English
Related papers

Related papers: Learning to Catch Security Patches

200 papers

Version control systems for source code, such as Git, are key tools in modern software development environments. Many developers use online services, such as GitHub or GitLab, for collaborative software development. While software projects…

Cryptography and Security · Computer Science 2022-11-15 Alexander Krause , Jan H. Klemmer , Nicolas Huaman , Dominik Wermke , Yasemin Acar , Sascha Fahl

Software vulnerabilities pose critical security risks, demanding prompt and effective mitigation strategies. While advancements in Automated Program Repair (APR) have primarily targeted general software bugs, the domain of vulnerability…

Software Engineering · Computer Science 2025-01-14 Zanis Ali Khan , Aayush Garg , Yuejun Guo , Qiang Tang

Automated program repair is an emerging technology that seeks to automatically rectify bugs and vulnerabilities using learning, search, and semantic analysis. Trust in automatically generated patches is necessary for achieving greater…

Software Engineering · Computer Science 2022-02-14 Yannic Noller , Ridwan Shariffdeen , Xiang Gao , Abhik Roychoudhury

Although there have been many solutions applied, the safety challenges related to the password security mechanism are not reduced. The reason for this is that while the means and tools to support password attacks are becoming more and more…

Cryptography and Security · Computer Science 2019-12-05 Nguyen Hong Son , Ha Thanh Dung

As software development practices increasingly adopt AI-powered tools, ensuring that such tools can support secure coding has become critical. This study evaluates the effectiveness of GitHub Copilot's recently introduced code review…

Software Engineering · Computer Science 2025-09-18 Amena Amro , Manar H. Alalfi

Retrieving the correct set of files from a large codebase is a crucial step in Automated Program Repair (APR). High recall is necessary to ensure that the relevant files are included, but simply increasing the number of retrieved files…

Software Engineering · Computer Science 2026-04-14 Mahir Labib Dihan , Faria Binta Awal , Md. Ishrak Ahsan

Linux kernel stable versions serve the needs of users who value stability of the kernel over new features. The quality of such stable versions depends on the initiative of kernel developers and maintainers to propagate bug fixing patches to…

Software Engineering · Computer Science 2019-11-12 Thong Hoang , Julia Lawall , Yuan Tian , Richard J Oentaryo , David Lo

A timely software update is vital to combat the increasing security vulnerabilities. However, some software vendors may secretly patch their vulnerabilities without creating CVE entries or even describing the security issue in their change…

Cryptography and Security · Computer Science 2023-12-14 Xu He , Shu Wang , Pengbin Feng , Xinda Wang , Shiyu Sun , Qi Li , Kun Sun

In this paper, we perform a comprehensive study of 2,470 patched Android vulnerabilities that we collect from different data sources such as Android security bulletins, CVEDetails, Qualcomm Code Aurora, AOSP Git repository, and Linux…

Cryptography and Security · Computer Science 2019-05-24 Sadegh Farhang , Mehmet Bahadir Kirdan , Aron Laszka , Jens Grossklags

Many applications have security vulnerabilities that can be exploited. It is practically impossible to find all of them due to the NP-complete nature of the testing problem. Security solutions provide defenses against these attacks through…

Cryptography and Security · Computer Science 2020-07-17 Fady Copty , Andre Kassis , Sharon Keidar-Barner , Dov Murik

Test-based automatic program repair has attracted a lot of attention in recent years. However, the test suites in practice are often too weak to guarantee correctness and existing approaches often generate a large number of incorrect…

Software Engineering · Computer Science 2018-07-30 Yingfei Xiong , Xinyuan Liu , Muhan Zeng , Lu Zhang , Gang Huang

Outdated software remains a potent and underappreciated menace in 2025's cybersecurity environment, exposing systems to a broad array of threats, including ransomware, data breaches, and operational outages that can have devastating and…

Cryptography and Security · Computer Science 2025-05-21 Gogulakrishnan Thiyagarajan , Vinay Bist , Prabhudarshi Nayak

In this work, we propose a novel perspective to the problem of patch correctness assessment: a correct patch implements changes that "answer" to a problem posed by buggy behaviour. Concretely, we turn the patch correctness assessment into a…

Software Engineering · Computer Science 2022-09-02 Haoye Tian , Xunzhu Tang , Andrew Habib , Shangwen Wang , Kui Liu , Xin Xia , Jacques Klein , Tegawendé F. Bissyandé

Is it possible to patch software bugs in P4 programs without human involvement? We show that this is partially possible in many cases due to advances in software testing and the structure of P4 programs. Our insight is that runtime…

Software Engineering · Computer Science 2020-04-28 Apoorv Shukla , Kevin Hudemann , Zsolt Vági , Lily Hügerich , Georgios Smaragdakis , Stefan Schmid , Artur Hecker , Anja Feldmann

Knowledge-based systems reason over some knowledge base. Hence, an important issue for such systems is how to acquire the knowledge needed for their inference. This paper assesses active learning methods for acquiring knowledge for "static…

Software Engineering · Computer Science 2020-10-23 Xueqi Yang , Zhe Yu , Junjie Wang , Tim Menzies

Towards predicting patch correctness in APR, we propose a simple, but novel hypothesis on how the link between the patch behaviour and failing test specifications can be drawn: similar failing test cases should require similar patches. We…

Software Engineering · Computer Science 2022-03-17 Haoye Tian , Yinghua Li , Weiguo Pian , Abdoul Kader Kaboré , Kui Liu , Andrew Habib , Jacques Klein , Tegawendé F. Bissyande

Third-party library dependencies are commonplace in today's software development. With the growing threat of security vulnerabilities, applying security fixes in a timely manner is important to protect software systems. As such, the…

Software Engineering · Computer Science 2022-05-18 Ayano Ikegami , Raula Gaikovina Kula , Bodin Chinthanet , Vittunyuta Maeprasart , Ali Ouni , Takashi Ishio , Kenichi Matsumoto

Code Review plays a crucial role in software quality, by allowing reviewers to discuss and critique any new patches before they can be successfully integrated into the project code. Yet, it is unsure the extent to which coding pattern…

Software Engineering · Computer Science 2021-03-17 Panyawut Sri-iesaranusorn , Raula Gaikovina Kula , Takashi Ishio

In software development, fixing bugs is an important task that is time consuming and cost-sensitive. While many approaches have been proposed to automatically detect and patch software code, the strategies are limited to a set of identified…

Software Engineering · Computer Science 2015-07-22 Tegawendé F. Bissyandé

Many tools and libraries are readily available to build and operate distributed Web applications. While the setup of operational environments is comparatively easy, practice shows that their continuous secure operation is more difficult to…

Cryptography and Security · Computer Science 2012-07-13 Matteo Maria Casalino , Michele Mangili , Henrik Plate , Serena Elisa Ponta