{"id":"https://openalex.org/W4387664630","doi":"https://doi.org/10.1145/3624734","title":"Aspect-level Information Discrepancies across Heterogeneous Vulnerability Reports: Severity, Types and Detection Methods","display_name":"Aspect-level Information Discrepancies across Heterogeneous Vulnerability Reports: Severity, Types and Detection Methods","publication_year":2023,"publication_date":"2023-10-16","ids":{"openalex":"https://openalex.org/W4387664630","doi":"https://doi.org/10.1145/3624734"},"language":"en","primary_location":{"id":"doi:10.1145/3624734","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3624734","pdf_url":null,"source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5010290885","display_name":"Jiamou Sun","orcid":"https://orcid.org/0000-0002-5212-7068"},"institutions":[{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Jiamou Sun","raw_affiliation_strings":["CSIRO, Australia","CSIRO Data61, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO, Australia","institution_ids":["https://openalex.org/I1292875679"]},{"raw_affiliation_string":"CSIRO Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028641941","display_name":"Zhenchang Xing","orcid":"https://orcid.org/0000-0001-7663-1421"},"institutions":[{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I118347636","display_name":"Australian National University","ror":"https://ror.org/019wvm592","country_code":"AU","type":"education","lineage":["https://openalex.org/I118347636"]},{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Zhenchang Xing","raw_affiliation_strings":["CSIRO &amp; Australian National University, Australia","CSIRO & Australian National University Data61, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO &amp; Australian National University, Australia","institution_ids":["https://openalex.org/I118347636"]},{"raw_affiliation_string":"CSIRO & Australian National University Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679","https://openalex.org/I118347636"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006669765","display_name":"Xin Xia","orcid":"https://orcid.org/0000-0002-6302-3256"},"institutions":[{"id":"https://openalex.org/I2250955327","display_name":"Huawei Technologies (China)","ror":"https://ror.org/00cmhce21","country_code":"CN","type":"company","lineage":["https://openalex.org/I2250955327"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xin Xia","raw_affiliation_strings":["Huawei, China","Huawei Software Engineering Application Technology Lab, China"],"affiliations":[{"raw_affiliation_string":"Huawei, China","institution_ids":["https://openalex.org/I2250955327"]},{"raw_affiliation_string":"Huawei Software Engineering Application Technology Lab, China","institution_ids":["https://openalex.org/I2250955327"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075900594","display_name":"Qinghua Lu","orcid":"https://orcid.org/0000-0002-7783-5183"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Qinghua Lu","raw_affiliation_strings":["CSIRO, Australia","CSIRO Data61, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO, Australia","institution_ids":["https://openalex.org/I1292875679"]},{"raw_affiliation_string":"CSIRO Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006841485","display_name":"Xiwei Xu","orcid":"https://orcid.org/0000-0002-2273-1862"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Xiwei Xu","raw_affiliation_strings":["CSIRO, Australia","CSIRO Data61, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO, Australia","institution_ids":["https://openalex.org/I1292875679"]},{"raw_affiliation_string":"CSIRO Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5064683660","display_name":"Liming Zhu","orcid":"https://orcid.org/0000-0001-5839-3765"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I31746571","display_name":"UNSW Sydney","ror":"https://ror.org/03r8z3t63","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Liming Zhu","raw_affiliation_strings":["CSIRO &amp; University of New South Wales, Australia","CSIRO & University of New South Wales Data61, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO &amp; University of New South Wales, Australia","institution_ids":["https://openalex.org/I1292875679"]},{"raw_affiliation_string":"CSIRO & University of New South Wales Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I31746571","https://openalex.org/I1292875679"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5010290885"],"corresponding_institution_ids":["https://openalex.org/I1292875679","https://openalex.org/I42894916"],"apc_list":null,"apc_paid":null,"fwci":5.5135,"has_fulltext":false,"cited_by_count":13,"citation_normalized_percentile":{"value":0.9612659,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"33","issue":"2","first_page":"1","last_page":"38"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9943000078201294,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8180084824562073},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6926935911178589},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.546334445476532},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5226613879203796},{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.4944570064544678},{"id":"https://openalex.org/keywords/product","display_name":"Product (mathematics)","score":0.41040685772895813},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3940891623497009},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3359648287296295},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.32736334204673767},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2306201159954071}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8180084824562073},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6926935911178589},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.546334445476532},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5226613879203796},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.4944570064544678},{"id":"https://openalex.org/C90673727","wikidata":"https://www.wikidata.org/wiki/Q901718","display_name":"Product (mathematics)","level":2,"score":0.41040685772895813},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3940891623497009},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3359648287296295},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.32736334204673767},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2306201159954071},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3624734","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3624734","pdf_url":null,"source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":44,"referenced_works":["https://openalex.org/W918972627","https://openalex.org/W1614298861","https://openalex.org/W2139060038","https://openalex.org/W2150593711","https://openalex.org/W2171710836","https://openalex.org/W2250539671","https://openalex.org/W2251329024","https://openalex.org/W2296283641","https://openalex.org/W2368550879","https://openalex.org/W2406204547","https://openalex.org/W2496269935","https://openalex.org/W2513738415","https://openalex.org/W2533908554","https://openalex.org/W2620913545","https://openalex.org/W2766898821","https://openalex.org/W2767521898","https://openalex.org/W2774510177","https://openalex.org/W2793974819","https://openalex.org/W2798237655","https://openalex.org/W2910663633","https://openalex.org/W2927166905","https://openalex.org/W2962698568","https://openalex.org/W2969364302","https://openalex.org/W2970641574","https://openalex.org/W2979480859","https://openalex.org/W2980249892","https://openalex.org/W2982413960","https://openalex.org/W2996740343","https://openalex.org/W3003693574","https://openalex.org/W3014961314","https://openalex.org/W3015513242","https://openalex.org/W3034622092","https://openalex.org/W3098374216","https://openalex.org/W3104934250","https://openalex.org/W3106020419","https://openalex.org/W3111602563","https://openalex.org/W3165688004","https://openalex.org/W3176717822","https://openalex.org/W3180238884","https://openalex.org/W3195348753","https://openalex.org/W3214263053","https://openalex.org/W4210556785","https://openalex.org/W4288079339","https://openalex.org/W4312870949"],"related_works":["https://openalex.org/W2393340519","https://openalex.org/W4298219515","https://openalex.org/W3118510577","https://openalex.org/W2021298062","https://openalex.org/W2185499427","https://openalex.org/W1883246888","https://openalex.org/W2371301679","https://openalex.org/W2527966616","https://openalex.org/W4200316191","https://openalex.org/W2188018701"],"abstract_inverted_index":{"Vulnerable":[0],"third-party":[1,22],"libraries":[2],"pose":[3],"significant":[4],"threats":[5],"to":[6,99,128,145,163,223],"software":[7],"applications":[8],"that":[9,196],"reuse":[10],"these":[11],"libraries.":[12,44],"At":[13],"an":[14],"industry":[15],"scale":[16],"of":[17,21,33,42,47,64,69,125,159,175,214,226,235,241],"reuse,":[18],"manual":[19],"analysis":[20,167],"library":[23],"vulnerabilities":[24,34],"can":[25],"be":[26,97],"easily":[27],"overwhelmed":[28],"by":[29],"the":[30,61,86,89,152,157,170,212,221],"sheer":[31],"number":[32],"continually":[35],"collected":[36],"from":[37,92,140,203],"diverse":[38],"sources":[39],"for":[40,88,172],"thousands":[41],"reused":[43],"Our":[45,154,207,218],"study":[46,210,219],"four":[48],"large-scale,":[49],"actively":[50],"maintained":[51],"vulnerability":[52,71,77,91,104,142,166,188,199,205,227,233],"databases":[53],"(NVD,":[54],"IBM":[55],"X-Force,":[56],"ExploitDB,":[57],"and":[58,83,101,112,134,144,168,191,229,238],"Openwall)":[59],"reveals":[60],"wide":[62,123],"presence":[63],"information":[65,202],"discrepancies,":[66],"in":[67],"terms":[68],"seven":[70],"aspects,":[72],"i.e.,":[73],"product,":[74],"version,":[75],"component,":[76],"type,":[78],"root":[79,138],"cause,":[80],"attack":[81],"vector,":[82],"impact,":[84],"between":[85,151],"reports":[87,143],"same":[90],"heterogeneous":[93,204],"sources.":[94],"It":[95],"would":[96],"beneficial":[98],"integrate":[100],"cross-validate":[102],"multi-source":[103],"information,":[105],"but":[106],"it":[107],"demands":[108],"automatic":[109],"aspect":[110,113,149,201],"extraction":[111],"discrepancy":[114],"detection.":[115],"In":[116],"this":[117],"work,":[118],"we":[119,183],"experimented":[120],"with":[121],"a":[122,185,192,236],"range":[124],"NLP":[126,161,177],"methods":[127,162],"extract":[129],"named":[130],"entities":[131],"(e.g.,":[132,137],"product)":[133],"free-form":[135],"phrases":[136],"cause)":[139],"textual":[141],"detect":[146],"semantically":[147],"different":[148],"mentions":[150],"reports.":[153],"experiments":[155],"confirm":[156],"feasibility":[158],"applying":[160],"automate":[164],"aspect-level":[165,187],"identify":[169],"need":[171],"domain":[173],"customization":[174],"general":[176],"methods.":[178],"Based":[179],"on":[180],"our":[181,215],"findings,":[182],"propose":[184],"discrepancy-aware,":[186],"knowledge":[189],"graph":[190],"KG-based":[193],"web":[194,216],"portal":[195],"integrates":[197],"diversified":[198],"key":[200],"databases.":[206],"conducted":[208],"user":[209],"proves":[211],"usefulness":[213],"portal.":[217],"opens":[220],"door":[222],"new":[224],"types":[225],"integration":[228],"management,":[230],"such":[231],"as":[232],"portraits":[234],"product":[237],"explainable":[239],"prediction":[240],"silent":[242],"vulnerabilities.":[243]},"counts_by_year":[{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":3},{"year":2022,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}