English
Related papers

Related papers: DeepCVA: Automated Commit-level Vulnerability Asse…

200 papers
EvalSVA: Multi-Agent Evaluators for Next-Gen Software Vulnerability Assessment

Software Vulnerability (SV) assessment is a crucial process of determining different aspects of SVs (e.g., attack vectors and scope) for developers to effectively prioritize efforts in vulnerability mitigation. It presents a challenging and…

Software Engineering · Computer Science 2025-01-28 Xin-Cheng Wen , Jiaxin Ye , Cuiyun Gao , Lianwei Wu , Qing Liao
Automated Code-centric Software Vulnerability Assessment: How Far Are We? An Empirical Study in C/C++

Background: The C and C++ languages hold significant importance in Software Engineering research because of their widespread use in practice. Numerous studies have utilized Machine Learning (ML) and Deep Learning (DL) techniques to detect…

Software Engineering · Computer Science 2024-08-06 Anh The Nguyen , Triet Huynh Minh Le , M. Ali Babar
On the Use of Fine-grained Vulnerable Code Statements for Software Vulnerability Assessment Models

Many studies have developed Machine Learning (ML) approaches to detect Software Vulnerabilities (SVs) in functions and fine-grained code statements that cause such SVs. However, there is little work on leveraging such detection outputs for…

Software Engineering · Computer Science 2022-03-17 Triet H. M. Le , M. Ali Babar
Exploiting Token and Path-based Representations of Code for Identifying Security-Relevant Commits

Public vulnerability databases such as CVE and NVD account for only 60% of security vulnerabilities present in open-source projects, and are known to suffer from inconsistent quality. Over the last two years, there has been considerable…

Software Engineering · Computer Science 2019-11-19 Achyudh Ram , Ji Xin , Meiyappan Nagappan , Yaoliang Yu , Rocío Cabrera Lozoya , Antonino Sabetta , Jimmy Lin
ActiveClean: Generating Line-Level Vulnerability Data via Active Learning

Deep learning vulnerability detection tools are increasing in popularity and have been shown to be effective. These tools rely on large volume of high quality training data, which are very hard to get. Most of the currently available…

Software Engineering · Computer Science 2023-12-05 Ashwin Kallingal Joshy , Mirza Sanjida Alam , Shaila Sharmin , Qi Li , Wei Le
Leveraging Self-Paced Learning for Software Vulnerability Detection

Software vulnerabilities are major risks to software systems. Recently, researchers have proposed many deep learning approaches to detect software vulnerabilities. However, their accuracy is limited in practice. One of the main causes is…

Software Engineering · Computer Science 2025-11-13 Zeru Cheng , Yanjing Yang , He Zhang , Lanxin Yang , Jinghao Hu , Jinwei Xu , Bohan Liu , Haifeng Shen
VulCurator: A Vulnerability-Fixing Commit Detector

Open-source software (OSS) vulnerability management process is important nowadays, as the number of discovered OSS vulnerabilities is increasing over time. Monitoring vulnerability-fixing commits is a part of the standard process to prevent…

Cryptography and Security · Computer Science 2022-09-08 Truong Giang Nguyen , Thanh Le-Cong , Hong Jin Kang , Xuan-Bach D. Le , David Lo
An Empirical Study of Deep Learning Models for Vulnerability Detection

Deep learning (DL) models of code have recently reported great progress for vulnerability detection. In some cases, DL-based models have outperformed static analysis tools. Although many great models have been proposed, we do not yet have a…

Software Engineering · Computer Science 2023-02-14 Benjamin Steenhoek , Md Mahbubur Rahman , Richard Jiles , Wei Le
A Manually-Curated Dataset of Fixes to Vulnerabilities of Open-Source Software

Advancing our understanding of software vulnerabilities, automating their identification, the analysis of their impact, and ultimately their mitigation is necessary to enable the development of software that is more secure. While operating…

Software Engineering · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta , Michele Bezzi , Cédric Dangremont
Vulnerability Management Chaining: An Integrated Framework for Efficient Cybersecurity Risk Prioritization

As the number of Common Vulnerabilities and Exposures (CVE) continues to grow exponentially, security teams face increasingly difficult decisions about prioritization. Current approaches using Common Vulnerability Scoring System (CVSS)…

Cryptography and Security · Computer Science 2026-03-05 Naoyuki Shimizu , Masaki Hashimoto
SPI: Automated Identification of Security Patches via Commits

