{"id":"https://openalex.org/W7139084929","doi":"https://doi.org/10.48550/arxiv.2603.17266","title":"Revisiting Vulnerability Patch Identification on Data in the Wild","display_name":"Revisiting Vulnerability Patch Identification on Data in the Wild","publication_year":2026,"publication_date":"2026-03-18","ids":{"openalex":"https://openalex.org/W7139084929","doi":"https://doi.org/10.48550/arxiv.2603.17266"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.17266","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.17266","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.17266","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5059690191","display_name":"Ivana Clairine Irsan","orcid":"https://orcid.org/0000-0001-6350-2700"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Irsan, Ivana Clairine","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009224648","display_name":"Ratnadira Widyasari","orcid":"https://orcid.org/0000-0001-8190-5458"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Widyasari, Ratnadira","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130074484","display_name":"Ting Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Ting","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129764362","display_name":"Huihui Huang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Huang, Huihui","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034736998","display_name":"Ferdian Thung","orcid":"https://orcid.org/0000-0002-5566-3819"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Thung, Ferdian","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129922476","display_name":"Yikun Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Yikun","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129778541","display_name":"Lwin Khin Shar","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shar, Lwin Khin","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041682105","display_name":"Eng Lieh Ouh","orcid":"https://orcid.org/0000-0001-7759-348X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ouh, Eng Lieh","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027335548","display_name":"Hong Jin Kang","orcid":"https://orcid.org/0000-0001-7335-7295"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kang, Hong Jin","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5129789500","display_name":"David Lo","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lo, David","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":10,"corresponding_author_ids":["https://openalex.org/A5059690191"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.6071000099182129,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.6071000099182129,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.19020000100135803,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.040699999779462814,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.7461000084877014},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7418000102043152},{"id":"https://openalex.org/keywords/commit","display_name":"Commit","score":0.6288999915122986},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.4740000069141388},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.4706999957561493},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.4602000117301941},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.43779999017715454},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.4011000096797943},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.39660000801086426}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.7461000084877014},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7418000102043152},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.729200005531311},{"id":"https://openalex.org/C153180980","wikidata":"https://www.wikidata.org/wiki/Q19776675","display_name":"Commit","level":2,"score":0.6288999915122986},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5227000117301941},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.4740000069141388},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.4706999957561493},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.4602000117301941},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.43779999017715454},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.4011000096797943},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.39660000801086426},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.39640000462532043},{"id":"https://openalex.org/C10511746","wikidata":"https://www.wikidata.org/wiki/Q899388","display_name":"Data security","level":3,"score":0.36230000853538513},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.3400000035762787},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.3312000036239624},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.32820001244544983},{"id":"https://openalex.org/C205711294","wikidata":"https://www.wikidata.org/wiki/Q176953","display_name":"Rendering (computer graphics)","level":2,"score":0.3280999958515167},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.3244999945163727},{"id":"https://openalex.org/C2983685735","wikidata":"https://www.wikidata.org/wiki/Q5227355","display_name":"Data source","level":2,"score":0.31209999322891235},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.2985000014305115},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.29600000381469727},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.2863999903202057},{"id":"https://openalex.org/C187191949","wikidata":"https://www.wikidata.org/wiki/Q1138496","display_name":"Profiling (computer programming)","level":2,"score":0.28380000591278076},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.26829999685287476},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.2644999921321869},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.2624000012874603},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.25519999861717224},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.2549999952316284}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.17266","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.17266","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.17266","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.17266","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"score":0.47279107570648193,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Attacks":[0],"can":[1,123,190],"exploit":[2],"zero-day":[3],"or":[4],"one-day":[5],"vulnerabilities":[6],"that":[7,78,121,150,170,174],"are":[8],"not":[9],"publicly":[10],"disclosed.":[11],"To":[12],"detect":[13,165],"these":[14,70],"vulnerabilities,":[15],"security":[16,27,42,50,100,111,166,176,188],"researchers":[17],"monitor":[18],"development":[19],"activities":[20],"in":[21,56,90],"open-source":[22],"repositories":[23],"to":[24,38,94,164],"identify":[25],"unreported":[26],"patches.":[28,167],"The":[29],"sheer":[30],"volume":[31],"of":[32,69,92,138,145,159,185],"commits":[33,116],"makes":[34],"this":[35,63],"task":[36],"infeasible":[37],"accomplish":[39],"manually.":[40],"Consequently,":[41],"patch":[43],"detectors":[44,71],"commonly":[45],"trained":[46,80],"and":[47,115,143],"evaluated":[48],"on":[49,81,98],"patches":[51,112,131,177,189],"linked":[52,117],"from":[53,118,127,178],"vulnerability":[54,141],"reports":[55],"the":[57,67,156],"National":[58],"Vulnerability":[59],"Database":[60],"(NVD).":[61],"In":[62],"study,":[64],"we":[65],"assess":[66],"effectiveness":[68],"when":[72,96],"applied":[73],"in-the-wild.":[74],"Our":[75],"results":[76],"show":[77,84],"models":[79,163],"NVD-derived":[82],"data":[83,160,180],"substantially":[85],"decreased":[86],"performance,":[87],"with":[88,133,181],"decreases":[89],"F1-score":[91],"up":[93],"90\\%":[95],"tested":[97],"in-the-wild":[99,114],"patches,":[101],"rendering":[102],"them":[103],"impractical":[104],"for":[105,161],"real-world":[106],"use.":[107],"An":[108],"analysis":[109],"comparing":[110],"identified":[113,187],"NVD":[119,134,151,179],"reveals":[120],"they":[122],"be":[124,153],"easily":[125],"distinguished":[126],"each":[128],"other.":[129],"Security":[130],"associated":[132],"have":[135],"different":[136],"distribution":[137],"commit":[139],"messages,":[140],"types,":[142],"composition":[144],"changes.":[146],"These":[147],"differences":[148],"suggest":[149],"may":[152],"unsuitable":[154],"as":[155],"\\textit{sole}":[157],"source":[158],"training":[162],"We":[168],"find":[169],"constructing":[171],"a":[172,182],"dataset":[173],"combines":[175],"small":[183],"subset":[184],"manually":[186],"improve":[191],"model":[192],"robustness.":[193]},"counts_by_year":[],"updated_date":"2026-03-20T20:54:20.808490","created_date":"2026-03-20T00:00:00"}