English
Related papers

Related papers: Learning to Catch Security Patches

200 papers

Many open-source projects land security fixes in public repositories before shipping these patches to users. This paper presents attacks on such projects - taking Firefox as a case-study - that exploit patch metadata to efficiently search…

Cryptography and Security · Computer Science 2011-09-05 Adam Barth , Saung Li , Benjamin I. P. Rubinstein , Dawn Song

Identifying security issues early is encouraged to reduce the latent negative impacts on software systems. Code review is a widely-used method that allows developers to manually inspect modified code, catching security issues during a…

Software Engineering · Computer Science 2024-05-10 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Patch fuzzing is a technique aimed at identifying vulnerabilities that arise from newly patched code. While researchers have made efforts to apply patch fuzzing to testing JavaScript engines with considerable success, these efforts have…

Cryptography and Security · Computer Science 2025-05-02 Junjie Wang , Yuhan Ma , Xiaofei Xie , Xiaoning Du , Xiangwei Zhang

Localized adversarial patches aim to induce misclassification in machine learning models by arbitrarily modifying pixels within a restricted region of an image. Such attacks can be realized in the physical world by attaching the adversarial…

Computer Vision and Pattern Recognition · Computer Science 2021-04-01 Chong Xiang , Arjun Nitin Bhagoji , Vikash Sehwag , Prateek Mittal

Promptly porting patches from a source codebase to its variants (e.g., forks and branches) is essential for mitigating propagated defects and vulnerabilities. Recent studies have explored automated patch porting to reduce manual effort and…

Software Engineering · Computer Science 2026-04-03 Shengyi Pan , Zhongxin Liu , Jiayuan Zhou , Xing Hu , Xin Xia , Shanping Li

An upstream task for software bill-of-materials (SBOMs) is the accurate localization of the patch that fixes a vulnerability. Nevertheless, existing work reveals a significant gap in the CVEs whose patches exist but are not traceable.…

Cryptography and Security · Computer Science 2025-08-18 Xueqing Liu , Jiangrui Zheng , Guanqun Yang , Siyan Wen , Qiushi Liu , Xiaoyin Wang

Despite the immense popularity of the Automated Program Repair (APR) field, the question of patch validation is still open. Most of the present-day approaches follow the so-called Generate-and-Validate approach, where first a candidate…

Software Engineering · Computer Science 2021-04-01 Viktor Csuvik , Dániel Horváth , Márk Lajkó , László Vidács

Over the last years, machine learning techniques have been applied to more and more application domains, including software engineering and, especially, software quality assurance. Important application domains have been, e.g., software…

Software Engineering · Computer Science 2021-04-30 Safa Omri , Carsten Sinz

Automated Program Repair (APR) can reduce the time developers spend debugging, allowing them to focus on other aspects of software development. Automatically generated bug patches are typically validated through software testing. However,…

Software Engineering · Computer Science 2026-03-13 David Williams , Ioakim Avraam , Aldeida Aleti , Matias Martinez , Justyna Petke , Federica Sarro

Federated learning is a versatile framework for training models in decentralized environments. However, the trust placed in clients makes federated learning vulnerable to backdoor attacks launched by malicious participants. While many…

Cryptography and Security · Computer Science 2024-12-23 Borja Molina-Coronado

In today's rapidly evolving technological landscape and advanced software development, the rise in cyber security attacks has become a pressing concern. The integration of robust cyber security defenses has become essential across all…

Software Engineering · Computer Science 2023-11-02 Mounika Vanamala , Keith Bryant , Alex Caravella

Automated vulnerability patching is crucial for software security, and recent advancements in Large Language Models (LLMs) present promising capabilities for automating this task. However, existing research has primarily assessed LLMs using…

Cryptography and Security · Computer Science 2025-12-01 Aayush Garg , Zanis Ali Khan , Renzo Degiovanni , Qiang Tang

Version control systems are commonly used to manage open-source software, in which each commit may introduce new vulnerabilities or fix existing ones. Researchers have developed various tools for detecting vulnerabilities in code commits,…

Software Engineering · Computer Science 2025-01-08 Zhaonan Wu , Yanjie Zhao , Chen Wei , Zirui Wan , Yue Liu , Haoyu Wang

Security bugs are errors in code that, when exploited, can lead to serious software vulnerabilities. These bugs could allow an attacker to take over an application and steal information. One of the ways to address this issue is by means of…

Software Engineering · Computer Science 2021-02-23 Tiago Espinha Gasiba , Samra Hodzic , Ulrike Lechner , Maria Pinto-Albuquerque

In this paper, we propose a new key-based defense focusing on both efficiency and robustness. Although the previous key-based defense seems effective in defending against adversarial examples, carefully designed adaptive attacks can bypass…

Computer Vision and Pattern Recognition · Computer Science 2023-09-06 AprilPyone MaungMaung , Isao Echizen , Hitoshi Kiya

Patch adversarial attacks on images, in which the attacker can distort pixels within a region of bounded size, are an important threat model since they provide a quantitative model for physical adversarial attacks. In this paper, we…

Machine Learning · Computer Science 2021-01-11 Alexander Levine , Soheil Feizi

Software vulnerabilities pose significant security threats, requiring effective mitigation. While Automated Program Repair (APR) has advanced in fixing general bugs, vulnerability patching, a security-critical aspect of APR remains…

Software Engineering · Computer Science 2025-06-06 Zanis Ali Khan , Aayush Garg , Qiang Tang

It is often desirable to remove (a.k.a. unlearn) a specific part of the training data from a trained neural network model. A typical application scenario is to protect the data holder's right to be forgotten, which has been promoted by many…

Machine Learning · Computer Science 2025-10-24 Xuran Li , Jingyi Wang , Xiaohan Yuan , Peixin Zhang

Users around the world rely on software-intensive systems in their day-to-day activities. These systems regularly contain bugs and security vulnerabilities. To facilitate bug fixing, data-driven models of automatic program repair use pairs…

Software Engineering · Computer Science 2022-02-08 Anastasiia Grishina

Lack of experience, inadequate documentation, and sub-optimal API design frequently cause developers to make mistakes when re-using third-party implementations. Such API misuses can result in unintended behavior, performance losses, or…

Software Engineering · Computer Science 2021-07-13 Sebastian Nielebock , Robert Heumüller , Kevin Michael Schott , Frank Ortmeier
‹ Prev 1 3 4 5 6 7 10 Next ›