{"id":"https://openalex.org/W4403536371","doi":"https://doi.org/10.1145/3691620.3695516","title":"Vision: Identifying Affected Library Versions for Open Source Software Vulnerabilities","display_name":"Vision: Identifying Affected Library Versions for Open Source Software Vulnerabilities","publication_year":2024,"publication_date":"2024-10-18","ids":{"openalex":"https://openalex.org/W4403536371","doi":"https://doi.org/10.1145/3691620.3695516"},"language":"en","primary_location":{"id":"doi:10.1145/3691620.3695516","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3691620.3695516","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5073610803","display_name":"Susheng Wu","orcid":"https://orcid.org/0009-0005-2169-7032"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Susheng Wu","raw_affiliation_strings":["Fudan University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shanghai, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024121035","display_name":"R. Z. Wang","orcid":null},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ruisi Wang","raw_affiliation_strings":["Fudan University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shanghai, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011365470","display_name":"Kaifeng Huang","orcid":"https://orcid.org/0009-0000-1513-8254"},"institutions":[{"id":"https://openalex.org/I116953780","display_name":"Tongji University","ror":"https://ror.org/03rc6as71","country_code":"CN","type":"education","lineage":["https://openalex.org/I116953780"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kaifeng Huang","raw_affiliation_strings":["Tongji University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Tongji University, Shanghai, China","institution_ids":["https://openalex.org/I116953780"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101821319","display_name":"Yuhua Cao","orcid":null},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yiheng Cao","raw_affiliation_strings":["Fudan University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shanghai, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103038787","display_name":"Wenyan Song","orcid":"https://orcid.org/0009-0002-9507-5066"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenyan Song","raw_affiliation_strings":["Fudan University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shanghai, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109404532","display_name":"Zhuotong Zhou","orcid":null},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhuotong Zhou","raw_affiliation_strings":["Fudan University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shanghai, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073898228","display_name":"Yiheng Huang","orcid":"https://orcid.org/0009-0009-3301-9107"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yiheng Huang","raw_affiliation_strings":["Fudan University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shanghai, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059253116","display_name":"Bihuan Chen","orcid":"https://orcid.org/0000-0001-7238-7492"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bihuan Chen","raw_affiliation_strings":["Fudan University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shanghai, China","institution_ids":["https://openalex.org/I24943067"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101854992","display_name":"Xin Peng","orcid":"https://orcid.org/0000-0003-3376-2581"},"institutions":[{"id":"https://openalex.org/I24943067","display_name":"Fudan University","ror":"https://ror.org/013q1eq08","country_code":"CN","type":"education","lineage":["https://openalex.org/I24943067"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xin Peng","raw_affiliation_strings":["Fudan University, Shanghai, China"],"affiliations":[{"raw_affiliation_string":"Fudan University, Shanghai, China","institution_ids":["https://openalex.org/I24943067"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5073610803"],"corresponding_institution_ids":["https://openalex.org/I24943067"],"apc_list":null,"apc_paid":null,"fwci":0.8142,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.80245869,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"1447","last_page":"1459"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.995199978351593,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7425020933151245},{"id":"https://openalex.org/keywords/open-source-software","display_name":"Open source software","score":0.6007339954376221},{"id":"https://openalex.org/keywords/open-source","display_name":"Open source","score":0.559283435344696},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4845125079154968},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3876405358314514},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3500787019729614},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.26346373558044434}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7425020933151245},{"id":"https://openalex.org/C2988343187","wikidata":"https://www.wikidata.org/wiki/Q1130645","display_name":"Open source software","level":3,"score":0.6007339954376221},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.559283435344696},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4845125079154968},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3876405358314514},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3500787019729614},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.26346373558044434}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3691620.3695516","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3691620.3695516","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.47999998927116394,"id":"https://metadata.un.org/sdg/10","display_name":"Reduced inequalities"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":39,"referenced_works":["https://openalex.org/W2022913925","https://openalex.org/W2145544369","https://openalex.org/W2162436321","https://openalex.org/W2274324447","https://openalex.org/W2634106992","https://openalex.org/W2807143630","https://openalex.org/W2914982603","https://openalex.org/W2949135188","https://openalex.org/W3036658711","https://openalex.org/W3090843874","https://openalex.org/W3094949573","https://openalex.org/W3117923638","https://openalex.org/W3200192855","https://openalex.org/W3212502694","https://openalex.org/W3214251355","https://openalex.org/W3214263053","https://openalex.org/W4210556785","https://openalex.org/W4221145571","https://openalex.org/W4223937600","https://openalex.org/W4226043105","https://openalex.org/W4284709537","https://openalex.org/W4286331368","https://openalex.org/W4286331380","https://openalex.org/W4308643066","https://openalex.org/W4313045094","https://openalex.org/W4313195722","https://openalex.org/W4313563416","https://openalex.org/W4319736724","https://openalex.org/W4362654097","https://openalex.org/W4381326152","https://openalex.org/W4384302744","https://openalex.org/W4384345662","https://openalex.org/W4384345689","https://openalex.org/W4384345694","https://openalex.org/W4387664630","https://openalex.org/W4390604801","https://openalex.org/W4394730857","https://openalex.org/W4394745640","https://openalex.org/W4403536249"],"related_works":["https://openalex.org/W4376877853","https://openalex.org/W1493891899","https://openalex.org/W4250928611","https://openalex.org/W166480398","https://openalex.org/W1612808768","https://openalex.org/W167327709","https://openalex.org/W1977393088","https://openalex.org/W4387839566","https://openalex.org/W4210922265","https://openalex.org/W2288962794"],"abstract_inverted_index":{"Vulnerability":[0],"reports":[1],"play":[2],"a":[3,19],"crucial":[4],"role":[5],"in":[6,94,114],"mitigating":[7],"open-source":[8],"software":[9],"risks.":[10],"Typically,":[11],"the":[12,23,34,42,105],"vulnerability":[13],"report":[14],"contains":[15],"affected":[16,35,65,77],"versions":[17,36,54,78,87],"of":[18,44,107,116],"software.":[20],"However,":[21,67],"despite":[22],"validation":[24],"by":[25],"security":[26],"expert":[27],"who":[28,32],"discovers":[29],"and":[30,55,111,121],"vendors":[31],"review,":[33],"are":[37,88],"not":[38,89],"always":[39,90],"accurate.":[40],"Especially,":[41],"complexity":[43],"maintaining":[45],"its":[46],"accuracy":[47],"increases":[48],"significantly":[49],"when":[50],"dealing":[51],"with":[52,92,118],"multiple":[53,119],"their":[56],"differences.":[57],"Several":[58],"advances":[59],"have":[60],"been":[61],"made":[62],"to":[63,103],"identify":[64,76],"versions.":[66],"they":[68],"still":[69],"face":[70,115],"limitations.":[71],"First,":[72],"some":[73],"existing":[74,100],"approaches":[75,101],"based":[79],"on":[80],"repository-hosting":[81],"platforms":[82],"(i.e.,":[83,97],"GitHub),":[84],"but":[85],"these":[86],"consistent":[91],"those":[93],"package":[95],"registries":[96],"Maven).":[98],"Second,":[99],"fail":[102],"distinguish":[104],"importance":[106],"different":[108],"vulnerable":[109],"methods":[110,120],"patched":[112],"statements":[113],"vulnerabilities":[117],"change":[122],"hunks.":[123]},"counts_by_year":[{"year":2024,"cited_by_count":1}],"updated_date":"2025-12-22T23:10:17.713674","created_date":"2025-10-10T00:00:00"}