{"id":"https://openalex.org/W4295106697","doi":"https://doi.org/10.3390/data7090127","title":"Are Source Code Metrics \u201cGood Enough\u201d in Predicting Security Vulnerabilities?","display_name":"Are Source Code Metrics \u201cGood Enough\u201d in Predicting Security Vulnerabilities?","publication_year":2022,"publication_date":"2022-09-07","ids":{"openalex":"https://openalex.org/W4295106697","doi":"https://doi.org/10.3390/data7090127"},"language":"en","primary_location":{"id":"doi:10.3390/data7090127","is_oa":true,"landing_page_url":"https://doi.org/10.3390/data7090127","pdf_url":"https://www.mdpi.com/2306-5729/7/9/127/pdf?version=1662547185","source":{"id":"https://openalex.org/S4210226510","display_name":"Data","issn_l":"2306-5729","issn":["2306-5729"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Data","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2306-5729/7/9/127/pdf?version=1662547185","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5057324408","display_name":"Sundarakrishnan Ganesh","orcid":null},"institutions":[{"id":"https://openalex.org/I223464139","display_name":"Linnaeus University","ror":"https://ror.org/00j9qag85","country_code":"SE","type":"education","lineage":["https://openalex.org/I223464139"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Sundarakrishnan Ganesh","raw_affiliation_strings":["Department of Computer Science and Media Technology, Linnaeus University, 351 95 V\u00e4xj\u00f6, Sweden"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Media Technology, Linnaeus University, 351 95 V\u00e4xj\u00f6, Sweden","institution_ids":["https://openalex.org/I223464139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024291858","display_name":"Francis Palma","orcid":"https://orcid.org/0000-0001-7092-2244"},"institutions":[{"id":"https://openalex.org/I223464139","display_name":"Linnaeus University","ror":"https://ror.org/00j9qag85","country_code":"SE","type":"education","lineage":["https://openalex.org/I223464139"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Francis Palma","raw_affiliation_strings":["Department of Computer Science and Media Technology, Linnaeus University, 351 95 V\u00e4xj\u00f6, Sweden"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Media Technology, Linnaeus University, 351 95 V\u00e4xj\u00f6, Sweden","institution_ids":["https://openalex.org/I223464139"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5019483293","display_name":"Tobias Olsson","orcid":"https://orcid.org/0000-0003-1154-5308"},"institutions":[{"id":"https://openalex.org/I223464139","display_name":"Linnaeus University","ror":"https://ror.org/00j9qag85","country_code":"SE","type":"education","lineage":["https://openalex.org/I223464139"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Tobias Olsson","raw_affiliation_strings":["Department of Computer Science and Media Technology, Linnaeus University, 351 95 V\u00e4xj\u00f6, Sweden"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Media Technology, Linnaeus University, 351 95 V\u00e4xj\u00f6, Sweden","institution_ids":["https://openalex.org/I223464139"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5019483293","https://openalex.org/A5024291858","https://openalex.org/A5057324408"],"corresponding_institution_ids":["https://openalex.org/I223464139"],"apc_list":{"value":1600,"currency":"CHF","value_usd":1732},"apc_paid":{"value":1600,"currency":"CHF","value_usd":1732},"fwci":0.9566,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.80737909,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"7","issue":"9","first_page":"127","last_page":"127"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8054782152175903},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.6983864903450012},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.6836462020874023},{"id":"https://openalex.org/keywords/naive-bayes-classifier","display_name":"Naive Bayes classifier","score":0.6569888591766357},{"id":"https://openalex.org/keywords/decision-tree","display_name":"Decision tree","score":0.5956434607505798},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5923919081687927},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5097481608390808},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4898771643638611},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4745781421661377},{"id":"https://openalex.org/keywords/open-source","display_name":"Open source","score":0.43782657384872437},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.42262402176856995},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.409893274307251},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.26812225580215454},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.22209683060646057},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.19688832759857178},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.13157609105110168},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.08116400241851807}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8054782152175903},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.6983864903450012},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.6836462020874023},{"id":"https://openalex.org/C52001869","wikidata":"https://www.wikidata.org/wiki/Q812530","display_name":"Naive Bayes classifier","level":3,"score":0.6569888591766357},{"id":"https://openalex.org/C84525736","wikidata":"https://www.wikidata.org/wiki/Q831366","display_name":"Decision tree","level":2,"score":0.5956434607505798},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5923919081687927},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5097481608390808},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4898771643638611},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4745781421661377},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.43782657384872437},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.42262402176856995},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.409893274307251},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.26812225580215454},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.22209683060646057},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.19688832759857178},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.13157609105110168},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.08116400241851807}],"mesh":[],"locations_count":5,"locations":[{"id":"doi:10.3390/data7090127","is_oa":true,"landing_page_url":"https://doi.org/10.3390/data7090127","pdf_url":"https://www.mdpi.com/2306-5729/7/9/127/pdf?version=1662547185","source":{"id":"https://openalex.org/S4210226510","display_name":"Data","issn_l":"2306-5729","issn":["2306-5729"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Data","raw_type":"journal-article"},{"id":"pmh:oai:DiVA.org:lnu-116577","is_oa":true,"landing_page_url":"http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-116577","pdf_url":null,"source":{"id":"https://openalex.org/S4306401598","display_name":"DiVA (Linnaeus University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I223464139","host_organization_name":"Linnaeus University","host_organization_lineage":["https://openalex.org/I223464139"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Article in journal"},{"id":"pmh:oai:RePEc:gam:jdataj:v:7:y:2022:i:9:p:127-:d:908972","is_oa":false,"landing_page_url":"https://www.mdpi.com/2306-5729/7/9/127/","pdf_url":null,"source":{"id":"https://openalex.org/S4306401271","display_name":"RePEc: Research Papers in Economics","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I77793887","host_organization_name":"Federal Reserve Bank of St. Louis","host_organization_lineage":["https://openalex.org/I77793887"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},{"id":"pmh:oai:doaj.org/article:c6fa0d0da4994c66b4b82777959fe724","is_oa":true,"landing_page_url":"https://doaj.org/article/c6fa0d0da4994c66b4b82777959fe724","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Data, Vol 7, Iss 9, p 127 (2022)","raw_type":"article"},{"id":"pmh:oai:mdpi.com:/2306-5729/7/9/127/","is_oa":true,"landing_page_url":"https://dx.doi.org/10.3390/data7090127","pdf_url":null,"source":{"id":"https://openalex.org/S4306400947","display_name":"MDPI (MDPI AG)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210097602","host_organization_name":"Multidisciplinary Digital Publishing Institute (Switzerland)","host_organization_lineage":["https://openalex.org/I4210097602"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Data; Volume 7; Issue 9; Pages: 127","raw_type":"Text"}],"best_oa_location":{"id":"doi:10.3390/data7090127","is_oa":true,"landing_page_url":"https://doi.org/10.3390/data7090127","pdf_url":"https://www.mdpi.com/2306-5729/7/9/127/pdf?version=1662547185","source":{"id":"https://openalex.org/S4210226510","display_name":"Data","issn_l":"2306-5729","issn":["2306-5729"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Data","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6800000071525574,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320323551","display_name":"Linn\u00e9universitetet","ror":"https://ror.org/00j9qag85"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4295106697.pdf","grobid_xml":"https://content.openalex.org/works/W4295106697.grobid-xml"},"referenced_works_count":13,"referenced_works":["https://openalex.org/W1505465226","https://openalex.org/W1924689489","https://openalex.org/W2129845137","https://openalex.org/W2164582878","https://openalex.org/W2607052831","https://openalex.org/W2680688782","https://openalex.org/W2786558656","https://openalex.org/W2787986668","https://openalex.org/W2793157084","https://openalex.org/W2907456824","https://openalex.org/W3049398420","https://openalex.org/W4200267526","https://openalex.org/W6736793231"],"related_works":["https://openalex.org/W2141388993","https://openalex.org/W1978034799","https://openalex.org/W2999607548","https://openalex.org/W2292865721","https://openalex.org/W4319165526","https://openalex.org/W2956597637","https://openalex.org/W2113128227","https://openalex.org/W2044639210","https://openalex.org/W2293245356","https://openalex.org/W4225160120"],"abstract_inverted_index":{"Modern":[0],"systems":[1,18],"produce":[2],"and":[3,22,29,77,105,138,184,200],"handle":[4],"a":[5,123,205],"large":[6],"volume":[7],"of":[8,51,91,145,167,180,196],"sensitive":[9],"enterprise":[10],"data.":[11],"Therefore,":[12],"security":[13,27,32,58,65,114],"vulnerabilities":[14,33],"in":[15,169,182,186,198,202,204],"the":[16,49,129,143,146,153],"software":[17],"must":[19],"be":[20,133],"identified":[21],"resolved":[23],"early":[24],"to":[25,37,56,108,112,126,141,159],"prevent":[26],"breaches":[28],"failures.":[30],"Predicting":[31],"is":[34],"an":[35,117,164,177,193],"alternative":[36],"identifying":[38],"them":[39],"as":[40],"developers":[41],"write":[42],"code.":[43],"In":[44],"this":[45],"study,":[46],"we":[47],"studied":[48],"ability":[50,111],"several":[52],"machine":[53],"learning":[54],"algorithms":[55],"predict":[57,113,191],"vulnerabilities.":[59,115],"We":[60,82,94,135],"created":[61],"two":[62,69],"datasets":[63],"containing":[64],"vulnerability":[66],"information":[67],"from":[68],"open-source":[70],"systems:":[71],"(1)":[72],"Apache":[73],"Tomcat":[74,199],"(versions":[75],"4.x":[76],"five":[78],"2.5.x":[79],"minor":[80],"versions).":[81],"also":[83],"computed":[84],"source":[85],"code":[86],"metrics":[87],"for":[88],"these":[89],"versions":[90],"both":[92,170],"systems.":[93],"examined":[95],"four":[96],"classifiers,":[97],"including":[98],"Naive":[99],"Bayes,":[100],"Decision":[101],"Tree,":[102],"XGBoost":[103,154],"Classifier,":[104],"Logistic":[106],"Regression,":[107],"show":[109],"their":[110],"Moreover,":[116],"ensemble":[118],"learner":[119],"was":[120],"introduced":[121],"using":[122],"stacking":[124,173],"classifier":[125,155,174],"see":[127],"whether":[128],"prediction":[130],"performance":[131],"could":[132],"improved.":[134],"performed":[136,156,175],"cross-version":[137,206],"cross-project":[139],"predictions":[140],"assess":[142],"effectiveness":[144],"best-performing":[147,189],"model.":[148],"Our":[149,188],"results":[150],"showed":[151],"that":[152],"best":[157],"compared":[158],"other":[160],"learners,":[161],"i.e.,":[162],"with":[163,176,192],"average":[165,178,194],"accuracy":[166,179,195],"97%":[168],"datasets.":[171],"The":[172],"92%":[181],"Struts":[183,203],"71%":[185],"Tomcat.":[187],"model\u2014XGBoost\u2014could":[190],"87%":[197],"99%":[201],"setup.":[207]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}