{"id":"https://openalex.org/W4399668891","doi":"https://doi.org/10.1145/3672452","title":"Understanding Vulnerability Inducing Commits of the Linux Kernel","display_name":"Understanding Vulnerability Inducing Commits of the Linux Kernel","publication_year":2024,"publication_date":"2024-06-14","ids":{"openalex":"https://openalex.org/W4399668891","doi":"https://doi.org/10.1145/3672452"},"language":"en","primary_location":{"id":"doi:10.1145/3672452","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3672452","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3672452","source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3672452","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5067240337","display_name":"Muhui Jiang","orcid":"https://orcid.org/0000-0003-2196-6894"},"institutions":[{"id":"https://openalex.org/I14243506","display_name":"Hong Kong Polytechnic University","ror":"https://ror.org/0030zas98","country_code":"HK","type":"education","lineage":["https://openalex.org/I14243506"]}],"countries":["HK"],"is_corresponding":true,"raw_author_name":"Muhui Jiang","raw_affiliation_strings":["The Hong Kong Polytechnic University, Hong Kong, China","The Hong Kong Polytechnic University, China"],"affiliations":[{"raw_affiliation_string":"The Hong Kong Polytechnic University, Hong Kong, China","institution_ids":["https://openalex.org/I14243506"]},{"raw_affiliation_string":"The Hong Kong Polytechnic University, China","institution_ids":["https://openalex.org/I14243506"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008129781","display_name":"Jinan Jiang","orcid":"https://orcid.org/0000-0002-2065-9211"},"institutions":[{"id":"https://openalex.org/I14243506","display_name":"Hong Kong Polytechnic University","ror":"https://ror.org/0030zas98","country_code":"HK","type":"education","lineage":["https://openalex.org/I14243506"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Jinan Jiang","raw_affiliation_strings":["The Hong Kong Polytechnic University, Hong Kong, China","The Hong Kong Polytechnic University, China"],"affiliations":[{"raw_affiliation_string":"The Hong Kong Polytechnic University, Hong Kong, China","institution_ids":["https://openalex.org/I14243506"]},{"raw_affiliation_string":"The Hong Kong Polytechnic University, China","institution_ids":["https://openalex.org/I14243506"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102730615","display_name":"T.Y. Wu","orcid":"https://orcid.org/0009-0004-4102-601X"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tao Wu","raw_affiliation_strings":["Zhejiang University, Hangzhou, China","Zhejiang University, China"],"affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]},{"raw_affiliation_string":"Zhejiang University, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061910468","display_name":"Zuchao Ma","orcid":"https://orcid.org/0000-0002-7439-2823"},"institutions":[{"id":"https://openalex.org/I14243506","display_name":"Hong Kong Polytechnic University","ror":"https://ror.org/0030zas98","country_code":"HK","type":"education","lineage":["https://openalex.org/I14243506"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Zuchao Ma","raw_affiliation_strings":["The Hong Kong Polytechnic University, Hong Kong, China","The Hong Kong Polytechnic University, China"],"affiliations":[{"raw_affiliation_string":"The Hong Kong Polytechnic University, Hong Kong, China","institution_ids":["https://openalex.org/I14243506"]},{"raw_affiliation_string":"The Hong Kong Polytechnic University, China","institution_ids":["https://openalex.org/I14243506"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100400376","display_name":"Xiapu Luo","orcid":"https://orcid.org/0000-0002-9082-3208"},"institutions":[{"id":"https://openalex.org/I14243506","display_name":"Hong Kong Polytechnic University","ror":"https://ror.org/0030zas98","country_code":"HK","type":"education","lineage":["https://openalex.org/I14243506"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Xiapu Luo","raw_affiliation_strings":["The Hong Kong Polytechnic University, Hong Kong, China","The Hong Kong Polytechnic University, China"],"affiliations":[{"raw_affiliation_string":"The Hong Kong Polytechnic University, Hong Kong, China","institution_ids":["https://openalex.org/I14243506"]},{"raw_affiliation_string":"The Hong Kong Polytechnic University, China","institution_ids":["https://openalex.org/I14243506"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5088790914","display_name":"Yajin Zhou","orcid":"https://orcid.org/0000-0001-7610-4736"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yajin Zhou","raw_affiliation_strings":["Zhejiang University, Hangzhou, China","Zhejiang University, China"],"affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]},{"raw_affiliation_string":"Zhejiang University, China","institution_ids":["https://openalex.org/I76130692"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5067240337"],"corresponding_institution_ids":["https://openalex.org/I14243506"],"apc_list":null,"apc_paid":null,"fwci":3.0617,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.92436042,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":"33","issue":"7","first_page":"1","last_page":"28"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9944999814033508,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/linux-kernel","display_name":"Linux kernel","score":0.8790942430496216},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8185433745384216},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6657599210739136},{"id":"https://openalex.org/keywords/kernel","display_name":"Kernel (algebra)","score":0.6223430037498474},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.48593536019325256},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.43698498606681824},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.35539117455482483},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.17871889472007751}],"concepts":[{"id":"https://openalex.org/C553261973","wikidata":"https://www.wikidata.org/wiki/Q14579","display_name":"Linux