],"in":[2,14,59,77,121,298],"open":[3,61,78,148,347],"source":[4,62,149],"software,":[5],"providing":[6],"security":[7,33,52,87,101,109,114,127,156,194,203,343],"fixes":[8],"to":[9,27,93,189,303],"identified":[10,42],"vulnerabilities,":[11,43],"are":[12,23,65,193],"crucial":[13],"protecting":[15],"against":[16],"cyber":[17],"attacks.":[18],"advisories":[20],"and":[21,49,85,99,135,154,164,168,198,228,238,241,271,287,295,331],"announcements":[22],"often":[24],"publicly":[25],"released":[26],"inform":[28],"the":[29,36,60,81,185,243,246,252,255,278,305,334],"users":[30],"about":[31],"potential":[32],"vulnerability.":[34],"Despite":[35],"National":[37],"Vulnerability":[38],"Database":[39],"(NVD)":[40],"publishes":[41],"a":[44,113,140,200,325],"vast":[45],"majority":[46],"of":[47,73,83,147,209,254,289,308,315],"vulnerabilities":[48],"their":[50,94],"corresponding":[51],"remain":[54],"beyond":[55],"public":[56],"exposure,":[57],"e.g.,":[58,111,119],"libraries":[63,321],"that":[64,159,207,218,233,265,322,338],"heavily":[66],"relied":[67],"on":[68,245,277,333],"by":[69],"developers.":[70],"As":[71],"many":[72],"these":[74],"exist":[76],"sourced":[79,348],"projects,":[80],"problem":[82],"curating":[84],"gathering":[86],"can":[89,341],"be":[90],"difficult":[91],"due":[92],"hidden":[95],"nature.":[96],"An":[97],"extensive":[98],"complete":[100],"dataset":[103,227,280,313,336],"could":[104],"help":[105],"end-users":[106],"such":[107],"as":[108,282,284],"companies,":[110],"building":[112],"knowledge":[115],"base,":[116],"or":[117],"researcher,":[118],"aiding":[120],"vulnerability":[122],"research.":[123],"To":[124],"efficiently":[125],"curate":[126],"including":[129],"undisclosed":[130],"at":[132],"large":[133],"scale":[134],"low":[136],"cost,":[137],"we":[138,152],"propose":[139],"deep":[141,201],"neural-network-based":[142],"approach":[143,340],"built":[144],"upon":[145],"commits":[146,163,226,317],"repositories.":[150],"First,":[151],"design":[153],"build":[155],"patch":[157,204],"datasets":[158],"include":[160],"38,291":[161,186],"security-related":[162,187],"1,045":[165],"Common":[166],"Vulnerabilities":[167],"Exposures":[169],"(CVE)":[170],"from":[172,224,318,324],"four":[173],"large-scale":[174],"C":[175],"programming":[176],"language":[177],"libraries.":[178],"We":[179,196,291],"manually":[180],"verify":[181],"each":[182],"commit,":[183],"among":[184,346],"commits,":[188],"determine":[190],"if":[191],"they":[192],"related.":[195],"devise":[197],"implement":[199],"learning-based":[202],"identification":[205],"system":[206,250,267],"consists":[208,314],"two":[210,256],"composite":[211],"neural":[212,216,231],"networks:":[213],"one":[214,229],"commit-message":[215],"network":[217,232],"utilizes":[219],"pretrained":[220],"word":[221],"representations":[222],"learned":[223,296],"our":[225,266,293,309,339],"code-revision":[230],"takes":[234],"code":[235],"before":[236],"revision":[237,240],"after":[239],"learns":[242],"distinction":[244],"statement":[247],"level.":[248],"Our":[249,328],"leverages":[251],"power":[253],"networks":[257],"for":[258],"Patch":[260],"Identification.":[261],"Evaluation":[262],"results":[263,330],"show":[264],"significantly":[268],"outperforms":[269],"SVM":[270],"K-fold":[272],"stacking":[273],"algorithms.":[274],"The":[275,311],"result":[276],"combined":[279],"achieves":[281],"high":[283],"87.93%":[285],"F1-score":[286],"precision":[288],"86.24%.":[290],"deployed":[292],"pipeline":[294],"model":[297],"an":[299],"industrial":[300,312,335],"production":[301],"environment":[302],"evaluate":[304],"generalization":[306],"ability":[307],"approach.":[310],"298,917":[316],"410":[319],"new":[320],"range":[323],"wide":[326],"functionalities.":[327],"experiment":[329],"observation":[332],"proved":[337],"identify":[342],"effectively":[345],"projects.":[349]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":19},{"year":2024,"cited_by_count":15},{"year":2023,"cited_by_count":15},{"year":2022,"cited_by_count":7}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}