{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2024:4XWYERPOS64JNVRJ3UV53JCZQK","short_pith_number":"pith:4XWYERPO","canonical_record":{"source":{"id":"2412.08068","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.SE","submitted_at":"2024-12-11T03:29:56Z","cross_cats_sorted":["cs.AI","cs.CR"],"title_canon_sha256":"bf60113c3013cb2c95dacdffa4bebe7f45a47d9eed54786acabc104986a90fdc","abstract_canon_sha256":"bc80dd63e00418d5bdef59d5af0915cd789bb30510a28aeaee73cc6442c4b52c"},"schema_version":"1.0"},"canonical_sha256":"e5ed8245ee97b896d629dd2bdda45982af3a7c118bf3268d7b341b8f4665d1e3","source":{"kind":"arxiv","id":"2412.08068","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2412.08068","created_at":"2026-07-05T09:47:43Z"},{"alias_kind":"arxiv_version","alias_value":"2412.08068v1","created_at":"2026-07-05T09:47:43Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2412.08068","created_at":"2026-07-05T09:47:43Z"},{"alias_kind":"pith_short_12","alias_value":"4XWYERPOS64J","created_at":"2026-07-05T09:47:43Z"},{"alias_kind":"pith_short_16","alias_value":"4XWYERPOS64JNVRJ","created_at":"2026-07-05T09:47:43Z"},{"alias_kind":"pith_short_8","alias_value":"4XWYERPO","created_at":"2026-07-05T09:47:43Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2024:4XWYERPOS64JNVRJ3UV53JCZQK","target":"record","payload":{"canonical_record":{"source":{"id":"2412.08068","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.SE","submitted_at":"2024-12-11T03:29:56Z","cross_cats_sorted":["cs.AI","cs.CR"],"title_canon_sha256":"bf60113c3013cb2c95dacdffa4bebe7f45a47d9eed54786acabc104986a90fdc","abstract_canon_sha256":"bc80dd63e00418d5bdef59d5af0915cd789bb30510a28aeaee73cc6442c4b52c"},"schema_version":"1.0"},"canonical_sha256":"e5ed8245ee97b896d629dd2bdda45982af3a7c118bf3268d7b341b8f4665d1e3","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-07-05T09:47:43.893231Z","signature_b64":"gjJSs7AqL5eeAqembm63vfFfSvxH2HzpbZ0m1GhQ/7XCA7ZxGzbEskbUx4F7qKTQiC4MjEgIJMPLZueQVG6gDg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"e5ed8245ee97b896d629dd2bdda45982af3a7c118bf3268d7b341b8f4665d1e3","last_reissued_at":"2026-07-05T09:47:43.892747Z","signature_status":"signed_v1","first_computed_at":"2026-07-05T09:47:43.892747Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2412.08068","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-07-05T09:47:43Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"gIGBZUukR/oWj3iDcx3gpzubNBz7mNSydNTQPgsfMGhon9ou321fsr694cl1Myc5pjgklW2+IokEHgLsZFGbDg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-07T03:02:24.231495Z"},"content_sha256":"6d9d1e8647b5e64a6e83f8cf825a625ea891bc80bd7cf55d4e376fdd08a38e13","schema_version":"1.0","event_id":"sha256:6d9d1e8647b5e64a6e83f8cf825a625ea891bc80bd7cf55d4e376fdd08a38e13"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2024:4XWYERPOS64JNVRJ3UV53JCZQK","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Repository-Level Graph Representation Learning for Enhanced Security Patch Detection","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.AI","cs.CR"],"primary_cat":"cs.SE","authors_text":"Cuiyun Gao, Hongyu Zhang, Qing Liao, Xin-Cheng Wen, Yong Wang, Zirui Lin","submitted_at":"2024-12-11T03:29:56Z","abstract_excerpt":"Software vendors often silently release security patches without providing sufficient advisories (e.g., Common Vulnerabilities and Exposures) or delayed updates via resources (e.g., National Vulnerability Database). Therefore, it has become crucial to detect these security patches to ensure secure software maintenance. However, existing methods face the following challenges: (1) They primarily focus on the information within the patches themselves, overlooking the complex dependencies in the repository. (2) Security patches typically involve multiple functions and files, increasing the difficu"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2412.08068","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2412.08068/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-07-05T09:47:43Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"bElQmZGdusei+Rm5GeAfdlPJjGAA7qRdEwQK7Xp015ythU8YwkRubU055BpaGg0YAa4v6KNb/686cEm6/NxZCA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-07T03:02:24.231876Z"},"content_sha256":"42683b0fcfc81a25e0da9d2cb74d32d14f632400a15b7f92b11cda3019984447","schema_version":"1.0","event_id":"sha256:42683b0fcfc81a25e0da9d2cb74d32d14f632400a15b7f92b11cda3019984447"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/4XWYERPOS64JNVRJ3UV53JCZQK/bundle.json","state_url":"https://pith.science/pith/4XWYERPOS64JNVRJ3UV53JCZQK/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/4XWYERPOS64JNVRJ3UV53JCZQK/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-07-07T03:02:24Z","links":{"resolver":"https://pith.science/pith/4XWYERPOS64JNVRJ3UV53JCZQK","bundle":"https://pith.science/pith/4XWYERPOS64JNVRJ3UV53JCZQK/bundle.json","state":"https://pith.science/pith/4XWYERPOS64JNVRJ3UV53JCZQK/state.json","well_known_bundle":"https://pith.science/.well-known/pith/4XWYERPOS64JNVRJ3UV53JCZQK/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2024:4XWYERPOS64JNVRJ3UV53JCZQK","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"bc80dd63e00418d5bdef59d5af0915cd789bb30510a28aeaee73cc6442c4b52c","cross_cats_sorted":["cs.AI","cs.CR"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.SE","submitted_at":"2024-12-11T03:29:56Z","title_canon_sha256":"bf60113c3013cb2c95dacdffa4bebe7f45a47d9eed54786acabc104986a90fdc"},"schema_version":"1.0","source":{"id":"2412.08068","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2412.08068","created_at":"2026-07-05T09:47:43Z"},{"alias_kind":"arxiv_version","alias_value":"2412.08068v1","created_at":"2026-07-05T09:47:43Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2412.08068","created_at":"2026-07-05T09:47:43Z"},{"alias_kind":"pith_short_12","alias_value":"4XWYERPOS64J","created_at":"2026-07-05T09:47:43Z"},{"alias_kind":"pith_short_16","alias_value":"4XWYERPOS64JNVRJ","created_at":"2026-07-05T09:47:43Z"},{"alias_kind":"pith_short_8","alias_value":"4XWYERPO","created_at":"2026-07-05T09:47:43Z"}],"graph_snapshots":[{"event_id":"sha256:42683b0fcfc81a25e0da9d2cb74d32d14f632400a15b7f92b11cda3019984447","target":"graph","created_at":"2026-07-05T09:47:43Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2412.08068/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Software vendors often silently release security patches without providing sufficient advisories (e.g., Common Vulnerabilities and Exposures) or delayed updates via resources (e.g., National Vulnerability Database). Therefore, it has become crucial to detect these security patches to ensure secure software maintenance. However, existing methods face the following challenges: (1) They primarily focus on the information within the patches themselves, overlooking the complex dependencies in the repository. (2) Security patches typically involve multiple functions and files, increasing the difficu","authors_text":"Cuiyun Gao, Hongyu Zhang, Qing Liao, Xin-Cheng Wen, Yong Wang, Zirui Lin","cross_cats":["cs.AI","cs.CR"],"headline":"","license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.SE","submitted_at":"2024-12-11T03:29:56Z","title":"Repository-Level Graph Representation Learning for Enhanced Security Patch Detection"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2412.08068","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:6d9d1e8647b5e64a6e83f8cf825a625ea891bc80bd7cf55d4e376fdd08a38e13","target":"record","created_at":"2026-07-05T09:47:43Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"bc80dd63e00418d5bdef59d5af0915cd789bb30510a28aeaee73cc6442c4b52c","cross_cats_sorted":["cs.AI","cs.CR"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.SE","submitted_at":"2024-12-11T03:29:56Z","title_canon_sha256":"bf60113c3013cb2c95dacdffa4bebe7f45a47d9eed54786acabc104986a90fdc"},"schema_version":"1.0","source":{"id":"2412.08068","kind":"arxiv","version":1}},"canonical_sha256":"e5ed8245ee97b896d629dd2bdda45982af3a7c118bf3268d7b341b8f4665d1e3","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"e5ed8245ee97b896d629dd2bdda45982af3a7c118bf3268d7b341b8f4665d1e3","first_computed_at":"2026-07-05T09:47:43.892747Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-07-05T09:47:43.892747Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"gjJSs7AqL5eeAqembm63vfFfSvxH2HzpbZ0m1GhQ/7XCA7ZxGzbEskbUx4F7qKTQiC4MjEgIJMPLZueQVG6gDg==","signature_status":"signed_v1","signed_at":"2026-07-05T09:47:43.893231Z","signed_message":"canonical_sha256_bytes"},"source_id":"2412.08068","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:6d9d1e8647b5e64a6e83f8cf825a625ea891bc80bd7cf55d4e376fdd08a38e13","sha256:42683b0fcfc81a25e0da9d2cb74d32d14f632400a15b7f92b11cda3019984447"],"state_sha256":"81e827dcf45de67066289f0e0867e9a52fade6dc75288c810477a2e3139c7651"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"EUwbnPIb/gS0QFfs05ZF5NYxPwz4VoEoFXWTO32UNOMwe91KjOwP0gMc7sK97NE0rOUlZ8jxZSlau6GgtGAUAg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-07-07T03:02:24.234046Z","bundle_sha256":"576678f6c56ce461e1fcc7ef76a47fb1967c26612450c567a7c8caa8e9d749d0"}}