{"id":"https://openalex.org/W4223953821","doi":"https://doi.org/10.1145/3508398.3511495","title":"Building a Commit-level Dataset of Real-world Vulnerabilities","display_name":"Building a Commit-level Dataset of Real-world Vulnerabilities","publication_year":2022,"publication_date":"2022-04-14","ids":{"openalex":"https://openalex.org/W4223953821","doi":"https://doi.org/10.1145/3508398.3511495"},"language":"en","primary_location":{"id":"doi:10.1145/3508398.3511495","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3508398.3511495","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://hal.science/hal-03477866","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5047080781","display_name":"Alexis Challande","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Alexis Challande","raw_affiliation_strings":["Quarkslab, Inria, &amp; Institut Polytechnique de Paris, Paris, France"],"affiliations":[{"raw_affiliation_string":"Quarkslab, Inria, &amp; Institut Polytechnique de Paris, Paris, France","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102270357","display_name":"Robin David","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Robin David","raw_affiliation_strings":["Quarkslab, Paris, France"],"affiliations":[{"raw_affiliation_string":"Quarkslab, Paris, France","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5085614648","display_name":"Gu\u00e9na\u00ebl Renault","orcid":"https://orcid.org/0000-0002-7050-9975"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Gu\u00e9na\u00ebl Renault","raw_affiliation_strings":["ANSSI, Inria, &amp; Institut Polytechnique de Paris, Paris, France"],"affiliations":[{"raw_affiliation_string":"ANSSI, Inria, &amp; Institut Polytechnique de Paris, Paris, France","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5047080781"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.5075,"has_fulltext":true,"cited_by_count":12,"citation_normalized_percentile":{"value":0.93442884,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"101","last_page":"106"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8260037899017334},{"id":"https://openalex.org/keywords/commit","display_name":"Commit","score":0.8259373903274536},{"id":"https://openalex.org/keywords/metadata","display_name":"Metadata","score":0.6474506258964539},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5725666284561157},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5463358759880066},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.47788822650909424},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.44984811544418335},{"id":"https://openalex.org/keywords/baseline","display_name":"Baseline (sea)","score":0.4121472239494324},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.3763209283351898},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.28552836179733276},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.16545230150222778}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8260037899017334},{"id":"https://openalex.org/C153180980","wikidata":"https://www.wikidata.org/wiki/Q19776675","display_name":"Commit","level":2,"score":0.8259373903274536},{"id":"https://openalex.org/C93518851","wikidata":"https://www.wikidata.org/wiki/Q180160","display_name":"Metadata","level":2,"score":0.6474506258964539},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5725666284561157},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5463358759880066},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.47788822650909424},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.44984811544418335},{"id":"https://openalex.org/C12725497","wikidata":"https://www.wikidata.org/wiki/Q810247","display_name":"Baseline (sea)","level":2,"score":0.4121472239494324},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.3763209283351898},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.28552836179733276},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.16545230150222778},{"id":"https://openalex.org/C13280743","wikidata":"https://www.wikidata.org/wiki/Q131089","display_name":"Geodesy","level":1,"score":0.0},{"id":"https://openalex.org/C111368507","wikidata":"https://www.wikidata.org/wiki/Q43518","display_name":"Oceanography","level":1,"score":0.0},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3508398.3511495","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3508398.3511495","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"},{"id":"pmh:oai:HAL:hal-03477866v1","is_oa":true,"landing_page_url":"https://hal.science/hal-03477866","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"CODASPY 