{"id":"https://openalex.org/W7155412875","doi":"https://doi.org/10.48550/arxiv.2604.20461","title":"On the Informativeness of Security Commit Messages: A Large-scale Replication Study","display_name":"On the Informativeness of Security Commit Messages: A Large-scale Replication Study","publication_year":2026,"publication_date":"2026-04-22","ids":{"openalex":"https://openalex.org/W7155412875","doi":"https://doi.org/10.48550/arxiv.2604.20461"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.20461","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.20461","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.20461","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5030736466","display_name":"Syful Islam","orcid":"https://orcid.org/0000-0002-7441-6987"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Islam, Syful","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5134421397","display_name":"Stefano Zacchiroli","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zacchiroli, Stefano","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5030736466"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.6794999837875366,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.6794999837875366,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.05810000002384186,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.045899998396635056,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/commit","display_name":"Commit","score":0.9866999983787537},{"id":"https://openalex.org/keywords/replicate","display_name":"Replicate","score":0.5368000268936157},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.5230000019073486},{"id":"https://openalex.org/keywords/replication","display_name":"Replication (statistics)","score":0.49799999594688416},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.48249998688697815},{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.4627000093460083}],"concepts":[{"id":"https://openalex.org/C153180980","wikidata":"https://www.wikidata.org/wiki/Q19776675","display_name":"Commit","level":2,"score":0.9866999983787537},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7109000086784363},{"id":"https://openalex.org/C2781162219","wikidata":"https://www.wikidata.org/wiki/Q26250693","display_name":"Replicate","level":2,"score":0.5368000268936157},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.5230000019073486},{"id":"https://openalex.org/C12590798","wikidata":"https://www.wikidata.org/wiki/Q3933199","display_name":"Replication (statistics)","level":2,"score":0.49799999594688416},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.48249998688697815},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.4627000093460083},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.38850000500679016},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3467000126838684},{"id":"https://openalex.org/C2777179996","wikidata":"https://www.wikidata.org/wiki/Q911222","display_name":"Mistake","level":2,"score":0.30809998512268066},{"id":"https://openalex.org/C2984968299","wikidata":"https://www.wikidata.org/wiki/Q1077784","display_name":"Software tool","level":3,"score":0.29600000381469727}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.20461","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.20461","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.20461","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.20461","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"The":[0],"informativeness":[1,83,162],"of":[2,20,46,67,88,239],"security-related":[3,78,126,246],"commit":[4,32,127,191,247],"messages":[5,33,128],"is":[6,163],"crucial":[7],"for":[8,135,189,222,243],"patch":[9],"triage:":[10],"when":[11],"high,":[12],"it":[13],"enables":[14],"the":[15,44,53,58,62,68,89,97,112,118,141,195,220,235],"rapid":[16],"distribution":[17],"and":[18,80,102,200,228,232,237],"deployment":[19],"security":[21],"fixes.":[22],"Prior":[23],"research":[24],"(Reis":[25],"et":[26,94],"al.,":[27],"2023)":[28],"reported,":[29],"however,":[30],"that":[31,160],"are":[34,211],"often":[35],"too":[36],"uninformative":[37],"to":[38,108,155,225,233],"support":[39],"these":[40],"activities.":[41],"To":[42],"assess":[43],"robustness":[45],"this":[47],"negative":[48],"result,":[49],"we":[50,158,177,184],"independently":[51],"replicate":[52],"original":[54,69,113,119,142],"study":[55,143],"using":[56,84],"only":[57],"information":[59],"provided":[60],"in":[61,121,130,144,181,205],"paper,":[63],"without":[64],"reusing":[65],"any":[66],"artifacts":[70],"(data,":[71],"analysis":[72],"pipeline,":[73],"etc.).":[74],"We":[75,138],"retrieve":[76],"\\num{50673}":[77],"commits":[79,210],"analyze":[81],"their":[82],"an":[85,206],"independent":[86],"re-implementation":[87],"techniques":[90],"introduced":[91],"by":[92,168],"Reis":[93],"al.":[95],"For":[96],"same":[98],"source":[99],"(i.e.,":[100],"GitHub)":[101],"time":[103,150],"period":[104,151],"(from":[105,152],"June":[106,153],"1999":[107,154],"August":[109],"2022)":[110],"as":[111,194],"study,":[114],"our":[115],"replication":[116],"confirms":[117],"findings":[120,218],"a":[122,148],"statistically":[123],"significant":[124,179,203],"way:":[125],"are,":[129],"general,":[131],"not":[132],"informative":[133,213,245],"enough":[134],"security-focused":[136],"purposes.":[137],"then":[139],"extend":[140],"several":[145],"ways.":[146],"Over":[147],"longer":[149],"October":[156],"2025),":[157],"find":[159,202],"commit-message":[161,230],"worsening.":[164],"Breaking":[165],"results":[166],"down":[167],"software":[169],"ecosystem":[170],"(Linux":[171],"kernel,":[172],"Ubuntu,":[173],"Go,":[174],"PyPI,":[175],"etc.),":[176],"observe":[178],"differences":[180,204],"informativeness.":[182],"Finally,":[183],"examine":[185],"emerging":[186],"best":[187],"practices":[188],"writing":[190,244],"messages,":[192],"such":[193],"Conventional":[196],"Commits":[197],"Specification":[198],"(CCS),":[199],"again":[201],"unexpected":[207],"direction:":[208],"CCS-compliant":[209],"less":[212],"than":[214],"non-compliant":[215],"ones.":[216],"Our":[217],"highlight":[219],"need":[221],"cross-ecosystem":[223],"analyses":[224],"understand":[226],"platform-":[227],"community-specific":[229],"practices,":[231],"inform":[234],"development":[236],"adoption":[238],"universally":[240],"applicable":[241],"guidelines":[242],"messages.":[248]},"counts_by_year":[],"updated_date":"2026-04-24T06:07:52.864757","created_date":"2026-04-24T00:00:00"}