publications
publications by categories in reversed chronological order. generated by jekyll-scholar.
2025
- Code Change Intention, Development Artifact and History Vulnerability: Putting Them Together for Vulnerability Fix Detection by LLMIn Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering (FSE), 2025
- One-for-All Does Not Work! Enhancing Vulnerability Detection by Mixture-of-Experts (MoE)In Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering (FSE), 2025
- Similar but Patched Code Considered Harmful – The Impact of Similar but Patched Code on Recurring Vulnerability Detection and How to Remove ThemIn Proceedings of the 47th IEEE/ACM International Conference on Software Engineering (ICSE), 2025
- From Industrial Practices to Academia: Uncovering the Gap in Vulnerability Research and PracticeIn Proceedings of the 22nd IEEE/ACM International Conference on Mining Software Repositories (MSR), 2025
2024
- Silent Taint-Style Vulnerability Fixes IdentificationIn Proceedings of the 33nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2024
- An Empirical Study of Automatic Program Repair Techniques for Injection VulnerabilitiesIn Proceedings of the 40th IEEE International Conference on Software Maintenance and Evolution (ICSME), 2024
- Towards More Practical Automation of Vulnerability AssessmentIn Proceedings of the 46th IEEE/ACM International Conference on Software Engineering (ICSE), 2024
- Unveil the Mystery of Critical Software VulnerabilitiesIn Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering (FSE), 2024
2023
- Multi-granularity detector for vulnerability fixesIEEE Transactions on Software Engineering (TSE), 2023
- Colefunda: Explainable silent vulnerability fix identificationIn Proceedings of the 45th IEEE/ACM International Conference on Software Engineering (ICSE), 2023
2022
- Automated unearthing of dangerous issue reportsIn Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2022
- Studying donations and their expenses in open source projects: a case study of GitHub projects collecting donations through open collectivesEmpirical Software Engineering (EMSE), 2022
2021
- Finding a needle in a haystack: Automated mining of silent vulnerability fixesIn Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2021
- Studying backers and hunters in bounty issue addressing process of open source projectsEmpirical Software Engineering (EMSE), 2021
2020
- Studying the Use of Extrinsic Incentives to Support Crowdsourced Software Engineering ActivitiesQueen’s University (Canada), 2020
- Bounties on technical Q&A sites: a case study of Stack Overflow bountiesEmpirical Software Engineering (EMSE), 2020
- Studying the association between bountysource bounties and the issue-addressing likelihood of github issue reportsIEEE Transactions on Software Engineering (TSE), 2020