English
Related papers

Related papers: Multi-Granularity Detector for Vulnerability Fixes

200 papers

Open-source software (OSS) vulnerability management process is important nowadays, as the number of discovered OSS vulnerabilities is increasing over time. Monitoring vulnerability-fixing commits is a part of the standard process to prevent…

Cryptography and Security · Computer Science 2022-09-08 Truong Giang Nguyen , Thanh Le-Cong , Hong Jin Kang , Xuan-Bach D. Le , David Lo

The use of open-source software (OSS) is ever-increasing, and so is the number of open-source vulnerabilities being discovered and publicly disclosed. The gains obtained from the reuse of community-developed libraries may be offset by the…

Cryptography and Security · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta

Vulnerability fixes in open source software (OSS) usually follow the coordinated vulnerability disclosure model and are silently fixed. This delay can expose OSS users to risks as malicious parties might exploit the software before fixes…

Software Engineering · Computer Science 2024-09-26 Xu Yang , Shaowei Wang , Jiayuan Zhou , Xing Hu

The lack of reliable sources of detailed information on the vulnerabilities of open-source software (OSS) components is a major obstacle to maintaining a secure software supply chain and an effective vulnerability management process.…

Cryptography and Security · Computer Science 2025-03-18 Antonino Sabetta , Michele Bezzi

The growing dependence of software projects on external libraries has generated apprehensions regarding the security of these libraries because of concealed vulnerabilities. Handling these vulnerabilities presents difficulties due to the…

Software Engineering · Computer Science 2023-09-18 Hieu Dinh Vo , Thanh Trong Vu , Son Nguyen

The increasing reliance of software projects on third-party libraries has raised concerns about the security of these libraries due to hidden vulnerabilities. Managing these vulnerabilities is challenging due to the time gap between fixes…

Software Engineering · Computer Science 2023-09-06 Son Nguyen , Thanh Trong Vu , Hieu Dinh Vo

Advancing our understanding of software vulnerabilities, automating their identification, the analysis of their impact, and ultimately their mitigation is necessary to enable the development of software that is more secure. While operating…

Software Engineering · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta , Michele Bezzi , Cédric Dangremont

Software vulnerability detection can be formulated as a binary classification problem that determines whether a given code snippet contains security defects. Existing multimodal methods typically fuse Natural Code Sequence (NCS)…

Software Engineering · Computer Science 2026-04-24 Yun Bian , Yi Chen , HaiQuan Wang , ShiHao Li , Zhe Cui

The lack of comprehensive sources of accurate vulnerability data represents a critical obstacle to studying and understanding software vulnerabilities (and their corrections). In this paper, we present an approach that combines heuristics…

Software Engineering · Computer Science 2025-03-18 Daan Hommersom , Antonino Sabetta , Bonaventura Coppola , Dario Di Nucci , Damian A. Tamburri

With the increasing disclosure of vulnerabilities in open-source software, software composition analysis (SCA) has been widely applied to reveal third-party libraries and the associated vulnerabilities in software projects. Beyond the…

Software Engineering · Computer Science 2023-01-23 Lyuye Zhang , Chengwei Liu , Zhengzi Xu , Sen Chen , Lingling Fan , Lida Zhao , Jiahui Wu , Yang Liu

Detecting memory corruption vulnerabilities in stripped binaries requires recovering object semantics, interprocedural propagation, and feasible triggers from low-level, lossy representations. Recent LLM-based approaches improve code…

Software Engineering · Computer Science 2026-05-15 Xinran Zheng , Alfredo Pesoli , Marco Valleri , Suman Jana , Lorenzo Cavallaro

In this paper, we investigate the strategies adopted by Solidity developers to fix security vulnerabilities in smart contracts. Vulnerabilities are categorized using the DASP TOP 10 taxonomy, and fixing strategies are extracted from GitHub…

Developers today use significant amounts of open source code, surfacing the need for ways to automatically audit and upgrade library dependencies, and giving rise to the subfield of Software Composition Analysis (SCA). SCA products are…

Software Engineering · Computer Science 2019-10-01 Darius Foo , Jason Yeo , Hao Xiao , Asankhaya Sharma

Detecting vulnerability fix commits in open-source software is crucial for maintaining software security. To help OSS identify vulnerability fix commits, several automated approaches are developed. However, existing approaches like…

Software Engineering · Computer Science 2025-01-28 Xu Yang , Wenhan Zhu , Michael Pacheco , Jiayuan Zhou , Shaowei Wang , Xing Hu , Kui Liu

It is increasingly suggested to identify Software Vulnerabilities (SVs) in code commits to give early warnings about potential security risks. However, there is a lack of effort to assess vulnerability-contributing commits right after they…

Software Engineering · Computer Science 2021-08-19 Triet H. M. Le , David Hin , Roland Croft , M. Ali Babar

Verifying integrity of software execution in low-end micro-controller units (MCUs) is a well-known open problem. The central challenge is how to securely detect software exploits with minimal overhead, since these MCUs are designed for low…

Cryptography and Security · Computer Science 2021-03-25 Ivan De Oliveira Nunes , Sashidhar Jakkamsetti , Gene Tsudik

Automated detection of vulnerability-fixing commits (VFCs) is critical for timely security patch deployment, as advisory databases lag patch releases by a median of 25 days and many fixes never receive advisories. We present a comprehensive…

Software Engineering · Computer Science 2026-05-14 Nils Loose , Joseph Bienhüls , Kristoffer Hempel , Felix Mächtle , Thomas Eisenbarth

The utilization of third-party open-source libraries is widespread in modern software development. Due to the dependency relationships, vulnerabilities within open-source libraries pose significant security threats to downstream software.…

Software Engineering · Computer Science 2026-05-07 Liyou Chen , Hailong Sun , Xiang Gao , Lin Shi , Yixin Yang , Yi Xu

Version control systems are commonly used to manage open-source software, in which each commit may introduce new vulnerabilities or fix existing ones. Researchers have developed various tools for detecting vulnerabilities in code commits,…

Software Engineering · Computer Science 2025-01-08 Zhaonan Wu , Yanjie Zhao , Chen Wei , Zirui Wan , Yue Liu , Haoyu Wang

Open source software vulnerabilities pose significant security risks to downstream applications. While vulnerability databases provide valuable information for mitigation, many security patches are released silently in new commits of OSS…

Software Engineering · Computer Science 2025-03-27 Yiran Cheng , Ting Zhang , Lwin Khin Shar , Zhe Lang , David Lo , Shichao Lv , Dongliang Fang , Zhiqiang Shi , Limin Sun
‹ Prev 1 2 3 10 Next ›