{"id":"https://openalex.org/W4412703936","doi":"https://doi.org/10.1145/3696630.3728551","title":"Efficient and Robust Security-Patch Localization for Disclosed OSS Vulnerabilities with Fine-Tuned LLMs in an Industrial Setting","display_name":"Efficient and Robust Security-Patch Localization for Disclosed OSS Vulnerabilities with Fine-Tuned LLMs in an Industrial Setting","publication_year":2025,"publication_date":"2025-06-23","ids":{"openalex":"https://openalex.org/W4412703936","doi":"https://doi.org/10.1145/3696630.3728551"},"language":"en","primary_location":{"id":"doi:10.1145/3696630.3728551","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696630.3728551","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696630.3728551","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3696630.3728551","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5032514248","display_name":"Dezhi Ran","orcid":"https://orcid.org/0000-0002-7916-255X"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Dezhi Ran","raw_affiliation_strings":["Key Lab of HCST (PKU), MOE; SCS, Peking University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Key Lab of HCST (PKU), MOE; SCS, Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Lin Li","orcid":"https://orcid.org/0009-0002-1572-6640"},"institutions":[{"id":"https://openalex.org/I2250955327","display_name":"Huawei Technologies (China)","ror":"https://ror.org/00cmhce21","country_code":"CN","type":"company","lineage":["https://openalex.org/I2250955327"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lin Li","raw_affiliation_strings":["Huawei Cloud Computing Technologies Co., Ltd., Beijing, China"],"affiliations":[{"raw_affiliation_string":"Huawei Cloud Computing Technologies Co., Ltd., Beijing, China","institution_ids":["https://openalex.org/I2250955327"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108142299","display_name":"Liuchuan Zhu","orcid":null},"institutions":[{"id":"https://openalex.org/I2250955327","display_name":"Huawei Technologies (China)","ror":"https://ror.org/00cmhce21","country_code":"CN","type":"company","lineage":["https://openalex.org/I2250955327"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Liuchuan Zhu","raw_affiliation_strings":["Huawei Cloud Computing Technologies Co., Ltd., Beijing, China"],"affiliations":[{"raw_affiliation_string":"Huawei Cloud Computing Technologies Co., Ltd., Beijing, China","institution_ids":["https://openalex.org/I2250955327"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102157147","display_name":"Yuan Cao","orcid":null},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuan Cao","raw_affiliation_strings":["Peking University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022764146","display_name":"Landelong Zhao","orcid":null},"institutions":[{"id":"https://openalex.org/I2250955327","display_name":"Huawei Technologies (China)","ror":"https://ror.org/00cmhce21","country_code":"CN","type":"company","lineage":["https://openalex.org/I2250955327"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Landelong Zhao","raw_affiliation_strings":["Huawei Cloud Computing Technologies Co., Ltd., Beijing, China"],"affiliations":[{"raw_affiliation_string":"Huawei Cloud Computing Technologies Co., Ltd., Beijing, China","institution_ids":["https://openalex.org/I2250955327"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083358709","display_name":"Xin Tan","orcid":"https://orcid.org/0009-0009-9018-0386"},"institutions":[{"id":"https://openalex.org/I2250955327","display_name":"Huawei Technologies (China)","ror":"https://ror.org/00cmhce21","country_code":"CN","type":"company","lineage":["https://openalex.org/I2250955327"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xin Tan","raw_affiliation_strings":["Huawei Cloud Computing Technologies Co., Ltd., Beijing, China"],"affiliations":[{"raw_affiliation_string":"Huawei Cloud Computing Technologies Co., Ltd., Beijing, China","institution_ids":["https://openalex.org/I2250955327"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038623189","display_name":"Guangtai Liang","orcid":"https://orcid.org/0009-0004-2454-1706"},"institutions":[{"id":"https://openalex.org/I2250955327","display_name":"Huawei Technologies (China)","ror":"https://ror.org/00cmhce21","country_code":"CN","type":"company","lineage":["https://openalex.org/I2250955327"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Guangtai Liang","raw_affiliation_strings":["Huawei Technologies Co., Ltd, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Huawei Technologies Co., Ltd, Beijing, China","institution_ids":["https://openalex.org/I2250955327"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012567911","display_name":"Qianxiang Wang","orcid":"https://orcid.org/0000-0002-6598-0041"},"institutions":[{"id":"https://openalex.org/I2250955327","display_name":"Huawei Technologies (China)","ror":"https://ror.org/00cmhce21","country_code":"CN","type":"company","lineage":["https://openalex.org/I2250955327"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qianxiang Wang","raw_affiliation_strings":["Huawei Technologies Co., Ltd, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Huawei Technologies Co., Ltd, Beijing, China","institution_ids":["https://openalex.org/I2250955327"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5048118068","display_name":"Tao Xie","orcid":"https://orcid.org/0000-0002-6731-216X"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tao Xie","raw_affiliation_strings":["Key Lab of HCST (PKU), MOE; SCS, Peking University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Key Lab of HCST (PKU), MOE; SCS, Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5032514248"],"corresponding_institution_ids":["https://openalex.org/I20231570"],"apc_list":null,"apc_paid":null,"fwci":2.7884,"has_fulltext":true,"cited_by_count":2,"citation_normalized_percentile":{"value":0.90968338,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"262","last_page":"273"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5133311152458191},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.47997164726257324},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.36878281831741333}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5133311152458191},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.47997164726257324},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.36878281831741333}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3696630.3728551","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696630.3728551","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696630.3728551","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3696630.3728551","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696630.3728551","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696630.3728551","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1231421488","display_name":null,"funder_award_id":"under","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2087396116","display_name":null,"funder_award_id":"China","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3317480652","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4423002668","display_name":null,"funder_award_id":"623B2006","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5994120800","display_name":null,"funder_award_id":"Natural","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G6317451256","display_name":null,"funder_award_id":"92464301","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G7726157001","display_name":null,"funder_award_id":"Grant No.","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4412703936.pdf","grobid_xml":"https://content.openalex.org/works/W4412703936.grobid-xml"},"referenced_works_count":15,"referenced_works":["https://openalex.org/W2911282308","https://openalex.org/W2914982603","https://openalex.org/W4224307896","https://openalex.org/W4286331378","https://openalex.org/W4308469411","https://openalex.org/W4308627415","https://openalex.org/W4308643994","https://openalex.org/W4320854935","https://openalex.org/W4384155563","https://openalex.org/W4388502396","https://openalex.org/W4388867283","https://openalex.org/W4391558635","https://openalex.org/W4400121797","https://openalex.org/W4402443087","https://openalex.org/W4407844292"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Security-patch":[0],"localization,":[1],"which":[2,213],"links":[3],"disclosed":[4],"vulnerabilities":[5,24],"in":[6,25,64,95],"open-source":[7],"software":[8],"(OSS)":[9],"to":[10,18,50,81,145],"corresponding":[11],"patches,":[12,196,271],"has":[13,251],"become":[14],"a":[15,26,58,107,181,215,234],"practical":[16],"technique":[17],"mitigate":[19],"the":[20,36,91,119,127,132,135,139,148,156,159,168,240,279],"risk":[21],"of":[22,60,74,102,134,151,218,263,275],"OSS":[23,211],"timely":[27],"manner.":[28],"While":[29],"existing":[30],"approaches":[31],"extensively":[32],"focus":[33],"on":[34],"estimating":[35],"correlation":[37],"between":[38],"individual":[39],"patches":[40,84,116,166,193],"and":[41,44,78,104,112,124,138,201,221,243,247,282,294],"Common":[42],"Vulnerabilities":[43],"Exposures":[45],"(CVEs),":[46],"they":[47],"often":[48],"fail":[49],"address":[51],"two":[52],"major":[53,289],"industrial":[54,65,93,225],"requirements":[55],"that":[56,230],"make":[57],"tool":[59],"security-patch":[61,170,177,276],"localization":[62,277],"desirable":[63],"settings:":[66],"(1)":[67],"efficiency":[68],"when":[69],"inspecting":[70],"an":[71],"enormous":[72],"number":[73],"commits":[75,123],"per":[76],"vulnerability":[77],"(2)":[79],"robustness":[80],"handle":[82],"confusing":[83,192],"(related":[85],"but":[86],"non-fixing":[87],"commits).":[88],"Toward":[89],"addressing":[90],"preceding":[92],"requirements,":[94],"this":[96],"paper,":[97],"we":[98],"report":[99],"our":[100],"experiences":[101],"developing":[103,293],"deploying":[105,295],"Taper,":[106],"two-stage":[108],"approach":[109,236],"for":[110,176,278],"efficiently":[111],"robustly":[113],"locating":[114],"security":[115,195,270],"via":[117],"mining":[118],"temporal":[120],"relations":[121],"among":[122],"CVEs.":[125],"In":[126,158],"first":[128],"stage,":[129,161],"Taper":[130,162,189,205,231,250,265],"extracts":[131],"information":[133],"fixed":[136],"version":[137,141],"affected":[140],"from":[142,209,292],"CVE":[143],"descriptions":[144],"narrow":[146],"down":[147],"inspection":[149],"scope":[150],"commits,":[152],"thus":[153,197],"significantly":[154],"improving":[155,198,239],"efficiency.":[157],"second":[160],"collects":[163],"temporally":[164],"co-located":[165],"around":[167],"genuine":[169],"commit":[171],"as":[172,194],"hard":[173,186],"negative":[174,187],"examples":[175],"localization.":[178],"By":[179],"fine-tuning":[180],"language":[182],"model":[183],"with":[184,224],"these":[185],"samples,":[188],"avoids":[190],"recognizing":[191],"patch-localization":[199],"precision":[200],"robustness.":[202],"We":[203,286],"evaluate":[204],"against":[206],"2,128":[207],"CVEs":[208],"978":[210],"projects,":[212],"have":[214],"balanced":[216],"distribution":[217],"programming":[219],"languages":[220],"are":[222],"consistent":[223],"settings.":[226],"Evaluation":[227],"results":[228],"show":[229],"substantially":[232],"outperforms":[233],"state-of-the-art":[235],"named":[237],"PatchFinder,":[238],"absolute":[241],"MRR":[242],"Recall@1":[244],"by":[245],"0.422":[246],"0.541,":[248],"respectively.":[249],"been":[252],"deployed":[253],"at":[254],"Huawei":[255,280,283],"Cloud":[256,284],"since":[257],"October":[258],"2024.":[259],"During":[260],"800":[261],"hours":[262],"operation,":[264],"helps":[266],"locate":[267],"over":[268],"52,140":[269],"providing":[272],"daily":[273],"service":[274],"company":[281],"users.":[285],"summarize":[287],"three":[288],"lessons":[290],"learned":[291],"Taper.":[296]},"counts_by_year":[{"year":2025,"cited_by_count":2}],"updated_date":"2026-04-13T07:58:08.660418","created_date":"2025-10-10T00:00:00"}