English
Related papers

Related papers: ThreatZoom: CVE2CWE using Hierarchical Neural Netw…

200 papers

Automatically locating vulnerable statements in source code is crucial to assure software security and alleviate developers' debugging efforts. This becomes even more important in today's software ecosystem, where vulnerable code can flow…

Software Engineering · Computer Science 2022-01-14 Yangruibo Ding , Sahil Suneja , Yunhui Zheng , Jim Laredo , Alessandro Morari , Gail Kaiser , Baishakhi Ray

Software vulnerabilities pose critical security and risk concerns for many software systems. Many techniques have been proposed to effectively assess and prioritize these vulnerabilities before they cause serious consequences. To evaluate…

Cryptography and Security · Computer Science 2024-09-25 Bonan Ruan , Jiahao Liu , Weibo Zhao , Zhenkai Liang

Security teams face a challenge: the volume of newly disclosed Common Vulnerabilities and Exposures (CVEs) far exceeds the capacity to manually develop detection mechanisms. In 2025, the National Vulnerability Database published over 48,000…

Cryptography and Security · Computer Science 2026-04-03 Ayush Garg , Sophia Hager , Jacob Montiel , Aditya Tiwari , Michael Gentile , Zach Reavis , David Magnotti , Wayne Fullen

High-quality datasets of real-world vulnerabilities and their corresponding verifiable exploits are crucial resources in software security research. Yet such resources remain scarce, as their creation demands intensive manual effort and…

The rapid increase in cybersecurity vulnerabilities necessitates automated tools for analyzing and classifying vulnerability reports. This paper presents a novel Vulnerability Report Classifier that leverages the BERT (Bidirectional Encoder…

Cryptography and Security · Computer Science 2025-03-28 Himanshu Tiwari

Automated vulnerability detection research has made substantial progress, yet its real-world impact remains limited. Prior work found that current vulnerability datasets suffer from issues including label inaccuracy rates of 20%-71%,…

Modern hardware designs have grown increasingly efficient and complex. However, they are often susceptible to Common Weakness Enumerations (CWEs). This paper is focused on the formal verification of CWEs in a dataset of hardware designs…

Artificial Intelligence · Computer Science 2024-09-04 Deepak Narayan Gadde , Aman Kumar , Thomas Nalapat , Evgenii Rezunov , Fabio Cappellini

Context: Coordination is a fundamental tenet of software engineering. Coordination is required also for identifying discovered and disclosed software vulnerabilities with Common Vulnerabilities and Exposures (CVEs). Motivated by recent…

Software Engineering · Computer Science 2020-07-27 Jukka Ruohonen , Sampsa Rauti , Sami Hyrynsalmi , Ville Leppänen

In vulnerability assessments, software component-based CVE attribution is a common method to identify possibly vulnerable systems at scale. However, such version-centric approaches yield high false-positive rates for binary distributed…

Cryptography and Security · Computer Science 2022-09-13 René Helmke , Johannes vom Dorp

Recent research finds CNN models for image classification demonstrate overlapped adversarial vulnerabilities: adversarial attacks can mislead CNN models with small perturbations, which can effectively transfer between different models…

In recent years, a proliferation of cyber-security threats and diversity has been on the rise culminating in an increase in their reporting and analysis. To counter that, many non-profit organizations have emerged in this domain, such as…

Cryptography and Security · Computer Science 2023-04-24 Ashraf Haddad , Najwa Aaraj , Preslav Nakov , Septimiu Fabian Mare

In software, a vulnerability is a defect in a program that attackers might utilize to acquire unauthorized access, alter system functions, and acquire information. These vulnerabilities arise from programming faults, design flaws, incorrect…

Software Engineering · Computer Science 2024-11-28 Md. Fahim Sultan , Tasmin Karim , Md. Shazzad Hossain Shaon , Mohammad Wardat , Mst Shapna Akter

The dynamic landscape of cybersecurity demands precise and scalable solutions for vulnerability management in heterogeneous systems, where configuration-specific vulnerabilities are often misidentified due to inconsistent data in databases…

Cryptography and Security · Computer Science 2025-05-21 Yuning Jiang , Feiyang Shang , Freedy Tan Wei You , Huilin Wang , Chia Ren Cong , Qiaoran Meng , Nay Oo , Hoon Wei Lim , Biplab Sikdar

ICS environments are vital to the operation of critical infrastructure such as power grids, water treatment facilities, and manufacturing plants. However, these systems are vulnerable to cyber attacks due to their reliance on interconnected…

Cryptography and Security · Computer Science 2024-12-02 Can Ozkan , Dave Singelee

Identification of cyber threats is one of the essential tasks for security teams. Currently, cyber threats can be identified using knowledge organized into various formats, enumerations, and knowledge bases. This paper studies the current…

Cryptography and Security · Computer Science 2022-06-30 Lukáš Sadlek , Pavel Čeleda , Daniel Tovarňák

Engineering more secure software has become a critical challenge in the cyber world. It is very important to develop methodologies, techniques, and tools for developing secure software. To develop secure software, software developers need…

Software Engineering · Computer Science 2023-02-14 Nicholas Lasky , Benjamin Hallis , Mounika Vanamala , Rushit Dave , Jim Seliya

Malicious software attacks are having an increasingly significant economic impact. Commercial malware detection software can be costly, and tools that attribute malware to the specific software vulnerabilities it exploits are largely…

Cryptography and Security · Computer Science 2026-02-03 Eduard Andrei Cristea , Petter Molnes , Jingyue Li

Public vulnerability databases such as CVE and NVD account for only 60% of security vulnerabilities present in open-source projects, and are known to suffer from inconsistent quality. Over the last two years, there has been considerable…

Software Engineering · Computer Science 2019-11-19 Achyudh Ram , Ji Xin , Meiyappan Nagappan , Yaoliang Yu , Rocío Cabrera Lozoya , Antonino Sabetta , Jimmy Lin

The number of newly published vulnerabilities is constantly increasing. Until now, the information available when a new vulnerability is published is manually assessed by experts using a Common Vulnerability Scoring System (CVSS) vector and…

Cryptography and Security · Computer Science 2022-10-06 Philipp Kuehn , David N. Relke , Christian Reuter

We propose and release a new vulnerable source code dataset. We curate the dataset by crawling security issue websites, extracting vulnerability-fixing commits and source codes from the corresponding projects. Our new dataset contains…

Cryptography and Security · Computer Science 2023-08-10 Yizheng Chen , Zhoujie Ding , Lamya Alowain , Xinyun Chen , David Wagner