{"id":"https://openalex.org/W4308653691","doi":"https://doi.org/10.1145/3558489.3559069","title":"Profiling developers to predict vulnerable code changes","display_name":"Profiling developers to predict vulnerable code changes","publication_year":2022,"publication_date":"2022-11-07","ids":{"openalex":"https://openalex.org/W4308653691","doi":"https://doi.org/10.1145/3558489.3559069"},"language":"en","primary_location":{"id":"doi:10.1145/3558489.3559069","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3558489.3559069","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3558489.3559069","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th International Conference on Predictive Models and Data Analytics in Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3558489.3559069","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5003753803","display_name":"Tugce Coskun","orcid":null},"institutions":[{"id":"https://openalex.org/I48912391","display_name":"Istanbul Technical University","ror":"https://ror.org/059636586","country_code":"TR","type":"education","lineage":["https://openalex.org/I48912391"]}],"countries":["TR"],"is_corresponding":false,"raw_author_name":"Tugce Coskun","raw_affiliation_strings":["Istanbul Technical University, Turkey"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Istanbul Technical University, Turkey","institution_ids":["https://openalex.org/I48912391"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006614669","display_name":"Ru\u015fen Halepmollas\u0131","orcid":"https://orcid.org/0000-0002-9941-2712"},"institutions":[{"id":"https://openalex.org/I48912391","display_name":"Istanbul Technical University","ror":"https://ror.org/059636586","country_code":"TR","type":"education","lineage":["https://openalex.org/I48912391"]}],"countries":["TR"],"is_corresponding":false,"raw_author_name":"Rusen Halepmollasi","raw_affiliation_strings":["Istanbul Technical University, Turkey"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Istanbul Technical University, Turkey","institution_ids":["https://openalex.org/I48912391"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063689765","display_name":"Khadija Hanifi","orcid":"https://orcid.org/0000-0001-7044-3315"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Khadija Hanifi","raw_affiliation_strings":["Ericsson Security Research, Turkey"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Ericsson Security Research, Turkey","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042164046","display_name":"Ramin Fadaei Fouladi","orcid":"https://orcid.org/0000-0003-4142-1293"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ramin Fadaei Fouladi","raw_affiliation_strings":["Ericsson Security Research, Turkey"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Ericsson Security Research, Turkey","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068409372","display_name":"Pinar Comak De Cnudde","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Pinar Comak De Cnudde","raw_affiliation_strings":["Ericsson Security Research, Turkey"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Ericsson Security Research, Turkey","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5089239701","display_name":"Ay\u015fe Tosun","orcid":"https://orcid.org/0000-0003-1859-7872"},"institutions":[{"id":"https://openalex.org/I48912391","display_name":"Istanbul Technical University","ror":"https://ror.org/059636586","country_code":"TR","type":"education","lineage":["https://openalex.org/I48912391"]}],"countries":["TR"],"is_corresponding":false,"raw_author_name":"Ayse Tosun","raw_affiliation_strings":["Istanbul Technical University, Turkey"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Istanbul Technical University, Turkey","institution_ids":["https://openalex.org/I48912391"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.956,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.81276176,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"32","last_page":"41"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9933000206947327,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9919999837875366,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7795394659042358},{"id":"https://openalex.org/keywords/profiling","display_name":"Profiling (computer programming)","score":0.708970308303833},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.6254423260688782},{"id":"https://openalex.org/keywords/random-forest","display_name":"Random forest","score":0.607903003692627},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.5696179270744324},{"id":"https://openalex.org/keywords/naive-bayes-classifier","display_name":"Naive Bayes