Software vulnerabilities affect all businesses and research is being done to avoid, detect or repair them. In this article, we contribute a new technique for automatic vulnerability fixing. We present a system that uses the rich software development history that can be found on GitHub to train an AI system that generates patches. We apply sequence-to-sequence learning on a big dataset of code changes and we evaluate the trained system on real world vulnerabilities from the CVE database. The result shows the feasibility of using sequence-to-sequence learning for fixing software vulnerabilities.
@article{arxiv.1912.02015,
title = {Using Sequence-to-Sequence Learning for Repairing C Vulnerabilities},
author = {Zimin Chen and Steve Kommrusch and Martin Monperrus},
journal= {arXiv preprint arXiv:1912.02015},
year = {2019}
}