English
Related papers

Related papers: VulCurator: A Vulnerability-Fixing Commit Detector

200 papers

Vulnerabilities in software security can remain undiscovered even after being exploited. Linking attacks to vulnerabilities helps experts identify and respond promptly to the incident. This paper introduces VULDAT, a classification tool…

Cryptography and Security · Computer Science 2024-07-12 Refat Othman , Bruno Rossi , Barbara Russo

Software vulnerabilities remain a significant risk factor in achieving security objectives within software development organizations. This is especially true where either proprietary or open-source software (OSS) is included in the…

Software Engineering · Computer Science 2025-09-23 James J. Cusick

Large language models (LLMs) have achieved remarkable progress in code understanding tasks. However, they demonstrate limited performance in vulnerability detection and struggle to distinguish vulnerable code from patched code. We argue…

Software Engineering · Computer Science 2026-03-31 Hao Zhu , Jia Li , Cuiyun Gao , Jiaru Qian , Yihong Dong , Huanyu Liu , Lecheng Wang , Ziliang Wang , Xiaolong Hu , Ge Li

The increasing complexity of software systems and the sophistication of cyber-attacks have underscored the need for reliable automated software vulnerability detection. Data-driven approaches using deep learning models show promise but…

Cryptography and Security · Computer Science 2026-03-19 Amine Lbath , Massih-Reza Amini , Aurelien Delaitre , Vadim Okun

Open-source AI libraries are foundational to modern AI systems, yet they present significant, underexamined risks spanning security, licensing, maintenance, supply chain integrity, and regulatory compliance. We introduce LibVulnWatch, a…

Cryptography and Security · Computer Science 2025-07-01 Zekun Wu , Seonglae Cho , Umar Mohammed , Cristian Munoz , Kleyton Costa , Xin Guan , Theo King , Ze Wang , Emre Kazim , Adriano Koshiyama

AI-based solutions demonstrate remarkable results in identifying vulnerabilities in software, but research has consistently found that this performance does not generalize to unseen codebases. In this paper, we specifically investigate the…

Cryptography and Security · Computer Science 2025-10-08 Rijha Safdar , Danyail Mateen , Syed Taha Ali , M. Umer Ashfaq , Wajahat Hussain

The increasing prevalence of software vulnerabilities highlights the need for effective Automatic Vulnerability Repair (AVR) tools. While LLM-based approaches are promising, they struggle to incorporate structured security knowledge from…

Cryptography and Security · Computer Science 2026-05-08 Jia Li , Zhuangbin Chen , Yuxin Su , Michael R. Lyu

Accurate vulnerability-inducing commit identification serves as a foundation for a series of software security tasks, such as vulnerability detection and affected version analysis. A straightforward solution is the SZZ algorithm, which…

Cryptography and Security · Computer Science 2026-04-28 Sicong Cao , Jinxuan Xu , Le Yu , Jing Yang , Xingwei Lin , Linlin Zhu , Fu Xiao

One of the most pressing threats to computing systems is software vulnerabilities, which can compromise both hardware and software components. Existing methods for vulnerability detection remain suboptimal. Traditional techniques are both…

Cryptography and Security · Computer Science 2023-09-28 Jin Wang , Zishan Huang , Hengli Liu , Nianyi Yang , Yinhao Xiao

Open-source software (OSS) vulnerabilities are increasingly prevalent, emphasizing the importance of security patches. However, in widely used security platforms like NVD, a substantial number of CVE records still lack trace links to…

Software Engineering · Computer Science 2024-07-25 Kaixuan Li , Jian Zhang , Sen Chen , Han Liu , Yang Liu , Yixiang Chen

Many ML-based approaches have been proposed to automatically detect, localize, and repair software vulnerabilities. While ML-based methods are more effective than program analysis-based vulnerability analysis tools, few have been integrated…

Software Engineering · Computer Science 2023-05-29 Michael Fu , Chakkrit Tantithamthavorn , Trung Le , Yuki Kume , Van Nguyen , Dinh Phung , John Grundy

Our work explores the utilization of deep learning, specifically leveraging the CodeBERT model, to enhance code security testing for Python applications by detecting SQL injection vulnerabilities. Unlike traditional security testing methods…

Cryptography and Security · Computer Science 2025-08-29 Guan-Yan Yang , Yi-Heng Ko , Farn Wang , Kuo-Hui Yeh , Haw-Shiang Chang , Hsueh-Yi Chen

Software vulnerabilities are major risks to software systems. Recently, researchers have proposed many deep learning approaches to detect software vulnerabilities. However, their accuracy is limited in practice. One of the main causes is…

Software Engineering · Computer Science 2025-11-13 Zeru Cheng , Yanjing Yang , He Zhang , Lanxin Yang , Jinghao Hu , Jinwei Xu , Bohan Liu , Haifeng Shen

Deep learning (DL) models have become increasingly popular in identifying software vulnerabilities. Prior studies found that vulnerabilities across different vulnerable programs may exhibit similar vulnerable scopes, implicitly forming…

Cryptography and Security · Computer Science 2023-06-13 Michael Fu , Trung Le , Van Nguyen , Chakkrit Tantithamthavorn , Dinh Phung

The proliferation of software vulnerabilities poses a significant challenge for security databases and analysts tasked with their timely identification, classification, and remediation. With the National Vulnerability Database (NVD)…

Cryptography and Security · Computer Science 2024-03-05 Daniel Alfasi , Tal Shapira , Anat Bremler Barr

Modern configurable systems offer customization via intricate configuration spaces, yet such flexibility introduces pervasive configuration-related issues such as misconfigurations and latent softwarebugs. Existing diagnosability supports…

Software Engineering · Computer Science 2025-09-01 Shiwen Shan , Yintong Huo , Yuxin Su , Zhining Wang , Dan Li , Zibin Zheng

Preventing vulnerability exploits is a critical software maintenance task, and software engineers often rely on Common Vulnerability and Exposure (CVEs) reports for information about vulnerable systems and libraries. These reports include…

Software Engineering · Computer Science 2019-10-01 Danielle Gonzalez , Holly Hastings , Mehdi Mirakhorli

Open Source Software (OSS) security and resilience are worldwide phenomena hampering economic and technological innovation. OSS vulnerabilities can cause unauthorized access, data breaches, network disruptions, and privacy violations,…

Software Engineering · Computer Science 2024-01-17 Nafis Tanveer Islam , Gonzalo De La Torre Parra , Dylan Manual , Murtuza Jadliwala , Peyman Najafirad

Software vulnerabilities are commonly exploited as attack vectors in cyberattacks. Hence, it is crucial to identify vulnerable software configurations early to apply preventive measures. Effective vulnerability detection relies on…

Cryptography and Security · Computer Science 2024-12-24 Devesh Sawant , Manjesh K. Hanawal , Atul Kabra

Automated vulnerability detection tools are widely used to identify security vulnerabilities in software dependencies. However, the evaluation of such tools remains challenging due to the heterogeneous structure of vulnerability data…

Software Engineering · Computer Science 2026-04-24 Peter Mandl , Paul Mandl , Martin Häusl , Maximilian Auch
‹ Prev 1 3 4 5 6 7 10 Next ›