kernel","level":2,"score":0.8790942430496216},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8185433745384216},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6657599210739136},{"id":"https://openalex.org/C74193536","wikidata":"https://www.wikidata.org/wiki/Q574844","display_name":"Kernel (algebra)","level":2,"score":0.6223430037498474},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.48593536019325256},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.43698498606681824},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.35539117455482483},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.17871889472007751},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3672452","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3672452","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3672452","source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3672452","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3672452","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3672452","source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.5600000023841858}],"awards":[{"id":"https://openalex.org/G3848079773","display_name":null,"funder_award_id":"U21A20464","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5848059747","display_name":null,"funder_award_id":"2022YFE0113200","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4399668891.pdf"},"referenced_works_count":59,"referenced_works":["https://openalex.org/W1493964280","https://openalex.org/W1531677189","https://openalex.org/W1579202050","https://openalex.org/W2025692558","https://openalex.org/W2037691959","https://openalex.org/W2057826716","https://openalex.org/W2091543666","https://openalex.org/W2100945416","https://openalex.org/W2101728371","https://openalex.org/W2104329051","https://openalex.org/W2118949539","https://openalex.org/W2126166995","https://openalex.org/W2127623179","https://openalex.org/W2132887549","https://openalex.org/W2143189463","https://openalex.org/W2150733339","https://openalex.org/W2151725765","https://openalex.org/W2157353183","https://openalex.org/W2158744032","https://openalex.org/W2163732854","https://openalex.org/W2360967250","https://openalex.org/W2521352760","https://openalex.org/W2530824252","https://openalex.org/W2589638126","https://openalex.org/W2743316948","https://openalex.org/W2766411424","https://openalex.org/W2850992922","https://openalex.org/W2911282308","https://openalex.org/W2911623293","https://openalex.org/W2911756254","https://openalex.org/W2912109778","https://openalex.org/W2912296587","https://openalex.org/W2913334895","https://openalex.org/W2914107254","https://openalex.org/W2914584834","https://openalex.org/W2914747561","https://openalex.org/W2914982603","https://openalex.org/W2919518469","https://openalex.org/W2965752408","https://openalex.org/W2967204716","https://openalex.org/W3004570974","https://openalex.org/W3085711994","https://openalex.org/W3089202867","https://openalex.org/W3090561201","https://openalex.org/W3090797304","https://openalex.org/W3109716606","https://openalex.org/W3167276542","https://openalex.org/W3178549314","https://openalex.org/W3195703954","https://openalex.org/W4230157116","https://openalex.org/W4238596068","https://openalex.org/W4242321740","https://openalex.org/W4247610018","https://openalex.org/W4249282491","https://openalex.org/W4253752119","https://openalex.org/W4284709537","https://openalex.org/W4285665384","https://openalex.org/W4315746341","https://openalex.org/W4391709314"],"related_works":["https://openalex.org/W3167991936","https://openalex.org/W3094720421","https://openalex.org/W2354252607","https://openalex.org/W3044972519","https://openalex.org/W2521388331","https://openalex.org/W2418004379","https://openalex.org/W2355099047","https://openalex.org/W2274628782","https://openalex.org/W2912106162","https://openalex.org/W191604553"],"abstract_inverted_index":{"The":[0],"Linux":[1,79,101,186],"kernel":[2],"is":[3],"popular":[4],"and":[5,103,145,152,157,166],"well-maintained.":[6],"Over":[7],"the":[8,29,46,61,66,72,78,88,94,100,105,115,125,142,150,185,191],"past":[9],"decade,":[10],"around":[11],"860":[12],"thousand":[13],"commits":[14,73,95],"were":[15,53],"merged":[16],"with":[17,130],"hundreds":[18],"of":[19,32,128,149,193],"vulnerabilities":[20,76,98],"(i.e.,":[21],"223":[22],"on":[23,65,86,141,177],"average)":[24],"disclosed":[25],"every":[26],"year,":[27],"taking":[28],"total":[30],"lines":[31],"code":[33],"to":[34,44,184,188],"35.1":[35],"million":[36],"in":[37,77,99],"2022.":[38],"Many":[39],"algorithms":[40],"have":[41,163],"been":[42],"proposed":[43,104,181],"detect":[45],"vulnerabilities,":[47],"but":[48],"few":[49],"studied":[50],"how":[51],"they":[52],"induced.":[54],"To":[55],"fill":[56],"this":[57],"gap,":[58],"we":[59,123,180],"conduct":[60],"first":[62,126],"empirical":[63],"study":[64],"Kernel":[67,89],"Vulnerability":[68,90],"Inducing":[69],"Commits":[70,92],"(KVIC),":[71],"that":[74,96],"induced":[75,170],"kernel.":[80],"We":[81,136],"utilized":[82],"six":[83],"different":[84,108],"methods":[85,109],"identifying":[87,111],"Fixing":[91],"(KVFCs),":[93],"fix":[97],"kernel,":[102],"other":[106],"four":[107],"for":[110,133],"KVICs":[112,129,132,151,161],"by":[113,171],"using":[114],"identified":[116],"KVFCs":[117],"as":[118],"a":[119,138],"bridge.":[120],"In":[121],"total,":[122],"constructed":[124],"dataset":[127],"1,240":[131],"1,335":[134],"CVEs.":[135],"conducted":[137],"thorough":[139],"analysis":[140],"characteristics,":[143],"purposes,":[144],"involved":[146],"human":[147],"factors":[148],"obtained":[153],"many":[154],"interesting":[155],"findings":[156],"insights.":[158],"For":[159],"example,":[160],"usually":[162],"limited":[164],"reviewers":[165],"can":[167],"still":[168],"be":[169],"experienced":[172],"authors":[173],"or":[174],"maintainers.":[175],"Based":[176],"these":[178],"insights,":[179],"several":[182],"suggestions":[183],"community":[187],"help":[189],"mitigate":[190],"induction":[192],"KVICs.":[194]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}