{"id":"https://openalex.org/W4416363878","doi":"https://doi.org/10.3390/make7040149","title":"Explainable Recommendation of Software Vulnerability Repair Based on Metadata Retrieval and Multifaceted LLMs","display_name":"Explainable Recommendation of Software Vulnerability Repair Based on Metadata Retrieval and Multifaceted LLMs","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4416363878","doi":"https://doi.org/10.3390/make7040149"},"language":"en","primary_location":{"id":"doi:10.3390/make7040149","is_oa":true,"landing_page_url":"https://doi.org/10.3390/make7040149","pdf_url":null,"source":{"id":"https://openalex.org/S4210213891","display_name":"Machine Learning and Knowledge Extraction","issn_l":"2504-4990","issn":["2504-4990"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Machine Learning and Knowledge Extraction","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.3390/make7040149","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5119278477","display_name":"Alfred Asare Amoah","orcid":"https://orcid.org/0009-0009-9687-9120"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Alfred Asare Amoah","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Concordia University, Montr\u00e9al, QC H4B 1R6, Canada"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Concordia University, Montr\u00e9al, QC H4B 1R6, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5112903727","display_name":"Yan Liu","orcid":"https://orcid.org/0000-0002-6747-8151"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Yan Liu","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Concordia University, Montr\u00e9al, QC H4B 1R6, Canada"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Concordia University, Montr\u00e9al, QC H4B 1R6, Canada","institution_ids":["https://openalex.org/I60158472"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5112903727"],"corresponding_institution_ids":["https://openalex.org/I60158472"],"apc_list":{"value":1400,"currency":"CHF","value_usd":1515},"apc_paid":{"value":1400,"currency":"CHF","value_usd":1515},"fwci":3.6264,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.94997999,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":"7","issue":"4","first_page":"149","last_page":"149"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.6122000217437744,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.6122000217437744,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.13120000064373016,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.04619999974966049,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/metadata","display_name":"Metadata","score":0.6521999835968018},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.4961000084877014},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4456000030040741},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.43860000371932983},{"id":"https://openalex.org/keywords/knowledge-base","display_name":"Knowledge base","score":0.4291999936103821},{"id":"https://openalex.org/keywords/transparency","display_name":"Transparency (behavior)","score":0.41600000858306885},{"id":"https://openalex.org/keywords/artifact","display_name":"Artifact (error)","score":0.40560001134872437},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.358599990606308}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7793999910354614},{"id":"https://openalex.org/C93518851","wikidata":"https://www.wikidata.org/wiki/Q180160","display_name":"Metadata","level":2,"score":0.6521999835968018},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.5382999777793884},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.4961000084877014},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.47279998660087585},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4456000030040741},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.43860000371932983},{"id":"https://openalex.org/C4554734","wikidata":"https://www.wikidata.org/wiki/Q593744","display_name":"Knowledge base","level":2,"score":0.4291999936103821},{"id":"https://openalex.org/C2780233690","wikidata":"https://www.wikidata.org/wiki/Q535347","display_name":"Transparency (behavior)","level":2,"score":0.41600000858306885},{"id":"https://openalex.org/C2779010991","wikidata":"https://www.wikidata.org/wiki/Q2720909","display_name":"Artifact (error)","level":2,"score":0.40560001134872437},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3718999922275543},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.358599990606308},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.35580000281333923},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.35440000891685486},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.334199994802475},{"id":"https://openalex.org/C103520596","wikidata":"https://www.wikidata.org/wiki/Q7554328","display_name":"Software