2022 - 12th ACM Conference on Data and Application Security and Privacy, Apr 2022, Baltimore MD USA, United States. pp.101-106","raw_type":"Conference papers"}],"best_oa_location":{"id":"pmh:oai:HAL:hal-03477866v1","is_oa":true,"landing_page_url":"https://hal.science/hal-03477866","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"CODASPY 2022 - 12th ACM Conference on Data and Application Security and Privacy, Apr 2022, Baltimore MD USA, United States. pp.101-106","raw_type":"Conference papers"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/17","display_name":"Partnerships for the goals","score":0.4000000059604645}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W1490011260","https://openalex.org/W1990762361","https://openalex.org/W2515236103","https://openalex.org/W2592125937","https://openalex.org/W2634106992","https://openalex.org/W2772848948","https://openalex.org/W2781491433","https://openalex.org/W2801712578","https://openalex.org/W2802300457","https://openalex.org/W2889354405","https://openalex.org/W2911655340","https://openalex.org/W2912944541","https://openalex.org/W2946530307","https://openalex.org/W2969343988","https://openalex.org/W2974974307","https://openalex.org/W3007413911","https://openalex.org/W3105926539","https://openalex.org/W3183469243","https://openalex.org/W4230472372","https://openalex.org/W4235494081","https://openalex.org/W4254188649","https://openalex.org/W4289753991","https://openalex.org/W4353004773","https://openalex.org/W4388867283","https://openalex.org/W4402262144","https://openalex.org/W6745155319"],"related_works":["https://openalex.org/W4367365664","https://openalex.org/W4293227618","https://openalex.org/W2136634148","https://openalex.org/W3122851392","https://openalex.org/W3122800671","https://openalex.org/W4250708772","https://openalex.org/W4288862737","https://openalex.org/W1984769753","https://openalex.org/W2401620832","https://openalex.org/W4297677903"],"abstract_inverted_index":{"While":[0],"CVE":[1,17,22],"have":[2],"become":[3],"a":[4,43,56,83,99,103,117,159,187],"de":[5],"facto":[6],"standard":[7],"for":[8,81,158,171,197],"publishing":[9],"advisories":[10,23],"on":[11],"vulnerabilities,":[12,87,123],"the":[13,28,31,35,39,64,67,78,91,137,162,177,195],"state":[14],"of":[15,71,86,105,119,161,185],"current":[16],"databases":[18],"is":[19,41,77,116],"lackluster.":[20],"Yet,":[21],"are":[24],"insufficient":[25],"to":[26],"bridge":[27],"gap":[29],"with":[30,132],"vulnerability":[32,128],"artifacts":[33],"in":[34,98],"impacted":[36],"program.":[37],"Therefore,":[38],"community":[40,196],"lacking":[42],"public":[44],"real-world":[45],"vulnerabilities":[46,65],"dataset":[47,85,118,153,192],"providing":[48,155,186],"such":[49],"association.":[50],"In":[51,183],"this":[52,59,152],"paper,":[53],"we":[54,149],"present":[55],"method":[57],"restoring":[58],"missing":[60],"link":[61],"by":[62,154],"analyzing":[63],"from":[66],"AOSP,":[68],"an":[69],"aggregate":[70],"more":[72,120],"than":[73,121],"1,800":[74],"projects.":[75],"It":[76],"perfect":[79],"target":[80],"building":[82],"representative":[84],"as":[88],"it":[89],"covers":[90],"full":[92],"spectrum":[93],"that":[94],"may":[95],"be":[96],"encountered":[97],"modern":[100],"system":[101],"where":[102],"variety":[104],"low-level":[106],"and":[107,175,181],"higher-level":[108],"components":[109],"interact.":[110],"More":[111],"specifically,":[112],"our":[113,191],"main":[114],"contribution":[115],"1,900":[122],"associating":[124],"generic":[125],"metadata":[126],"(e.g.":[127,140],"type,":[129],"impact":[130],"level)":[131],"their":[133],"respective":[134],"patches":[135],"at":[136,176],"commit":[138],"granularity":[139],"fix":[141],"commit-id,":[142],"affected":[143],"files,":[144],"source":[145,180],"code":[146],"language).":[147],"Finally,":[148],"also":[150],"augment":[151],"precompiled":[156],"binaries":[157,165],"subset":[160],"vulnerabilities.":[163],"These":[164],"open":[166],"various":[167],"data":[168],"usage,":[169],"both":[170],"binary":[172],"only":[173],"analysis":[174],"interface":[178],"between":[179],"binary.":[182],"addition":[184],"common":[188],"baseline":[189],"benchmark,":[190],"release":[193],"supports":[194],"data-driven":[198],"software":[199],"security":[200],"research.":[201]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":3}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}