English
Related papers

Related papers: Learning to Catch Security Patches

200 papers

During code reviews, an essential step in software quality assurance, reviewers have the difficult task of understanding and evaluating code changes to validate their quality and prevent introducing faults to the codebase. This is a tedious…

Software Engineering · Computer Science 2024-05-14 Doriane Olewicki , Sarra Habchi , Bram Adams

Code changes are an integral part of the software development process. Many code changes are meant to improve the code without changing its functional behavior, e.g., refactorings and performance improvements. Unfortunately, validating…

Software Engineering · Computer Science 2025-02-25 Lars Gröninger , Beatriz Souza , Michael Pradel

Exploitation of heap vulnerabilities has been on the rise, leading to many devastating attacks. Conventional heap patch generation is a lengthy procedure, requiring intensive manual efforts. Worse, fresh patches tend to harm system…

Cryptography and Security · Computer Science 2018-12-12 Qiang Zeng , Golam Kayas , Emil Mohammed , Lannan Luo , Xiaojiang Du , Junghwan Rhee

Software plays a crucial role in our daily lives, and therefore the quality and security of software systems have become increasingly important. However, vulnerabilities in software still pose a significant threat, as they can have serious…

Software Engineering · Computer Science 2023-09-18 Chaozheng Wang , Zongjie Li , Yun Peng , Shuzheng Gao , Sirong Chen , Shuai Wang , Cuiyun Gao , Michael R. Lyu

In this report we investigate fundamental requirements for the application of classifier patching on neural networks. Neural network patching is an approach for adapting neural network models to handle concept drift in nonstationary…

Machine Learning · Computer Science 2019-01-17 Sebastian Kauschke , David Hermann Lehmann

In recent years, the rapid growth of security vulnerabilities poses great challenges to tracing and managing them. For example, it was reported that the NVD database experienced significant delays due to the shortage of maintainers. Such…

Cryptography and Security · Computer Science 2024-11-19 Xueqing Liu , Yuchen Xiong , Qiushi Liu , Jiangrui Zheng

Static bug detection tools help developers detect problems in the code, including bad programming practices and potential defects. Recent efforts to integrate static bug detectors in modern software development workflows, such as in code…

Software Engineering · Computer Science 2024-01-24 Junjie Li , Jinqiu Yang

Backdoor attack is a major threat to deep learning systems in safety-critical scenarios, which aims to trigger misbehavior of neural network models under attacker-controlled conditions. However, most backdoor attacks have to modify the…

Machine Learning · Computer Science 2023-08-24 Yizhen Yuan , Rui Kong , Shenghao Xie , Yuanchun Li , Yunxin Liu

Automated detection of vulnerability-fixing commits (VFCs) is critical for timely security patch deployment, as advisory databases lag patch releases by a median of 25 days and many fixes never receive advisories. We present a comprehensive…

Software Engineering · Computer Science 2026-05-14 Nils Loose , Joseph Bienhüls , Kristoffer Hempel , Felix Mächtle , Thomas Eisenbarth

This work presents a new tool to verify the correctness of cryptographic implementations with respect to cache attacks. Our methodology discovers vulnerabilities that are hard to find with other techniques, observed as exploitable leakage.…

Cryptography and Security · Computer Science 2017-09-07 Gorka Irazoqui , Kai Cong , Xiaofei Guo , Hareesh Khattri , Arun Kanuparthi , Thomas Eisenbarth , Berk Sunar

Secure applications implement software protections against side-channel and physical attacks. Such protections are meaningful at machine code or micro-architectural level, but they typically do not carry observable semantics at source…

Cryptography and Security · Computer Science 2021-01-18 Son Tuan Vu , Albert Cohen , Karine Heydemann , Arnaud de Grandmaison , Christophe Guillon

Millions of open-source projects with numerous bug fixes are available in code repositories. This proliferation of software development histories can be leveraged to learn how to fix common programming bugs. To explore such a potential, we…

Software Engineering · Computer Science 2019-05-22 Michele Tufano , Cody Watson , Gabriele Bavota , Massimiliano Di Penta , Martin White , Denys Poshyvanyk

Generative deep learning (DL) models have been successfully adopted for vulnerability patching. However, such models require the availability of a large dataset of patches to learn from. To overcome this issue, researchers have proposed to…

Software Engineering · Computer Science 2024-04-30 Antonio Mastropaolo , Vittoria Nardone , Gabriele Bavota , Massimiliano Di Penta

Thousands of security vulnerabilities are discovered in production software each year, either reported publicly to the Common Vulnerabilities and Exposures database or discovered internally in proprietary code. Vulnerabilities often…

Background: Testing and validation of the semantic correctness of patches provided by tools for Automated Program Repairs (APR) has received a lot of attention. Yet, the eventual acceptance or rejection of suggested patches for real world…

Software Engineering · Computer Science 2022-09-19 Aurora Papotti , Ranindya Paramitha , Fabio Massacci

Peer code review has been found to be effective in identifying security vulnerabilities. However, despite practicing mandatory code reviews, many Open Source Software (OSS) projects still encounter a large number of post-release security…

Software Engineering · Computer Science 2021-02-16 Rajshakhar Paul , Asif Kamal Turzo , Amiangshu Bosu

Recently, self-supervised learning (SSL) was shown to be vulnerable to patch-based data poisoning backdoor attacks. It was shown that an adversary can poison a small part of the unlabeled data so that when a victim trains an SSL model on…

Computer Vision and Pattern Recognition · Computer Science 2023-04-05 Ajinkya Tejankar , Maziar Sanjabi , Qifan Wang , Sinong Wang , Hamed Firooz , Hamed Pirsiavash , Liang Tan

Object detectors, which are widely deployed in security-critical systems such as autonomous vehicles, have been found vulnerable to patch hiding attacks. An attacker can use a single physically-realizable adversarial patch to make the…

Computer Vision and Pattern Recognition · Computer Science 2023-01-02 Chong Xiang , Alexander Valtchanov , Saeed Mahloujifar , Prateek Mittal

Detecting and fixing bugs are two of the most important yet frustrating parts of the software development cycle. Existing bug detection tools are based mainly on static analyzers, which rely on mathematical logic and symbolic reasoning…

Computation and Language · Computer Science 2021-10-04 Dawn Drain , Chen Wu , Alexey Svyatkovskiy , Neel Sundaresan

The relentless process of tracking and remediating vulnerabilities is a top concern for cybersecurity professionals. The key challenge is trying to identify a remediation scheme specific to in-house, organizational objectives. Without a…

Cryptography and Security · Computer Science 2024-06-11 Corren McCoy , Ross Gore , Michael L. Nelson , Michele C. Weigle