English
Related papers

Related papers: VulCurator: A Vulnerability-Fixing Commit Detector

200 papers

Automatically detecting software vulnerabilities is an important problem that has attracted much attention from the academic research community. However, existing vulnerability detectors still cannot achieve the vulnerability detection…

Cryptography and Security · Computer Science 2021-05-04 Zhen Li , Deqing Zou , Shouhuai Xu , Zhaoxuan Chen , Yawei Zhu , Hai Jin

Increasing numbers of software vulnerabilities are discovered every year whether they are reported publicly or discovered internally in proprietary code. These vulnerabilities can pose serious risk of exploit and result in system…

Automated detection of vulnerability-fixing commits (VFCs) is critical for timely security patch deployment, as advisory databases lag patch releases by a median of 25 days and many fixes never receive advisories. We present a comprehensive…

Software Engineering · Computer Science 2026-05-14 Nils Loose , Joseph Bienhüls , Kristoffer Hempel , Felix Mächtle , Thomas Eisenbarth

The sources of reliable, code-level information about vulnerabilities that affect open-source software (OSS) are scarce, which hinders a broad adoption of advanced tools that provide code-level detection and assessment of vulnerable OSS…

Software Engineering · Computer Science 2021-05-10 Therese Fehrer , Rocío Cabrera Lozoya , Antonino Sabetta , Dario Di Nucci , Damian A. Tamburri

Software vulnerabilities pose serious risks to modern software ecosystems. While the National Vulnerability Database (NVD) is the authoritative source for cataloging these vulnerabilities, it often lacks explicit links to the corresponding…

Software Engineering · Computer Science 2025-09-10 Huu Hung Nguyen , Anh Tuan Nguyen , Thanh Le-Cong , Yikun Li , Han Wei Ang , Yide Yin , Frank Liauw , Shar Lwin Khin , Ouh Eng Lieh , Ting Zhang , David Lo

Advancing our understanding of software vulnerabilities, automating their identification, the analysis of their impact, and ultimately their mitigation is necessary to enable the development of software that is more secure. While operating…

Software Engineering · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta , Michele Bezzi , Cédric Dangremont

Software vulnerabilities can pose severe harms to a computing system. They can lead to system crash, privacy leakage, or even physical damage. Correctly identifying vulnerabilities among enormous software codes in a timely manner is so far…

Cryptography and Security · Computer Science 2022-11-24 Jin Wang , Hui Xiao , Shuwen Zhong , Yinhao Xiao

The prevalent usage of open-source software (OSS) has led to an increased interest in resolving potential third-party security risks by fixing common vulnerabilities and exposures (CVEs). However, even with automated code analysis tools in…

Software Engineering · Computer Science 2022-11-16 Frederik L. Dennig , Eren Cakmak , Henrik Plate , Daniel A. Keim

Mainstream software applications and tools are the configurable platforms with an enormous number of parameters along with their values. Certain settings and possible interactions between these parameters may harden (or soften) the security…

Software Engineering · Computer Science 2020-06-17 Shuvalaxmi Dass , Akbar Siami Namin

The number of newly published vulnerabilities is constantly increasing. Until now, the information available when a new vulnerability is published is manually assessed by experts using a Common Vulnerability Scoring System (CVSS) vector and…

Cryptography and Security · Computer Science 2022-10-06 Philipp Kuehn , David N. Relke , Christian Reuter

Software vulnerabilities pose critical security and risk concerns for many software systems. Many techniques have been proposed to effectively assess and prioritize these vulnerabilities before they cause serious consequences. To evaluate…

Cryptography and Security · Computer Science 2024-09-25 Bonan Ruan , Jiahao Liu , Weibo Zhao , Zhenkai Liang

Applying security patches in open source software timely is critical for ensuring the security of downstream applications. However, it is challenging to apply these patches promptly because notifications of patches are often incomplete and…

Cryptography and Security · Computer Science 2024-06-11 Tianyu Chen , Lin Li , Taotao Qian , Jingyi Liu , Wei Yang , Ding Li , Guangtai Liang , Qianxiang Wang , Tao Xie

The automatic detection of software vulnerabilities is an important research problem. However, existing solutions to this problem rely on human experts to define features and often miss many vulnerabilities (i.e., incurring high false…

Cryptography and Security · Computer Science 2018-01-08 Zhen Li , Deqing Zou , Shouhuai Xu , Xinyu Ou , Hai Jin , Sujuan Wang , Zhijun Deng , Yuyi Zhong

Recently, deep learning techniques have garnered substantial attention for their ability to identify vulnerable code patterns accurately. However, current state-of-the-art deep learning models, such as Convolutional Neural Networks (CNN),…

Cryptography and Security · Computer Science 2023-02-24 Marwan Omar

We present a comprehensive dataset of Java vulnerability-fixing commits (VFCs) to advance research in Java vulnerability analysis. Our dataset, derived from thousands of open-source Java projects on GitHub, comprises two variants: JavaVFC…

Software Engineering · Computer Science 2024-09-10 Tan Bui , Yan Naing Tun , Yiran Cheng , Ivana Clairine Irsan , Ting Zhang , Hong Jin Kang

Version Control Systems (VCS) are frequently used to support development of large-scale software projects. A typical VCS repository of a large project can contain various intertwined branches consisting of a large number of commits. If some…

Software Engineering · Computer Science 2017-08-23 Jaroslav Bendik , Nikola Benes , Ivana Cerna

The application of language models to project-level vulnerability detection remains challenging, owing to the dual requirement of accurately localizing security-sensitive code and correctly correlating and reasoning over complex program…

Software Engineering · Computer Science 2025-09-16 Ziliang Wang , Ge Li , Jia Li , Hao Zhu , Zhi Jin

Critical open source software systems undergo significant validation in the form of lengthy fuzz campaigns. The fuzz campaigns typically conduct a biased random search over the domain of program inputs, to find inputs which crash the…

Cryptography and Security · Computer Science 2024-11-22 Yuntong Zhang , Jiawei Wang , Dominic Berzin , Martin Mirchev , Dongge Liu , Abhishek Arya , Oliver Chang , Abhik Roychoudhury

Vulnerability detection plays a key role in secure software development. There are many different vulnerability detection tools and techniques to choose from, and insufficient information on which vulnerability detection techniques to use…

Software Engineering · Computer Science 2021-03-10 Sarah Elder

Fine-grained software vulnerability detection is an important and challenging problem. Ideally, a detection system (or detector) not only should be able to detect whether or not a program contains vulnerabilities, but also should be able to…

Cryptography and Security · Computer Science 2020-01-09 Deqing Zou , Sujuan Wang , Shouhuai Xu , Zhen Li , Hai Jin