English
Related papers

Related papers: Predicting Vulnerability In Large Codebases With D…

200 papers

Software vulnerabilities, caused by unintentional flaws in source code, are a primary root cause of cyberattacks. Static analysis of source code has been widely used to detect these unintentional defects introduced by software developers.…

Software Engineering · Computer Science 2024-08-08 Andrew A Mahyari

The promise of Large Language Models in automated software engineering is often measured by functional correctness, overlooking the critical issue of long term maintainability. This paper presents a systematic audit of technical debt in…

Software Engineering · Computer Science 2026-05-05 Yuecai Zhu , Nikolaos Tsantalis , Peter C. Rigby

Software undergoes constant changes to support new requirements, address bugs, enhance performance, and ensure maintainability. Thus, developers spend a great portion of their workday trying to understand and review the code changes of…

Software Engineering · Computer Science 2024-08-26 Pouria Alikhanifard , Nikolaos Tsantalis

Static bug detection tools help developers detect code problems. However, it is known that they remain underutilized due to various reasons. Recent advances to incorporate static bug detectors in modern software development workflows can…

Software Engineering · Computer Science 2021-03-26 Junjie Li

Large language models (LLMs) for code generation are becoming integral to modern software development, but their real-world prevalence and security impact remain poorly understood. We present the first large-scale empirical study of…

Software Engineering · Computer Science 2025-12-23 Bin Wang , Wenjie Yu , Yilu Zhong , Hao Yu , Keke Lian , Chaohua Lu , Hongfang Zheng , Dong Zhang , Hui Li

The rapid growth of Artificial Intelligence (AI) models and applications has led to an increasingly complex security landscape. Developers of AI projects must contend not only with traditional software supply chain issues but also with…

Software Engineering · Computer Science 2026-01-12 The Anh Nguyen , Triet Huynh Minh Le , M. Ali Babar

Recent advances in large language models have enabled developers to generate software by conversing with artificial intelligence systems rather than writing code directly. This paper introduces vibe coding, an emerging AI-native programming…

Software Engineering · Computer Science 2025-10-22 Vinay Bamil

The rapid pace of large-scale software development places increasing demands on traditional testing methodologies, often leading to bottlenecks in efficiency, accuracy, and coverage. We propose a novel perspective on software testing by…

Software Engineering · Computer Science 2025-04-08 Yuchen Wang , Shangxin Guo , Chee Wei Tan

Motivation: Technical debt is a metaphor that describes not-quite-right code introduced for short-term needs. Developers are aware of it and admit it in source code comments, which is called Self- Admitted Technical Debt (SATD). Therefore,…

Software Engineering · Computer Science 2023-12-05 Moritz Mock

Large Language Models (LLMs) such as OpenAI Codex are increasingly being used as AI-based coding assistants. Understanding the impact of these tools on developers' code is paramount, especially as recent work showed that LLMs may suggest…

Cryptography and Security · Computer Science 2023-02-28 Gustavo Sandoval , Hammond Pearce , Teo Nys , Ramesh Karri , Siddharth Garg , Brendan Dolan-Gavitt

Large language models (LLMs) have made significant advancements in code-related tasks, yet many LLMs treat code as simple sequences, neglecting its structured nature. We introduce AST-T5, a novel pretraining paradigm that leverages the…

Software Engineering · Computer Science 2024-06-25 Linyuan Gong , Mostafa Elhoushi , Alvin Cheung

Software vulnerabilities, caused by unintentional flaws in source codes, are the main root cause of cyberattacks. Source code static analysis has been used extensively to detect the unintentional defects, i.e. vulnerabilities, introduced…

Cryptography and Security · Computer Science 2022-11-17 Arash Mahyari

With the celebrated success of deep learning, some attempts to develop effective methods for detecting malicious PowerShell programs employ neural nets in a traditional natural language processing setup while others employ convolutional…

Software Engineering · Computer Science 2018-10-23 Gili Rusak , Abdullah Al-Dujaili , Una-May O'Reilly

Background. Defect prediction has been a highly active topic among researchers in the Empirical Software Engineering field. Previous literature has successfully achieved the most accurate prediction of an incoming fault and identified the…

Software Engineering · Computer Science 2026-01-06 Mikel Robredo , Matteo Esposito , Fabio Palomba , Rafael Peñaloza , Valentina Lenarduzzi

Large language models (LLMs) have become proficient at sophisticated code-generation tasks, yet remain ineffective at reliably detecting or avoiding code vulnerabilities. Does this deficiency stem from insufficient learning about code…

Cryptography and Security · Computer Science 2025-07-15 Weichen Yu , Ravi Mangal , Terry Zhuo , Matt Fredrikson , Corina S. Pasareanu

Machine learning techniques for cybersecurity-related software engineering tasks are becoming increasingly popular. The representation of source code is a key portion of the technique that can impact the way the model is able to learn the…

Machine Learning · Computer Science 2025-04-10 Beatrice Casey , Joanna C. S. Santos , George Perry

Building deep learning models on source code has found many successful software engineering applications, such as code search, code comment generation, bug detection, code migration, and so on. Current learning techniques, however, have a…

Software Engineering · Computer Science 2020-12-16 Nghi D. Q. Bui , Yijun Yu , Lingxiao Jiang

Pre-trained language models of code are now widely used in various software engineering tasks such as code generation, code completion, vulnerability detection, etc. This, in turn, poses security and reliability risks to these models. One…

Software Engineering · Computer Science 2024-11-01 Thanh-Dat Nguyen , Yang Zhou , Xuan Bach D. Le , Patanamon Thongtanunam , David Lo

Code generation with large language models (LLMs), often termed vibe coding, is increasingly adopted in production but fails to ensure code quality, particularly in security (e.g., SQL injection vulnerabilities) and maintainability (e.g.,…

Computation and Language · Computer Science 2025-05-30 Feng Yao , Zilong Wang , Liyuan Liu , Junxia Cui , Li Zhong , Xiaohan Fu , Haohui Mai , Vish Krishnan , Jianfeng Gao , Jingbo Shang

As businesses increasingly adopt cloud technologies, they also need to be aware of new security challenges, such as server-side script attacks, to ensure the integrity of their systems and data. These scripts can steal data, compromise…

Cryptography and Security · Computer Science 2024-11-14 Ecenaz Erdemir , Kyuhong Park , Michael J. Morais , Vianne R. Gao , Marion Marschalek , Yi Fan