{"id":"https://openalex.org/W4389164790","doi":"https://doi.org/10.1145/3611643.3616299","title":"Software Composition Analysis for Vulnerability Detection: An Empirical Study on Java Projects","display_name":"Software Composition Analysis for Vulnerability Detection: An Empirical Study on Java Projects","publication_year":2023,"publication_date":"2023-11-30","ids":{"openalex":"https://openalex.org/W4389164790","doi":"https://doi.org/10.1145/3611643.3616299"},"language":"en","primary_location":{"id":"doi:10.1145/3611643.3616299","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3611643.3616299","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://ink.library.smu.edu.sg/sis_research/9317","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082037581","display_name":"Lida Zhao","orcid":"https://orcid.org/0009-0005-9832-8948"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]},{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Lida Zhao","raw_affiliation_strings":["Singapore Management University, Nanyang Technological University, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"Singapore Management University, Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005","https://openalex.org/I79891267"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100658276","display_name":"Sen Chen","orcid":"https://orcid.org/0000-0001-9477-4100"},"institutions":[{"id":"https://openalex.org/I162868743","display_name":"Tianjin University","ror":"https://ror.org/012tb2g32","country_code":"CN","type":"education","lineage":["https://openalex.org/I162868743"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Sen Chen","raw_affiliation_strings":["Tianjin University, Tianjin, China"],"affiliations":[{"raw_affiliation_string":"Tianjin University, Tianjin, China","institution_ids":["https://openalex.org/I162868743"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049629263","display_name":"Zhengzi Xu","orcid":"https://orcid.org/0000-0002-8390-7518"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Zhengzi Xu","raw_affiliation_strings":["Nanyang Technological University, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100319564","display_name":"Chengwei Liu","orcid":"https://orcid.org/0000-0003-1175-2753"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Chengwei Liu","raw_affiliation_strings":["Nanyang Technological University, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047814742","display_name":"Lyuye Zhang","orcid":"https://orcid.org/0000-0003-3087-9645"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Lyuye Zhang","raw_affiliation_strings":["Nanyang Technological University, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100636729","display_name":"Jiahui Wu","orcid":"https://orcid.org/0000-0001-6758-4635"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Jiahui Wu","raw_affiliation_strings":["Nanyang Technological University, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100429004","display_name":"Jun Sun","orcid":"https://orcid.org/0000-0002-3545-1392"},"institutions":[{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Jun Sun","raw_affiliation_strings":["Singapore Management University, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"Singapore Management University, Singapore, Singapore","institution_ids":["https://openalex.org/I79891267"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100355692","display_name":"Yang Liu","orcid":"https://orcid.org/0000-0001-7300-9215"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Yang Liu","raw_affiliation_strings":["Nanyang Technological University, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5082037581"],"corresponding_institution_ids":["https://openalex.org/I172675005","https://openalex.org/I79891267"],"apc_list":null,"apc_paid":null,"fwci":11.8256,"has_fulltext":false,"cited_by_count":26,"citation_normalized_percentile":{"value":0.98542999,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"960","last_page":"972"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9854999780654907,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/dependency","display_name":"Dependency (UML)","score":0.8178635835647583},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8019879460334778},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.7919964790344238},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.7317277789115906},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5875958204269409},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5667743682861328},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.47782328724861145},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.47473058104515076},{"id":"https://openalex.org/keywords/scope","display_name":"Scope (computer science)","score":0.4409344494342804},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3554244041442871},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.25856471061706543},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1207570731639862},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.11855244636535645}],"concepts":[{"id":"https://openalex.org/C19768560","wikidata":"https://www.wikidata.org/wiki/Q320727","display_name":"Dependency (UML)","level":2,"score":0.8178635835647583},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8019879460334778},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.7919964790344238},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.7317277789115906},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5875958204269409},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5667743682861328},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.47782328724861145},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.47473058104515076},{"id":"https://openalex.org/C2778012447","wikidata":"https://www.wikidata.org/wiki/Q1034415","display_name":"Scope (computer science)","level":2,"score":0.4409344494342804},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3554244041442871},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.25856471061706543},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1207570731639862},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.11855244636535645}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3611643.3616299","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3611643.3616299","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:ink.library.smu.edu.sg:sis_research-10317","is_oa":true,"landing_page_url":"https://ink.library.smu.edu.sg/sis_research/9317","pdf_url":null,"source":{"id":"https://openalex.org/S4306401925","display_name":"Singapore Management University Institutional Knowledge (InK) (Singapore Management University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79891267","host_organization_name":"Singapore Management University","host_organization_lineage":["https://openalex.org/I79891267"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"https://doi.org/10.1145/3611643.3616299","raw_type":"Conference Proceeding Article"}],"best_oa_location":{"id":"pmh:oai:ink.library.smu.edu.sg:sis_research-10317","is_oa":true,"landing_page_url":"https://ink.library.smu.edu.sg/sis_research/9317","pdf_url":null,"source":{"id":"https://openalex.org/S4306401925","display_name":"Singapore Management University Institutional Knowledge (InK) (Singapore Management University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79891267","host_organization_name":"Singapore Management University","host_organization_lineage":["https://openalex.org/I79891267"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"https://doi.org/10.1145/3611643.3616299","raw_type":"Conference Proceeding Article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/17","display_name":"Partnerships for the goals","score":0.4300000071525574}],"awards":[{"id":"https://openalex.org/G3882347383","display_name":null,"funder_award_id":"Tier 3","funder_id":"https://openalex.org/F4320320751","funder_display_name":"Ministry of Education - Singapore"},{"id":"https://openalex.org/G5016601650","display_name":null,"funder_award_id":"Academic Research Fund","funder_id":"https://openalex.org/F4320320751","funder_display_name":"Ministry of Education - Singapore"},{"id":"https://openalex.org/G5027370758","display_name":null,"funder_award_id":"MOET32020-0004","funder_id":"https://openalex.org/F4320320751","funder_display_name":"Ministry of Education - Singapore"},{"id":"https://openalex.org/G6036235291","display_name":null,"funder_award_id":"NCRP25-P04-TAICeN","funder_id":"https://openalex.org/F4320320709","funder_display_name":"National Research Foundation Singapore"},{"id":"https://openalex.org/G901625343","display_name":null,"funder_award_id":"Academic Research F","funder_id":"https://openalex.org/F4320320751","funder_display_name":"Ministry of Education - Singapore"}],"funders":[{"id":"https://openalex.org/F4320320671","display_name":"National