{"id":"https://openalex.org/W7127918892","doi":"https://doi.org/10.48550/arxiv.2602.06009","title":"Characterizing and Modeling the GitHub Security Advisories Review Pipeline","display_name":"Characterizing and Modeling the GitHub Security Advisories Review Pipeline","publication_year":2026,"publication_date":"2026-02-05","ids":{"openalex":"https://openalex.org/W7127918892","doi":"https://doi.org/10.48550/arxiv.2602.06009"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2602.06009","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5125124393","display_name":"Claudio Segal","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Segal, Claudio","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5125227258","display_name":"Paulo Segal","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Segal, Paulo","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5125163219","display_name":"Carlos Eduardo de Schuller Banjar","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Banjar, Carlos Eduardo de Schuller","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087728351","display_name":"Felipe P. Paix\u00e3o","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Paix\u00e3o, Felipe","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5125255968","display_name":"Hudson Silva Borges","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Borges, Hudson Silva","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032866658","display_name":"Paulo Silveira Neto","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Neto, Paulo Silveira","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5125221281","display_name":"Eduardo Santana de Almeida","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"de Almeida, Eduardo Santana","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121302908","display_name":"Joanna C. S. Santos","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Santos, Joanna C. S.","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5125163202","display_name":"Anton Kocheturov","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kocheturov, Anton","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5125185713","display_name":"Gaurav Kumar Srivastava","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Srivastava, Gaurav Kumar","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5125124175","display_name":"Daniel Sadoc Menasch\u00e9","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Menasch\u00e9, Daniel Sadoc","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":11,"corresponding_author_ids":["https://openalex.org/A5125124393"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.4936000108718872,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.4936000108718872,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.20069999992847443,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.07980000227689743,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.6439999938011169},{"id":"https://openalex.org/keywords/component","display_name":"Component (thermodynamics)","score":0.6205999851226807},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.5198000073432922},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.49459999799728394},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4763999879360199},{"id":"https://openalex.org/keywords/path","display_name":"Path (computing)","score":0.4652999937534332},{"id":"https://openalex.org/keywords/fraction","display_name":"Fraction (chemistry)","score":0.3653999865055084}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7077999711036682},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.6439999938011169},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.6205999851226807},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.5198000073432922},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.49459999799728394},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4763999879360199},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.4652999937534332},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.454800009727478},{"id":"https://openalex.org/C149629883","wikidata":"https://www.wikidata.org/wiki/Q660926","display_name":"Fraction (chemistry)","level":2,"score":0.3653999865055084},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.3619999885559082},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.29809999465942383},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.27320000529289246},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.271699994802475},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.26759999990463257},{"id":"https://openalex.org/C12725497","wikidata":"https://www.wikidata.org/wiki/Q810247","display_name":"Baseline (sea)","level":2,"score":0.2637999951839447},{"id":"https://openalex.org/C22684755","wikidata":"https://www.wikidata.org/wiki/Q847526","display_name":"Queueing theory","level":2,"score":0.2624000012874603},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.25040000677108765},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.2502000033855438}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2602.06009","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2602.06009","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.06009","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2602.06009","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"GitHub":[0,92],"Security":[1],"Advisories":[2,94],"(GHSA)":[3],"have":[4],"become":[5],"a":[6,30,54,87,97,107],"central":[7],"component":[8],"of":[9,25,32,58,119],"open-source":[10],"vulnerability":[11],"disclosure":[12],"and":[13,19,81,96],"are":[14,34,72],"widely":[15],"used":[16],"by":[17,36,91,101],"developers":[18],"security":[20],"tools.":[21],"A":[22],"distinctive":[23],"feature":[24],"GHSA":[26,59],"is":[27],"that":[28,110],"only":[29],"fraction":[31],"advisories":[33,65,71],"reviewed":[35],"GitHub,":[37],"while":[38],"the":[39,117,120],"mechanisms":[40],"associated":[41],"with":[42],"this":[43,50,113],"review":[44,60,79],"process":[45],"remain":[46],"poorly":[47],"understood.":[48],"In":[49],"paper,":[51],"we":[52],"conduct":[53],"large-scale":[55],"empirical":[56],"study":[57],"processes,":[61],"analyzing":[62],"over":[63],"288,000":[64],"spanning":[66],"2019--2025.":[67],"We":[68,104],"characterize":[69],"which":[70],"more":[73],"likely":[74],"to":[75],"be":[76],"reviewed,":[77],"quantify":[78],"delays,":[80],"identify":[82],"two":[83],"distinct":[84],"review-latency":[85],"regimes:":[86],"fast":[88],"path":[89,99],"dominated":[90,100],"Repository":[93],"(GRAs)":[95],"slow":[98],"NVD-first":[102],"advisories.":[103],"further":[105],"develop":[106],"queueing":[108],"model":[109],"accounts":[111],"for":[112],"dichotomy":[114],"based":[115],"on":[116],"structure":[118],"advisory":[121],"processing":[122],"pipeline.":[123]},"counts_by_year":[],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2026-02-07T00:00:00"}