{"id":"https://openalex.org/W7156575612","doi":"https://doi.org/10.48550/arxiv.2604.24398","title":"MAS-SZZ: Multi-Agentic SZZ Algorithm for Vulnerability-Inducing Commit Identification","display_name":"MAS-SZZ: Multi-Agentic SZZ Algorithm for Vulnerability-Inducing Commit Identification","publication_year":2026,"publication_date":"2026-04-27","ids":{"openalex":"https://openalex.org/W7156575612","doi":"https://doi.org/10.48550/arxiv.2604.24398"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.24398","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.24398","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.24398","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5007104924","display_name":"Sicong Cao","orcid":"https://orcid.org/0000-0003-3688-4437"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Cao, Sicong","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134794305","display_name":"Jinxuan Xu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xu, Jinxuan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134790997","display_name":"Le Yu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yu, Le","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134773157","display_name":"Jing Yang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yang, Jing","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004134770","display_name":"Xingwei Lin","orcid":"https://orcid.org/0009-0005-5048-2516"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lin, Xingwei","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134807367","display_name":"Linlin Zhu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhu, Linlin","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5134788748","display_name":"Fu Xiao","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xiao, Fu","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5007104924"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.41040000319480896,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.41040000319480896,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.2117999941110611,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.15639999508857727,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/commit","display_name":"Commit","score":0.941100001335144},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.7213000059127808},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5597000122070312},{"id":"https://openalex.org/keywords/backtracking","display_name":"Backtracking","score":0.47209998965263367},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.44679999351501465},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4147999882698059},{"id":"https://openalex.org/keywords/selection","display_name":"Selection (genetic algorithm)","score":0.36079999804496765}],"concepts":[{"id":"https://openalex.org/C153180980","wikidata":"https://www.wikidata.org/wiki/Q19776675","display_name":"Commit","level":2,"score":0.941100001335144},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7924000024795532},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.7213000059127808},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5597000122070312},{"id":"https://openalex.org/C156884757","wikidata":"https://www.wikidata.org/wiki/Q798554","display_name":"Backtracking","level":2,"score":0.47209998965263367},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.44679999351501465},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.42640000581741333},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4147999882698059},{"id":"https://openalex.org/C81917197","wikidata":"https://www.wikidata.org/wiki/Q628760","display_name":"Selection (genetic algorithm)","level":2,"score":0.36079999804496765},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.35420000553131104},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3107999861240387},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.30399999022483826},{"id":"https://openalex.org/C84945661","wikidata":"https://www.wikidata.org/wiki/Q7366567","display_name":"Root cause","level":2,"score":0.3005000054836273},{"id":"https://openalex.org/C171078966","wikidata":"https://www.wikidata.org/wiki/Q111029","display_name":"Root (linguistics)","level":2,"score":0.2793000042438507},{"id":"https://openalex.org/C28420585","wikidata":"https://www.wikidata.org/wiki/Q2665075","display_name":"Timing attack","level":4,"score":0.2759000062942505},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.27320000529289246},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.2590999901294708},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.2581000030040741},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.25380000472068787}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.24398","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.24398","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.24398","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.24398","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/10","display_name":"Reduced inequalities","score":0.40568339824676514}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Accurate":[0],"vulnerability-inducing":[1,93],"commit":[2,41,156],"identification":[3,91],"serves":[4],"as":[5,16,141],"a":[6,9,71,82,101,119],"foundation":[7],"for":[8],"series":[10],"of":[11,92,114,133,179],"software":[12],"security":[13],"tasks,":[14],"such":[15],"vulnerability":[17,116],"detection":[18],"and":[19,63,104,117,173],"affected":[20],"version":[21],"analysis.":[22],"A":[23],"straightforward":[24],"solution":[25],"is":[26],"the":[27,34,39,44,49,59,90,111,115,130,150,155,160,168,184],"SZZ":[28,84,186],"algorithm,":[29,85],"which":[30,144],"traces":[31,147],"back":[32],"through":[33,95,149],"code":[35],"history":[36,152],"to":[37,58,124,153,181],"identify":[38],"earliest":[40],"that":[42,88,157,165],"modify":[43],"vulnerable":[45,138],"code.":[46],"Unfortunately,":[47],"neither":[48],"customized":[50],"V-SZZ":[51],"nor":[52],"state-of-the-art":[53,169],"LLM4SZZ":[54],"perform":[55],"satisfactorily":[56],"due":[57],"incorrect":[60],"anchor":[61],"selection":[62],"inadequate":[64],"backtracking":[65],"capability,":[66],"making":[67],"them":[68],"far":[69],"beyond":[70],"reliable":[72],"usage":[73],"in":[74],"practice.":[75],"To":[76],"overcome":[77],"these":[78],"challenges,":[79],"we":[80],"propose":[81],"multi-agentic":[83],"named":[86],"MAS-SZZ,":[87],"facilitates":[89],"commits":[94],"collaboration":[96],"among":[97],"agents.":[98],"Specifically,":[99],"given":[100],"CVE":[102],"description":[103],"its":[105],"corresponding":[106],"fixing":[107],"commit,":[108],"MAS-SZZ":[109,145,166],"summarizes":[110],"root":[112],"cause":[113],"employs":[118],"structured":[120],"step-forward":[121],"prompting":[122],"strategy":[123],"localize":[125],"vulnerability-related":[126],"statements":[127,139],"based":[128],"on":[129],"change":[131],"intent":[132],"each":[134],"patch":[135],"hunk.":[136],"These":[137],"serve":[140],"anchors":[142],"from":[143],"autonomously":[146],"backward":[148],"repository's":[151],"find":[154],"first":[158],"introduced":[159],"vulnerability.":[161],"Extensive":[162],"experiments":[163],"show":[164],"outperforms":[167],"baselines":[170],"across":[171],"datasets":[172],"programming":[174],"languages,":[175],"achieving":[176],"F1-score":[177],"gains":[178],"up":[180],"65.22%":[182],"over":[183],"best-performing":[185],"algorithm.":[187]},"counts_by_year":[],"updated_date":"2026-04-29T06:16:36.941037","created_date":"2026-04-29T00:00:00"}