mining","level":5,"score":0.3077999949455261},{"id":"https://openalex.org/C195324797","wikidata":"https://www.wikidata.org/wiki/Q33742","display_name":"Natural language","level":2,"score":0.3019999861717224},{"id":"https://openalex.org/C120567893","wikidata":"https://www.wikidata.org/wiki/Q1582085","display_name":"Knowledge extraction","level":2,"score":0.26249998807907104},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.257099986076355},{"id":"https://openalex.org/C152752567","wikidata":"https://www.wikidata.org/wiki/Q116877","display_name":"Code refactoring","level":3,"score":0.25429999828338623}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.3390/make7040149","is_oa":true,"landing_page_url":"https://doi.org/10.3390/make7040149","pdf_url":null,"source":{"id":"https://openalex.org/S4210213891","display_name":"Machine Learning and Knowledge Extraction","issn_l":"2504-4990","issn":["2504-4990"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Machine Learning and Knowledge Extraction","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:1c7f20c368574823b1326d013160a0e4","is_oa":true,"landing_page_url":"https://doaj.org/article/1c7f20c368574823b1326d013160a0e4","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Machine Learning and Knowledge Extraction, Vol 7, Iss 4, p 149 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/make7040149","is_oa":true,"landing_page_url":"https://doi.org/10.3390/make7040149","pdf_url":null,"source":{"id":"https://openalex.org/S4210213891","display_name":"Machine Learning and Knowledge Extraction","issn_l":"2504-4990","issn":["2504-4990"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Machine Learning and Knowledge Extraction","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Common":[0,5],"Weakness":[1],"Enumerations":[2],"(CWEs)":[3],"and":[4,7,18,37,74,102,143,146,170,202,218,238,244,249],"Vulnerabilities":[6],"Exposures":[8],"(CVEs)":[9],"are":[10],"open":[11],"knowledge":[12,32,148,236],"bases":[13,33,237],"that":[14,209],"provide":[15],"definitions,":[16],"descriptions,":[17],"samples":[19],"of":[20,25,55,121,139,162,186,227],"code":[21,39,64,83,91,123,200],"vulnerabilities.":[22],"The":[23],"combination":[24],"Large":[26],"Language":[27],"Models":[28],"(LLMs)":[29],"with":[30,70,85,125],"vulnerability":[31,40],"helps":[34],"to":[35,60,166,182,190,224,246],"enhance":[36,183],"automate":[38],"repair.":[41,109],"Several":[42],"key":[43],"factors":[44,98],"come":[45],"into":[46],"play":[47],"in":[48,204],"this":[49,111,175],"setting,":[50],"including":[51],"(1)":[52],"the":[53,56,71,76,105,108,136,140,147,151,160,163,179,184],"retrieval":[54,153,214,250],"most":[57],"relevant":[58],"context":[59,215],"a":[61,82,90,222],"specific":[62],"vulnerable":[63,122],"snippet;":[65],"(2)":[66],"augmenting":[67],"LLM":[68],"prompts":[69],"retrieved":[72],"context;":[73],"(3)":[75],"generated":[77],"artifact":[78],"form,":[79],"such":[80],"as":[81,195,197],"repair":[84,92],"natural":[86],"language":[87],"explanations":[88],"or":[89],"only.":[93],"Artifacts":[94],"produced":[95],"by":[96,213],"these":[97],"often":[99],"lack":[100],"transparency":[101],"explainability":[103],"regarding":[104],"rationale":[106],"behind":[107],"In":[110],"paper,":[112],"we":[113,158,177],"propose":[114],"an":[115],"LLM-enabled":[116],"framework":[117,181],"for":[118],"explainable":[119,217],"recommendation":[120,187],"repairs":[124],"techniques":[126],"addressing":[127],"each":[128],"factor.":[129],"Our":[130,230],"method":[131],"is":[132,232],"data-driven,":[133],"which":[134,240],"means":[135],"data":[137],"characteristics":[138],"selected":[141],"CWE":[142],"CVE":[144],"datasets":[145,248],"base":[149],"determine":[150],"best":[152],"strategies.":[154,251],"Across":[155],"100":[156],"experiments,":[157],"observe":[159],"inadequacy":[161],"SOTA":[164],"metrics":[165],"differentiate":[167],"between":[168],"low-quality":[169],"irrelevant":[171],"repairs.":[172],"To":[173],"address":[174],"limitation,":[176],"design":[178],"LLM-as-a-Judge":[180],"robustness":[185],"assessments.":[188],"Compared":[189],"baselines":[191],"from":[192],"prior":[193],"works,":[194],"well":[196],"using":[198],"static":[199],"analysis":[201],"LLMs":[203,211],"zero-shot,":[205],"our":[206],"findings":[207],"highlight":[208],"multifaceted":[210],"guided":[212],"produce":[216],"reliable":[219],"recommendations":[220],"under":[221],"small":[223],"mild":[225],"level":[226],"self-alignment":[228],"bias.":[229],"work":[231],"developed":[233],"on":[234],"open-source":[235],"models,":[239],"makes":[241],"it":[242],"reproducible":[243],"extensible":[245],"new":[247]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-11-19T00:00:00"}