Research Foundation","ror":"https://ror.org/05s0g1g46"},{"id":"https://openalex.org/F4320320709","display_name":"National Research Foundation Singapore","ror":"https://ror.org/03cpyc314"},{"id":"https://openalex.org/F4320320751","display_name":"Ministry of Education - Singapore","ror":"https://ror.org/01kcva023"},{"id":"https://openalex.org/F4320323346","display_name":"B\u1ed9 Gi\u00e1o d\u1ee5c v\u00e0 \u00d0\u00e0o t\u1ea1o","ror":"https://ror.org/00drv3378"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W2615622384","https://openalex.org/W2762844179","https://openalex.org/W2899324080","https://openalex.org/W2963321189","https://openalex.org/W2963926786","https://openalex.org/W2964080672","https://openalex.org/W3040158574","https://openalex.org/W3088691441","https://openalex.org/W3122252170","https://openalex.org/W3127006109","https://openalex.org/W3160189022","https://openalex.org/W3161799213","https://openalex.org/W3192198953","https://openalex.org/W3198845576","https://openalex.org/W3198948396","https://openalex.org/W3200506265","https://openalex.org/W3214263053","https://openalex.org/W4221145571","https://openalex.org/W4384345626","https://openalex.org/W4388502396"],"related_works":["https://openalex.org/W2360139790","https://openalex.org/W3196043647","https://openalex.org/W3172515123","https://openalex.org/W4287163809","https://openalex.org/W2901649410","https://openalex.org/W1843794072","https://openalex.org/W4240545424","https://openalex.org/W2019168903","https://openalex.org/W2563096791","https://openalex.org/W2998602372"],"abstract_inverted_index":{"Software":[0],"composition":[1],"analysis":[2],"(SCA)":[3],"tools":[4,29,61,175],"are":[5],"proposed":[6,96],"to":[7,74,183,230],"detect":[8],"potential":[9],"vulnerabilities":[10],"introduced":[11],"by":[12,220,225],"open-source":[13],"software":[14,26],"(OSS)":[15],"imported":[16],"as":[17,40],"third-party":[18],"libraries":[19],"(TPL).":[20],"With":[21],"the":[22,35,68,89,117,128,140,189,205],"increasing":[23],"complexity":[24],"of":[25,43,59,78,82,88,102,116,123,142,233],"functionality,":[27],"SCA":[28,60,108,124,136],"may":[30],"encounter":[31],"various":[32],"scenarios":[33],"during":[34],"dependency":[36,46,50,118,143,187,216],"resolution":[37],"process,":[38],"such":[39],"diverse":[41,45,49],"formats":[42],"artifacts,":[44],"imports,":[47],"and":[48,84,107,121,144,167,194,198,201,222,238],"specifications.":[51],"However,":[52,210],"there":[53],"still":[54],"lacks":[55],"a":[56,75,150,231],"comprehensive":[57,114],"evaluation":[58],"for":[62,110,113,196,202,213],"Java":[63],"that":[64,173],"takes":[65],"into":[66],"account":[67],"above":[69],"scenarios.":[70],"This":[71,227],"could":[72],"lead":[73],"confined":[76],"interpretation":[77],"comparisons,":[79],"improper":[80],"use":[81],"tools,":[83],"hinder":[85],"further":[86,228],"improvements":[87],"tools.":[90,125],"To":[91],"fill":[92],"this":[93],"gap,":[94],"we":[95,131],"an":[97],"Evaluation":[98,129],"Model":[99],"which":[100,181],"consists":[101],"Scan":[103,105,162],"Modes,":[104],"Methods,":[106],"Scope":[109],"Maven":[111,154],"(SSM),":[112],"assessments":[115],"resolving":[119],"capabilities":[120],"effectiveness":[122],"Based":[126],"on":[127],"Model,":[130],"first":[132],"qualitatively":[133],"examined":[134],"6":[135],"tools\u2019":[137],"capabilities.":[138],"Next,":[139],"accuracy":[141],"vulnerability":[145,203,244],"is":[146,192,208],"quantitatively":[147],"evaluated":[148],"with":[149,156],"large-scale":[151],"dataset":[152],"(21,130":[153],"modules":[155],"73,499":[157],"unique":[158],"dependencies)":[159],"under":[160],"two":[161],"Modes":[163],"(i.e.,":[164],"build":[165,197],"scan":[166],"pre-build":[168,199],"scan).":[169],"The":[170],"results":[171],"show":[172],"most":[174],"do":[176],"not":[177],"fully":[178],"support":[179,212],"SSM,":[180],"leads":[182,229],"compromised":[184],"accuracy.":[185],"For":[186],"detection,":[188],"average":[190,206],"F1-score":[191,207],"0.890":[193],"0.692":[195],"respectively,":[200],"accuracy,":[204],"0.475.":[209],"proper":[211],"SSM":[214],"reduces":[215],"detection":[217],"false":[218,223,236,241],"positives":[219,237],"34.24%":[221],"negatives":[224,242],"6.91%.":[226],"reduction":[232],"18.28%":[234],"in":[235,240,243],"8.72%":[239],"reports.":[245]},"counts_by_year":[{"year":2025,"cited_by_count":15},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":2}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}