English
Related papers

Related papers: VuLASTE: Long Sequence Model with Abstract Syntax …

200 papers

The identification of vulnerabilities is an important element in the software development life cycle to ensure the security of software. While vulnerability identification based on the source code is a well studied field, the identification…

Cryptography and Security · Computer Science 2022-12-05 Andreas Schaad , Dominik Binder

In software, a vulnerability is a defect in a program that attackers might utilize to acquire unauthorized access, alter system functions, and acquire information. These vulnerabilities arise from programming faults, design flaws, incorrect…

Software Engineering · Computer Science 2024-11-28 Md. Fahim Sultan , Tasmin Karim , Md. Shazzad Hossain Shaon , Mohammad Wardat , Mst Shapna Akter

Software vulnerabilities (SVs) have emerged as a prevalent and critical concern for safety-critical security systems. This has spurred significant advancements in utilizing AI-based methods, including machine learning and deep learning, for…

Software Engineering · Computer Science 2025-10-07 Van Nguyen , Surya Nepal , Tingmin Wu , Xingliang Yuan , Carsten Rudolph

We propose and release a new vulnerable source code dataset. We curate the dataset by crawling security issue websites, extracting vulnerability-fixing commits and source codes from the corresponding projects. Our new dataset contains…

Cryptography and Security · Computer Science 2023-08-10 Yizheng Chen , Zhoujie Ding , Lamya Alowain , Xinyun Chen , David Wagner

Software vulnerabilities exist in open-source software (OSS), and the developers who discover these vulnerabilities may submit issue reports (IRs) to describe their details. Security practitioners need to spend a lot of time manually…

Software Engineering · Computer Science 2025-09-05 Ziyou Jiang , Mingyang Li , Guowei Yang , Lin Shi , Qing Wang

Vulnerability fixes in open source software (OSS) usually follow the coordinated vulnerability disclosure model and are silently fixed. This delay can expose OSS users to risks as malicious parties might exploit the software before fixes…

Software Engineering · Computer Science 2024-09-26 Xu Yang , Shaowei Wang , Jiayuan Zhou , Xing Hu

Each year, software vulnerabilities are discovered, which pose significant risks of exploitation and system compromise. We present a convolutional neural network model that can successfully identify bugs in C code. We trained our model…

Cryptography and Security · Computer Science 2026-02-27 C. Seas , G. Fitzpatrick , J. A. Hamilton , M. C. Carlisle

In this paper, we present a challenging code reasoning task: vulnerability detection. Large Language Models (LLMs) have shown promising results in natural-language and math reasoning, but state-of-the-art (SOTA) models reported only 54.5%…

Software Engineering · Computer Science 2025-01-09 Benjamin Steenhoek , Md Mahbubur Rahman , Monoshi Kumar Roy , Mirza Sanjida Alam , Hengbo Tong , Swarna Das , Earl T. Barr , Wei Le

Large Language Models (LLMs) have training corpora containing large amounts of program code, greatly improving the model's code comprehension and generation capabilities. However, sound comprehensive research on detecting program…

Cryptography and Security · Computer Science 2024-08-22 Yu Liu , Lang Gao , Mingxin Yang , Yu Xie , Ping Chen , Xiaojin Zhang , Wei Chen

Automatically detecting software vulnerabilities is an important problem that has attracted much attention from the academic research community. However, existing vulnerability detectors still cannot achieve the vulnerability detection…

Cryptography and Security · Computer Science 2021-05-04 Zhen Li , Deqing Zou , Shouhuai Xu , Zhaoxuan Chen , Yawei Zhu , Hai Jin

In the age of big data and machine learning, at a time when the techniques and methods of software development are evolving rapidly, a problem has arisen: programmers can no longer detect all the security flaws and vulnerabilities in their…

Software Engineering · Computer Science 2021-08-05 Amirreza Bagheri , Péter Hegedűs

Although modern vulnerability detection tools enable developers to efficiently identify numerous security flaws, indiscriminate remediation efforts often lead to superfluous development expenses. This is particularly true given that a…

Software Engineering · Computer Science 2025-06-26 Hao Shen , Ming Hu , Xiaofei Xie , Jiaye Li , Mingsong Chen

Security issues in shipped code can lead to unforeseen device malfunction, system crashes or malicious exploitation by crackers, post-deployment. These vulnerabilities incur a cost of repair and foremost risk the credibility of the company.…

Artificial Intelligence · Computer Science 2021-04-20 Anshul Tanwar , Hariharan Manikandan , Krishna Sundaresan , Prasanna Ganesan , Sathish Kumar Chandrasekaran , Sriram Ravi

Cyber-security vulnerabilities are usually published in form of short natural language descriptions (e.g., in form of MITRE's CVE list) that over time are further manually enriched with labels such as those defined by the Common…

Cryptography and Security · Computer Science 2023-10-11 Mark-Oliver Stehr , Minyoung Kim

Software vulnerabilities are a serious and crucial concern. Typically, in a program or function consisting of hundreds or thousands of source code statements, there are only a few statements causing the corresponding vulnerabilities. Most…

Cryptography and Security · Computer Science 2024-06-13 Van Nguyen , Trung Le , Chakkrit Tantithamthavorn , Michael Fu , John Grundy , Hung Nguyen , Seyit Camtepe , Paul Quirk , Dinh Phung

There is an increasing trend to mine vulnerabilities from software repositories and use machine learning techniques to automatically detect software vulnerabilities. A fundamental but unresolved research question is: how do different…

Software Engineering · Computer Science 2024-06-07 Esma Mouine , Yan Liu , Lu Xiao , Rick Kazman , Xiao Wang

Code Pre-trained Models (CodePTMs) based vulnerability detection have achieved promising results over recent years. However, these models struggle to generalize as they typically learn superficial mapping from source code to labels instead…

Cryptography and Security · Computer Science 2024-06-07 Xiaohu Du , Ming Wen , Jiahao Zhu , Zifan Xie , Bin Ji , Huijun Liu , Xuanhua Shi , Hai Jin

Detecting vulnerabilities in source code remains critical yet challenging, as conventional static analysis tools construct inaccurate program representations, while existing LLM-based approaches often miss essential vulnerability context…

Software Engineering · Computer Science 2026-04-14 Yiheng Cao , Yihao Chen , Xin Hu , Bihuan Chen , Jiayi Deng , Zhuotong Zhou , Susheng Wu , Yiheng Huang , Xueying Du , Xingman Chen , Miaohua Li , Xin Peng

Software vulnerability detection has emerged as a significant concern in the field of software security recently, capturing the attention of numerous researchers and developers. Most previous approaches focus on coarse-grained vulnerability…

Software Engineering · Computer Science 2025-09-16 Wenchao Gu , Yupan Chen , Yanlin Wang , Hongyu Zhang , Cuiyun Gao , Michael R. Lyu

The increasing complexity of modern software systems exacerbates the prevalence of security vulnerabilities, posing risks of severe breaches and substantial economic loss. Consequently, robust code vulnerability detection is essential for…

Cryptography and Security · Computer Science 2025-10-09 Zhiyuan Wei , Xiaoxuan Yang , Jing Sun , Zijian Zhang