classifier","score":0.5275905728340149},{"id":"https://openalex.org/keywords/boosting","display_name":"Boosting (machine learning)","score":0.5217248201370239},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.5214235782623291},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5125789046287537},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5052693486213684},{"id":"https://openalex.org/keywords/code-review","display_name":"Code review","score":0.47058239579200745},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4562247395515442},{"id":"https://openalex.org/keywords/gradient-boosting","display_name":"Gradient boosting","score":0.45413196086883545},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4511423110961914},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.448646605014801},{"id":"https://openalex.org/keywords/static-program-analysis","display_name":"Static program analysis","score":0.3722841143608093},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.29387882351875305},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.15552058815956116},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.09763914346694946}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7795394659042358},{"id":"https://openalex.org/C187191949","wikidata":"https://www.wikidata.org/wiki/Q1138496","display_name":"Profiling (computer programming)","level":2,"score":0.708970308303833},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6254423260688782},{"id":"https://openalex.org/C169258074","wikidata":"https://www.wikidata.org/wiki/Q245748","display_name":"Random forest","level":2,"score":0.607903003692627},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.5696179270744324},{"id":"https://openalex.org/C52001869","wikidata":"https://www.wikidata.org/wiki/Q812530","display_name":"Naive Bayes classifier","level":3,"score":0.5275905728340149},{"id":"https://openalex.org/C46686674","wikidata":"https://www.wikidata.org/wiki/Q466303","display_name":"Boosting (machine learning)","level":2,"score":0.5217248201370239},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.5214235782623291},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5125789046287537},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5052693486213684},{"id":"https://openalex.org/C150292731","wikidata":"https://www.wikidata.org/wiki/Q1342704","display_name":"Code review","level":5,"score":0.47058239579200745},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4562247395515442},{"id":"https://openalex.org/C70153297","wikidata":"https://www.wikidata.org/wiki/Q5591907","display_name":"Gradient boosting","level":3,"score":0.45413196086883545},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4511423110961914},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.448646605014801},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.3722841143608093},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.29387882351875305},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.15552058815956116},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.09763914346694946},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3558489.3559069","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3558489.3559069","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3558489.3559069","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th International Conference on Predictive Models and Data Analytics in Software Engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:polen.itu.edu.tr:11527/25619","is_oa":false,"landing_page_url":"http://hdl.handle.net/11527/25619","pdf_url":null,"source":{"id":"https://openalex.org/S4306400460","display_name":"Istanbul Technical University Academic Open Archive (Istanbul Technical University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I48912391","host_organization_name":"Istanbul Technical University","host_organization_lineage":["https://openalex.org/I48912391"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Master Thesis"},{"id":"pmh:oai:polen.itu.edu.tr:11527/66229","is_oa":false,"landing_page_url":"https://hdl.handle.net/11527/66229","pdf_url":null,"source":{"id":"https://openalex.org/S4306400460","display_name":"Istanbul Technical University Academic Open Archive (Istanbul Technical University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I48912391","host_organization_name":"Istanbul Technical University","host_organization_lineage":["https://openalex.org/I48912391"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"}],"best_oa_location":{"id":"doi:10.1145/3558489.3559069","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3558489.3559069","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3558489.3559069","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th