{"id":"https://openalex.org/W7147004303","doi":"https://doi.org/10.48550/arxiv.2603.27067","title":"Detecting Protracted Vulnerabilities in Open Source Projects","display_name":"Detecting Protracted Vulnerabilities in Open Source Projects","publication_year":2026,"publication_date":"2026-03-28","ids":{"openalex":"https://openalex.org/W7147004303","doi":"https://doi.org/10.48550/arxiv.2603.27067"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.27067","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.27067","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.27067","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5132560519","display_name":"Arjun Sridharkumar","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sridharkumar, Arjun","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081518084","display_name":"Sara Al Hajj Ibrahim","orcid":"https://orcid.org/0000-0002-1794-5364"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ibrahim, Sara Al Hajj","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5132628011","display_name":"Jiayuan Zhou","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhou, Jiayuan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5132616397","display_name":"Yuliang Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Yuliang","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022060601","display_name":"Safwat Hassan","orcid":"https://orcid.org/0000-0001-7090-0475"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hassan, Safwat","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5132553337","display_name":"Ahmed E. Hassan","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hassan, Ahmed E.","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5132613733","display_name":"Shurui Zhou","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhou, Shurui","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.48989999294281006,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.48989999294281006,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.3357999920845032,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.04190000146627426,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.734000027179718},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6621999740600586},{"id":"https://openalex.org/keywords/automatic-summarization","display_name":"Automatic summarization","score":0.6299999952316284},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.5371999740600586},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.5256999731063843},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.4302000105381012},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.4023999869823456},{"id":"https://openalex.org/keywords/open-source","display_name":"Open source","score":0.38370001316070557}],"concepts":[{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.734000027179718},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7027000188827515},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6632999777793884},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6621999740600586},{"id":"https://openalex.org/C170858558","wikidata":"https://www.wikidata.org/wiki/Q1394144","display_name":"Automatic summarization","level":2,"score":0.6299999952316284},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.5371999740600586},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.5256999731063843},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.4302000105381012},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.4023999869823456},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.38370001316070557},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.3736000061035156},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.36340001225471497},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3467999994754791},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.34610000252723694},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.3411000072956085},{"id":"https://openalex.org/C165609540","wikidata":"https://www.wikidata.org/wiki/Q1172486","display_name":"Data breach","level":2,"score":0.33399999141693115},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.31139999628067017},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.2897999882698059},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.2800999879837036},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.259799987077713},{"id":"https://openalex.org/C138268822","wikidata":"https://www.wikidata.org/wiki/Q1051925","display_name":"Resolution (logic)","level":2,"score":0.25429999828338623},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.251800000667572}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.27067","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.27067","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.27067","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.27067","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Timely":[0],"resolution":[1],"and":[2,85,145,182,195],"disclosure":[3],"of":[4,12,83,94,117],"vulnerabilities":[5,17,51,69],"are":[6],"essential":[7],"for":[8,23,137],"maintaining":[9],"the":[10,63,187],"security":[11,30],"open-source":[13],"software.":[14],"However,":[15],"many":[16],"remain":[18,72],"unreported,":[19],"unpatched,":[20],"or":[21,43,74],"undisclosed":[22,75],"extended":[24],"periods,":[25],"exposing":[26],"users":[27],"to":[28,49,90],"prolonged":[29],"threats.":[31],"While":[32],"various":[33],"vulnerability":[34,64,106],"detection":[35,133,171],"tools":[36,112],"exist,":[37],"they":[38],"primarily":[39],"focus":[40],"on":[41,108,186],"predicting":[42],"identifying":[44],"known":[45],"vulnerabilities,":[46],"often":[47],"failing":[48],"capture":[50],"that":[52,168],"experience":[53],"significant":[54],"delays":[55],"in":[56,177],"resolution.":[57],"In":[58],"this":[59,126],"study,":[60],"we":[61,101,128,159],"examine":[62],"lifecycle":[65],"by":[66,149],"analyzing":[67],"protracted":[68,138],"(PCVEs),":[70],"which":[71],"unresolved":[73],"over":[76],"long":[77],"periods.":[78],"We":[79],"construct":[80],"a":[81,87,150,162,174],"dataset":[82],"PCVEs":[84,181],"conduct":[86],"qualitative":[88],"analysis":[89],"uncover":[91],"underlying":[92],"causes":[93],"delay.":[95],"To":[96,124],"assess":[97],"current":[98],"automated":[99],"solutions,":[100],"evaluate":[102,161],"four":[103],"state-of-the-art":[104],"(SOTA)":[105],"detectors":[107,194],"our":[109],"dataset.":[110],"These":[111],"detect":[113],"only":[114],"1,059":[115],"out":[116],"2,402":[118],"PCVEs,":[119],"achieving":[120,173],"approximately":[121],"44%":[122],"coverage.":[123],"address":[125],"limitation,":[127],"propose":[129],"DeeptraVul,":[130],"an":[131],"enhanced":[132],"approach":[134],"designed":[135],"specifically":[136],"cases.":[139],"DeeptraVul":[140,169,188],"integrates":[141],"multiple":[142],"development":[143],"artifacts":[144],"code":[146],"signals,":[147],"supported":[148],"Large":[151],"Language":[152],"Model":[153],"(LLM)-based":[154],"summarization":[155],"component.":[156],"For":[157],"comparison,":[158],"also":[160],"standalone":[163,196],"LLM.":[164],"Our":[165],"results":[166],"show":[167],"improves":[170],"performance,":[172],"14%":[175],"increase":[176],"coverage":[178,185],"across":[179],"all":[180],"reaching":[183],"90%":[184],"PCVE":[189],"subset,":[190],"outperforming":[191],"existing":[192],"SOTA":[193],"LLM":[197],"based":[198],"inference.":[199]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-04-02T00:00:00"}