Security patches in open-source software, providing security fixes to identified vulnerabilities, are crucial in protecting against cyberattacks. Despite the National Vulnerability Database (NVD) publishes identified vulnerabilities, a vast…

Cryptography and Security · Computer Science 2021-06-08 Yaqin Zhou , Jing Kai Siow , Chenyu Wang , Shangqing Liu , Yang Liu
Deep-Learning-based Vulnerability Detection in Binary Executables

The identification of vulnerabilities is an important element in the software development life cycle to ensure the security of software. While vulnerability identification based on the source code is a well studied field, the identification…

Cryptography and Security · Computer Science 2022-12-05 Andreas Schaad , Dominik Binder
Detecting Protracted Vulnerabilities in Open Source Projects

Timely resolution and disclosure of vulnerabilities are essential for maintaining the security of open-source software. However, many vulnerabilities remain unreported, unpatched, or undisclosed for extended periods, exposing users to…

Cryptography and Security · Computer Science 2026-03-31 Arjun Sridharkumar , Sara Al Hajj Ibrahim , Jiayuan Zhou , Yuliang Wang , Safwat Hassan , Ahmed E. Hassan , Shurui Zhou
DiverseVul: A New Vulnerable Source Code Dataset for Deep Learning Based Vulnerability Detection

We propose and release a new vulnerable source code dataset. We curate the dataset by crawling security issue websites, extracting vulnerability-fixing commits and source codes from the corresponding projects. Our new dataset contains…

Cryptography and Security · Computer Science 2023-08-10 Yizheng Chen , Zhoujie Ding , Lamya Alowain , Xinyun Chen , David Wagner
Automated software vulnerability detection with machine learning

Thousands of security vulnerabilities are discovered in production software each year, either reported publicly to the Common Vulnerabilities and Exposures database or discovered internally in proprietary code. Vulnerabilities often…

Software Engineering · Computer Science 2018-08-03 Jacob A. Harer , Louis Y. Kim , Rebecca L. Russell , Onur Ozdemir , Leonard R. Kosta , Akshay Rangamani , Lei H. Hamilton , Gabriel I. Centeno , Jonathan R. Key , Paul M. Ellingwood , Erik Antelman , Alan Mackay , Marc W. McConley , Jeffrey M. Opper , Peter Chin , Tomo Lazovich
A Practical Approach to the Automatic Classification of Security-Relevant Commits

The lack of reliable sources of detailed information on the vulnerabilities of open-source software (OSS) components is a major obstacle to maintaining a secure software supply chain and an effective vulnerability management process.…

Cryptography and Security · Computer Science 2025-03-18 Antonino Sabetta , Michele Bezzi
Vulnerability Detection Using Two-Stage Deep Learning Models

Application security is an essential part of developing modern software, as lots of attacks depend on vulnerabilities in software. The number of attacks is increasing globally due to technological advancements. Companies must include…

Cryptography and Security · Computer Science 2023-05-18 Mohamed Mjd Alhafi , Mohammad Hammade , Khloud Al Jallad
Security Vulnerability Detection with Multitask Self-Instructed Fine-Tuning of Large Language Models

Software security vulnerabilities allow attackers to perform malicious activities to disrupt software operations. Recent Transformer-based language models have significantly advanced vulnerability detection, surpassing the capabilities of…

Cryptography and Security · Computer Science 2024-06-11 Aidan Z. H. Yang , Haoye Tian , He Ye , Ruben Martins , Claire Le Goues
A Survey on Automated Software Vulnerability Detection Using Machine Learning and Deep Learning

Software vulnerability detection is critical in software security because it identifies potential bugs in software systems, enabling immediate remediation and mitigation measures to be implemented before they may be exploited. Automatic…

Software Engineering · Computer Science 2023-06-21 Nima Shiri Harzevili , Alvine Boaye Belle , Junjie Wang , Song Wang , Zhen Ming , Jiang , Nachiappan Nagappan
Predicting known Vulnerabilities from Attack News: A Transformer-Based Approach

Identifying the vulnerabilities exploited during cyberattacks is essential for enabling timely responses and effective mitigation in software security. This paper directly examines the process of predicting software vulnerabilities,…

Cryptography and Security · Computer Science 2026-02-24 Refat Othman , Diaeddin Rimawi , Bruno Rossi , Barbara Russo
‹ Prev 1 2 3 10 Next ›