English
Related papers

Related papers: On using distributed representations of source cod…

200 papers

In software development, the predominant emphasis on functionality often supersedes security concerns, a trend gaining momentum with AI-driven automation tools like GitHub Copilot. These tools significantly improve developers' efficiency in…

Consider the problem of verifying security properties of a cryptographic protocol coded in C. We propose an automatic solution that needs neither a pre-existing protocol description nor manual annotation of source code. First, symbolically…

Cryptography and Security · Computer Science 2011-07-07 Mihhail Aizatulin , Andrew D. Gordon , Jan Jürjens

Vulnerability detection is crucial to protect software security. Nowadays, deep learning (DL) is the most promising technique to automate this detection task, leveraging its superior ability to extract patterns and representations within…

Software Engineering · Computer Science 2026-02-13 Yuejun Guo , Qiang Hu , Qiang Tang , Yves Le Traon

Identifying which software versions are affected by a vulnerability is critical for patching, risk mitigation. Despite a growing body of tools, their real-world effectiveness remains unclear due to narrow evaluation scopes often limited to…

Software Engineering · Computer Science 2025-09-10 Xingchu Chen , Chengwei Liu , Jialun Cao , Yang Xiao , Xinyue Cai , Yeting Li , Jingyi Shi , Tianqi Sun , Haiming Chen ang Wei Huo

Large Language Models (LLMs) have emerged as a popular choice in vulnerability detection studies given their foundational capabilities, open source availability, and variety of models, but have limited scalability due to extensive compute…

Software Engineering · Computer Science 2026-04-01 Miles Farmer , Ekincan Ufuktepe , Anne Watson , Hialo Muniz Carvalho , Vadim Okun , Zineb Maasaoui , Kannappan Palaniappan

Vulnerability detection methods based on deep learning (DL) have shown strong performance on benchmark datasets, yet their real-world effectiveness remains underexplored. Recent work suggests that both graph neural network (GNN)-based and…

Cryptography and Security · Computer Science 2025-12-12 Chaomeng Lu , Bert Lagaisse

Current machine-learning based software vulnerability detection methods are primarily conducted at the function-level. However, a key limitation of these methods is that they do not indicate the specific lines of code contributing to…

Cryptography and Security · Computer Science 2022-03-28 David Hin , Andrey Kan , Huaming Chen , M. Ali Babar

Evaluating and improving the security capabilities of code agents requires high-quality, executable vulnerability tasks. However, existing works rely on costly, unscalable manual reproduction and suffer from outdated data distributions. To…

Cryptography and Security · Computer Science 2026-05-19 Xianzhen Luo , Jingyuan Zhang , Shiqi Zhou , Rain Huang , Chuan Xiao , Qingfu Zhu , Zhiyuan Ma , Xing Yue , Yang Yue , Wencong Zeng , Wanxiang Che

This paper presents results from the MSR 2021 Hackathon. Our team investigates files/projects that contain known security vulnerabilities and how widespread they are throughout repositories in open source software. These security…

Software Engineering · Computer Science 2021-03-24 David Reid , Kalvin Eng , Chris Bogart , Adam Tutko

The significant increase in software production, driven by the acceleration of development cycles over the past two decades, has led to a steady rise in software vulnerabilities, as shown by statistics published yearly by the CVE program.…

Software Engineering · Computer Science 2025-12-11 Dyna Soumhane Ouchebara , Stéphane Dupont

In this technical report, we present HW2VEC [11], an open-source graph learning tool for hardware security, and its implementation details (Figure 1). HW2VEC provides toolboxes for graph representation extraction in the form of Data Flow…

Cryptography and Security · Computer Science 2021-08-03 Yasamin Moghaddas , Tommy Nguyen , Shih-Yuan Yu , Rozhin Yasaei , Mohammad Abdullah Al Faruque

In vulnerability assessments, software component-based CVE attribution is a common method to identify possibly vulnerable systems at scale. However, such version-centric approaches yield high false-positive rates for binary distributed…

Cryptography and Security · Computer Science 2022-09-13 René Helmke , Johannes vom Dorp

Code intelligence leverages machine learning techniques to extract knowledge from extensive code corpora, with the aim of developing intelligent tools to improve the quality and productivity of computer programming. Currently, there is…

Software Engineering · Computer Science 2024-01-02 Yao Wan , Yang He , Zhangqian Bi , Jianguo Zhang , Hongyu Zhang , Yulei Sui , Guandong Xu , Hai Jin , Philip S. Yu

Background: Leaking sensitive information - such as API keys, tokens, and credentials - in source code remains a persistent security threat. Traditional regex and entropy-based tools often generate high false positives due to limited…

Software Engineering · Computer Science 2025-07-29 Md Nafiu Rahman , Sadif Ahmed , Zahin Wahab , S M Sohan , Rifat Shahriyar

The increasing reliance on software in various applications has made the problem of software vulnerability detection more critical. Software vulnerabilities can lead to security breaches, data theft, and other negative outcomes. Traditional…

Software Engineering · Computer Science 2025-12-16 Saadh Jawwadh , Guhanathan Poravi

Identifying the vulnerabilities exploited during cyberattacks is essential for enabling timely responses and effective mitigation in software security. This paper directly examines the process of predicting software vulnerabilities,…

Cryptography and Security · Computer Science 2026-02-24 Refat Othman , Diaeddin Rimawi , Bruno Rossi , Barbara Russo

Open-source software (OSS) has experienced a surge in popularity, attributed to its collaborative development model and cost-effective nature. However, the adoption of specific software versions in development projects may introduce…

Software Engineering · Computer Science 2025-08-15 Yiran Cheng , Ting Zhang , Lwin Khin Shar , Shouguo Yang , Chaopeng Dong , David Lo , Shichao Lv , Zhiqiang Shi , Limin Sun

Recent advances in large language models for test case generation have improved branch coverage via prompt-engineered mutations. However, they still lack principled mechanisms for steering models toward specific high-risk execution…

Software Engineering · Computer Science 2026-04-21 Khang Tran , Khoa Nguyen , Cristian Borcea , NhatHai Phan

In the past couple of decades, significant research efforts are devoted to the prediction of software bugs. However, most existing work in this domain treats all bugs the same, which is not the case in practice. It is important for a defect…

Software Engineering · Computer Science 2023-09-07 Ehsan Mashhadi , Hossein Ahmadvand , Hadi Hemmati

Deep learning models have gained popularity for conducting various tasks involving source code. However, their black-box nature raises concerns about potential risks. One such risk is a poisoning attack, where an attacker intentionally…

Cryptography and Security · Computer Science 2025-03-18 Ehab Ghannoum , Mohammad Ghafari