International Conference on Predictive Models and Data Analytics in Software Engineering","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G7418582909","display_name":null,"funder_award_id":"5169902","funder_id":"https://openalex.org/F4320322626","funder_display_name":"T\u00fcrkiye Bilimsel ve Teknolojik Ara\u015ft\u0131rma Kurumu"}],"funders":[{"id":"https://openalex.org/F4320322626","display_name":"T\u00fcrkiye Bilimsel ve Teknolojik Ara\u015ft\u0131rma Kurumu","ror":"https://ror.org/04w9kkr77"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4308653691.pdf","grobid_xml":"https://content.openalex.org/works/W4308653691.grobid-xml"},"referenced_works_count":37,"referenced_works":["https://openalex.org/W1997236144","https://openalex.org/W2004758929","https://openalex.org/W2043837581","https://openalex.org/W2067148378","https://openalex.org/W2096274199","https://openalex.org/W2137789775","https://openalex.org/W2143869283","https://openalex.org/W2147120745","https://openalex.org/W2157353183","https://openalex.org/W2261059368","https://openalex.org/W2265169858","https://openalex.org/W2294645471","https://openalex.org/W2295598076","https://openalex.org/W2298822263","https://openalex.org/W2478745999","https://openalex.org/W2510803363","https://openalex.org/W2523529832","https://openalex.org/W2547865141","https://openalex.org/W2548378638","https://openalex.org/W2574100359","https://openalex.org/W2580969380","https://openalex.org/W2743657615","https://openalex.org/W2747462521","https://openalex.org/W2756934375","https://openalex.org/W2760805760","https://openalex.org/W2773989484","https://openalex.org/W2897230861","https://openalex.org/W2963919031","https://openalex.org/W2963926786","https://openalex.org/W3008835119","https://openalex.org/W3049398420","https://openalex.org/W3093853090","https://openalex.org/W3168469052","https://openalex.org/W3193713946","https://openalex.org/W4312597176","https://openalex.org/W4312902756","https://openalex.org/W4312955853"],"related_works":["https://openalex.org/W2967733078","https://openalex.org/W3204430031","https://openalex.org/W3137904399","https://openalex.org/W4310492845","https://openalex.org/W2885778889","https://openalex.org/W2766514146","https://openalex.org/W2885516856","https://openalex.org/W4289703016","https://openalex.org/W4310224730","https://openalex.org/W1985505753"],"abstract_inverted_index":{"Software":[0],"vulnerability":[1,56,59,83,153],"prediction":[2,145],"and":[3,11,58,86,108,137],"management":[4],"have":[5],"caught":[6],"the":[7,23,39,55,76,88,91,95,109,117,144,170,174,187,192],"interest":[8],"of":[9,22,41,62,78,111,156],"researchers":[10],"practitioners,":[12],"recently.":[13],"Various":[14],"techniques":[15,194],"that":[16],"are":[17,26],"usually":[18],"based":[19,93,162,176],"on":[20,94,106,163,177],"characteristics":[21],"code":[24,96,112,164],"artefacts":[25],"also":[27,74],"offered":[28],"to":[29,53,142,151],"predict":[30,152],"software":[31,65],"vulnerabilities.":[32],"While":[33],"other":[34],"studies":[35],"achieve":[36,197],"promising":[37],"results,":[38],"role":[40],"developers":[42,63],"in":[43,64,81],"inducing":[44,57,84,154],"vulnerabilities":[45],"has":[46],"not":[47],"been":[48],"studied":[49],"yet.":[50],"We":[51,73,98,120],"aim":[52],"profile":[54],"fixing":[60],"behaviors":[61],"projects":[66],"using":[67],"Heterogeneous":[68],"Information":[69],"Network":[70],"(HIN)":[71],"analysis.":[72],"investigate":[75],"impact":[77],"developer":[79,179],"profiles":[80],"predicting":[82],"commits,":[85],"compare":[87],"findings":[89],"against":[90],"approach":[92],"metrics.":[97],"adopt":[99],"Random":[100,134],"Walk":[101],"with":[102,191],"Restart":[103],"(RWR)":[104],"algorithm":[105],"HIN":[107],"aggregation":[110],"metrics":[113,165],"for":[114,169],"extracting":[115],"all":[116],"input":[118],"features.":[119],"utilize":[121],"traditional":[122],"machine":[123],"learning":[124],"algorithms":[125],"namely,":[126],"Naive":[127],"Bayes":[128],"(NB),":[129],"Support":[130],"Vector":[131],"Machine":[132],"(SVM),":[133],"Forest":[135],"(RF)":[136],"eXtreme":[138],"Gradient":[139],"Boosting":[140],"(XGBoost)":[141],"build":[143],"models.We":[146],"report":[147],"our":[148],"empirical":[149],"analysis":[150],"commits":[155],"four":[157],"Apache":[158],"projects.":[159],"The":[160],"technique":[161,175],"achieves":[166,181],"90%":[167],"success":[168],"recall":[171],"measure,":[172],"whereas":[173],"profiling":[178],"behavior":[180],"71%":[182],"success.":[183,199],"When":[184],"we":[185,196],"use":[186],"feature":[188],"sets":[189],"obtained":[190],"two":[193],"together,":[195],"89%":[198]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}