English
Related papers

Related papers: Learning to Catch Security Patches

200 papers

Leaked secrets, such as passwords and API keys, in codebases were responsible for numerous security breaches. Existing heuristic techniques, such as pattern matching, entropy analysis, and machine learning, exist to detect and alert…

Cryptography and Security · Computer Science 2020-08-14 Zhen Yu Ding , Benjamin Khakshoor , Justin Paglierani , Mantej Rajpal

In the context of test case based automated program repair (APR), the research community call the patches that pass all the test cases but fail to actually fix the bug test case overfitted patches. Currently, overfitted patches has to be…

Software Engineering · Computer Science 2020-07-27 Ali Ghanbari

Security advisories are the primary channel of communication for discovered vulnerabilities in open-source software, but they often lack crucial information. Specifically, 63% of vulnerability database reports are missing their patch links,…

Cryptography and Security · Computer Science 2023-11-06 Trevor Dunlap , Elizabeth Lin , William Enck , Bradley Reaves

Automated detection of software vulnerabilities is a fundamental problem in software security. Existing program analysis techniques either suffer from high false positives or false negatives. Recent progress in Deep Learning (DL) has…

Software Engineering · Computer Science 2020-09-16 Saikat Chakraborty , Rahul Krishna , Yangruibo Ding , Baishakhi Ray

An adversarial patch can arbitrarily manipulate image pixels within a restricted region to induce model misclassification. The threat of this localized attack has gained significant attention because the adversary can mount a…

Computer Vision and Pattern Recognition · Computer Science 2021-04-27 Chong Xiang , Prateek Mittal

Software vulnerabilities bear enterprises significant costs. Despite extensive efforts in research and development of software vulnerability detection methods, uncaught vulnerabilities continue to put software owners and users at risk. Many…

Vulnerabilities severely threaten software systems, making the timely application of security patches crucial for mitigating attacks. However, software vendors often silently patch vulnerabilities with limited disclosure, where Security…

Software Engineering · Computer Science 2026-01-12 Qingyuan Li , Chenchen Yu , Chuanyi Li , Xin-Cheng Wen , Cheryl Lee , Cuiyun Gao , Bin Luo

Security patches are essential for enhancing the stability and robustness of projects in the software community. While vulnerabilities are officially expected to be patched before being disclosed, patching vulnerabilities is complicated and…

Cryptography and Security · Computer Science 2024-08-19 Ziyou Jiang , Lin Shi , Guowei Yang , Qing Wang

Traditional security scanners fail when facing new attack patterns they haven't seen before. They rely on fixed rules and predetermined signatures, making them blind to novel threats. We present a fundamentally different approach: instead…

Cryptography and Security · Computer Science 2025-11-21 Ayush Chaudhary

Security critical software, e.g., OpenSSL, comes with numerous side-channel leakages left unpatched due to a lack of resources or experts. The situation will only worsen as the pace of code development accelerates, with developers relying…

Cryptography and Security · Computer Science 2023-08-28 M. Caner Tol , Berk Sunar

Computer security has been a concern for decades and artificial intelligence techniques have been applied to the area for nearly as long. Most of the techniques are being applied to the detection of attacks to running systems, but recent…

Cryptography and Security · Computer Science 2019-12-17 Steve Kommrusch

This paper presents a framework that selectively triggers security reviews for incoming source code changes. Functioning as a review bot within a code review service, the framework can automatically request additional security reviews at…

Cryptography and Security · Computer Science 2024-05-28 Keun Soo Yim

Public disclosure of important security information, such as knowledge of vulnerabilities or exploits, often occurs in blogs, tweets, mailing lists, and other online sources months before proper classification into structured databases. In…

Information Retrieval · Computer Science 2013-10-14 Nikki McNeil , Robert A. Bridges , Michael D. Iannacone , Bogdan Czejdo , Nicolas Perez , John R. Goodall

Attacks can exploit zero-day or one-day vulnerabilities that are not publicly disclosed. To detect these vulnerabilities, security researchers monitor development activities in open-source repositories to identify unreported security…

A widespread belief in the blockchain security community is that automated techniques are only good for detecting shallow bugs, typically of small value. In this paper, we present the techniques and insights that have led us to repeatable…

Plagiarism detection in programming education faces growing challenges due to increasingly sophisticated obfuscation techniques, particularly automated refactoring-based attacks. While code plagiarism detection systems used in education…

Software Engineering · Computer Science 2025-10-30 Robin Maisch , Larissa Schmid , Timur Sağlam , Nils Niehues

Logging code plays an important role in software systems by recording key events and behaviors, which are essential for debugging and monitoring. However, insecure logging practices can inadvertently expose sensitive information or enable…

Software Engineering · Computer Science 2026-04-23 He Yang Yuan , Xin Wang , Kundi Yao , An Ran Chen , Zishuo Ding , Zhenhao Li

Public development processes are a key characteristic of open source projects. However, fixes for vulnerabilities are usually discussed privately among a small group of trusted maintainers, and integrated without prior public involvement.…

Software Engineering · Computer Science 2020-09-08 Ralf Ramsauer , Lukas Bulwahn , Daniel Lohmann , Wolfgang Mauerer

In rapid release development processes, patches that fix critical issues, or implement high-value features are often promoted directly from the development channel to a stabilization channel, potentially skipping one or more stabilization…

Software Engineering · Computer Science 2017-09-27 Marco Castelluccio , Le An , Foutse Khomh

Deep learning-based malware detection systems are vulnerable to adversarial EXEmples - carefully-crafted malicious programs that evade detection with minimal perturbation. As such, the community is dedicating effort to develop mechanisms to…

Cryptography and Security · Computer Science 2024-05-02 Daniel Gibert , Luca Demetrio , Giulio Zizzo , Quan Le , Jordi Planes , Battista Biggio