English
Related papers

Related papers: Learning to Catch Security Patches

200 papers

Numerous security attacks that resulted in devastating consequences can be traced back to a delay in applying a security patch. Despite the criticality of timely patch application, not much is known about why and how delays occur when…

Software Engineering · Computer Science 2022-09-07 Nesara Dissanayake , Mansooreh Zahedi , Asangi Jayatilaka , M. Ali Babar

Automatic patch generation can significantly reduce the window of exposure after a vulnerability is disclosed. Towards this goal, a long-standing problem has been that of patch localization: to find a program point at which a patch can be…

Cryptography and Security · Computer Science 2020-08-12 Shiqi Shen , Aashish Kolluri , Zhen Dong , Prateek Saxena , Abhik Roychoudhury

Automated Program Repair (APR) techniques typically rely on a given test-suite to guide the repair process. Apart from the need to provide test oracles, this makes the produced patches prone to test data over-fitting. In this work, instead…

Software Engineering · Computer Science 2023-08-02 Yuntong Zhang , Andreea Costea , Ridwan Shariffdeen , Davin McCall , Abhik Roychoudhury

Open source software (OSS) vulnerabilities threaten the security of software systems that use OSS. Vulnerability databases provide valuable information (e.g., vulnerable version and patch) to mitigate OSS vulnerabilities. There arises a…

Software Engineering · Computer Science 2023-10-03 Congying Xu , Bihuan Chen , Chenhao Lu , Kaifeng Huang , Xin Peng , Yang Liu

Recent attacks exploiting errors in smart contract code had devastating consequences thereby questioning the benefits of this technology. It is currently highly challenging to fix errors and deploy a patched contract in time. Instant…

Cryptography and Security · Computer Science 2020-10-05 Michael Rodler , Wenting Li , Ghassan O. Karame , Lucas Davi

Security patch detection (SPD) is crucial for maintaining software security, as unpatched vulnerabilities can lead to severe security risks. In recent years, numerous learning-based SPD approaches have demonstrated promising results on…

Software Engineering · Computer Science 2025-09-09 Qingyuan Li , Binchang Li , Cuiyun Gao , Shuzheng Gao , Zongjie Li

Many modern software projects evolve rapidly to incorporate new features and security patches. It is important for users to update their dependencies to safer versions, but many still use older, vulnerable package versions because upgrading…

Software Engineering · Computer Science 2025-12-02 Zhiqing Zhong , Jiaming Huang , Pinjia He

As collaborative learning allows joint training of a model using multiple sources of data, the security problem has been a central concern. Malicious users can upload poisoned data to prevent the model's convergence or inject hidden…

Cryptography and Security · Computer Science 2021-01-21 Ximing Qiao , Yuhua Bai , Siping Hu , Ang Li , Yiran Chen , Hai Li

We propose patching for large language models (LLMs) like software versions, a lightweight and modular approach for addressing safety vulnerabilities. While vendors release improved LLM versions, major releases are costly, infrequent, and…

Artificial Intelligence · Computer Science 2026-04-28 Huzaifa Arif , Keerthiram Murugesan , Ching-Yun Ko , Pin-Yu Chen , Payel Das , Alex Gittens

Bug fixing is generally a manually-intensive task. However, recent work has proposed the idea of automated program repair, which aims to repair (at least a subset of) bugs in different ways such as code mutation, etc. Following in the same…

Software Engineering · Computer Science 2019-07-05 Hideaki Hata , Emad Shihab , Graham Neubig

Early identification of security issues in software development is vital to minimize their unanticipated impacts. Code review is a widely used manual analysis method that aims to uncover security issues along with other coding issues in…

Software Engineering · Computer Science 2024-07-18 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

The changesets (or patches) that fix open source software vulnerabilities form critical datasets for various machine learning security-enhancing applications, such as automated vulnerability patching and silent fix detection. These patch…

Software Engineering · Computer Science 2025-09-23 Hui Chen , Yunhua Zhao , Kostadin Damevski

Automated program repair is an emerging technology which consists of a suite of techniques to automatically fix bugs or vulnerabilities in programs. In this paper, we present a comprehensive survey of the state of the art in program repair.…

Software Engineering · Computer Science 2022-11-24 Xiang Gao , Yannic Noller , Abhik Roychoudhury

This paper presents Packet Chasing, an attack on the network that does not require access to the network, and works regardless of the privilege level of the process receiving the packets. A spy process can easily probe and discover the…

Cryptography and Security · Computer Science 2020-05-27 Mohammadkazem Taram , Ashish Venkat , Dean Tullsen

The lack of reliable sources of detailed information on the vulnerabilities of open-source software (OSS) components is a major obstacle to maintaining a secure software supply chain and an effective vulnerability management process.…

Cryptography and Security · Computer Science 2025-03-18 Antonino Sabetta , Michele Bezzi

In this work, we investigate the practice of patch construction in the Linux kernel development, focusing on the differences between three patching processes: (1) patches crafted entirely manually to fix bugs, (2) those that are derived…

Software Engineering · Computer Science 2018-12-20 Anil Koyuncu , Tegawendé F. Bissyandé , Dongsun Kim , Jacques Klein , Martin Monperrus , Yves Le Traon

We propose a novel approach to improving software security called Cryptographic Path Hardening, which is aimed at hiding security vulnerabilities in software from attackers through the use of provably secure and obfuscated cryptographic…

Software Engineering · Computer Science 2012-02-03 Vijay Ganesh , Michael Carbin , Martin Rinard

The informativeness of security-related commit messages is crucial for patch triage: when high, it enables the rapid distribution and deployment of security fixes. Prior research (Reis et al., 2023) reported, however, that commit messages…

Software Engineering · Computer Science 2026-04-23 Syful Islam , Stefano Zacchiroli

Discovering vulnerabilities in applications of real-world complexity is a daunting task: a vulnerability may affect a single line of code, and yet it compromises the security of the entire application. Even worse, vulnerabilities may…

Cryptography and Security · Computer Science 2020-12-10 Gabriele Costa , Andrea Valenza

Training machine learning approaches for vulnerability identification and producing reliable tools to assist developers in implementing quality software -- free of vulnerabilities -- is challenging due to the lack of large datasets and real…

Cryptography and Security · Computer Science 2021-10-20 Sofia Reis , Rui Abreu