English
Related papers

Related papers: CompVPD: Iteratively Identifying Vulnerability Pat…

200 papers

Large Language Models (LLMs) have emerged as promising tools in software development, enabling automated code generation and analysis. However, their knowledge is limited to a fixed cutoff date, making them prone to generating code…

Cryptography and Security · Computer Science 2025-12-01 Minjae Seo , Wonwoo Choi , Myoungsung You , Seungwon Shin

Software vulnerabilities pose serious risks to modern software ecosystems. While the National Vulnerability Database (NVD) is the authoritative source for cataloging these vulnerabilities, it often lacks explicit links to the corresponding…

Software Engineering · Computer Science 2025-09-10 Huu Hung Nguyen , Anh Tuan Nguyen , Thanh Le-Cong , Yikun Li , Han Wei Ang , Yide Yin , Frank Liauw , Shar Lwin Khin , Ouh Eng Lieh , Ting Zhang , David Lo

Vulnerabilities severely threaten software systems, making the timely application of security patches crucial for mitigating attacks. However, software vendors often silently patch vulnerabilities with limited disclosure, where Security…

Software Engineering · Computer Science 2026-01-12 Qingyuan Li , Chenchen Yu , Chuanyi Li , Xin-Cheng Wen , Cheryl Lee , Cuiyun Gao , Bin Luo

Software vendors often silently release security patches without providing sufficient advisories (e.g., Common Vulnerabilities and Exposures) or delayed updates via resources (e.g., National Vulnerability Database). Therefore, it has become…

Software Engineering · Computer Science 2024-12-12 Xin-Cheng Wen , Zirui Lin , Cuiyun Gao , Hongyu Zhang , Yong Wang , Qing Liao

Automated vulnerability patching is crucial for software security, and recent advancements in Large Language Models (LLMs) present promising capabilities for automating this task. However, existing research has primarily assessed LLMs using…

Cryptography and Security · Computer Science 2025-12-01 Aayush Garg , Zanis Ali Khan , Renzo Degiovanni , Qiang Tang

Open source software (OSS) is integral to modern product development, and any vulnerability within it potentially compromises numerous products. While developers strive to apply security patches, pinpointing these patches among extensive…

Cryptography and Security · Computer Science 2024-09-16 Jinhong Yu , Yi Chen , Di Tang , Xiaozhong Liu , XiaoFeng Wang , Chen Wu , Haixu Tang

Recent advancements in generative AI have led to the widespread adoption of large language models (LLMs) in software engineering, addressing numerous long-standing challenges. However, a comprehensive study examining the capabilities of…

Software Engineering · Computer Science 2025-03-04 Ting Zhang , Chengran Yang , Yindu Su , Martin Weyssow , Hung Nguyen , Tan Bui , Hong Jin Kang , Yikun Li , Eng Lieh Ouh , Lwin Khin Shar , David Lo

An upstream task for software bill-of-materials (SBOMs) is the accurate localization of the patch that fixes a vulnerability. Nevertheless, existing work reveals a significant gap in the CVEs whose patches exist but are not traceable.…

Cryptography and Security · Computer Science 2025-08-18 Xueqing Liu , Jiangrui Zheng , Guanqun Yang , Siyan Wen , Qiushi Liu , Xiaoyin Wang

The dynamic landscape of cybersecurity demands precise and scalable solutions for vulnerability management in heterogeneous systems, where configuration-specific vulnerabilities are often misidentified due to inconsistent data in databases…

Cryptography and Security · Computer Science 2025-05-21 Yuning Jiang , Feiyang Shang , Freedy Tan Wei You , Huilin Wang , Chia Ren Cong , Qiaoran Meng , Nay Oo , Hoon Wei Lim , Biplab Sikdar

Detecting vulnerability fix commits in open-source software is crucial for maintaining software security. To help OSS identify vulnerability fix commits, several automated approaches are developed. However, existing approaches like…

Software Engineering · Computer Science 2025-01-28 Xu Yang , Wenhan Zhu , Michael Pacheco , Jiayuan Zhou , Shaowei Wang , Xing Hu , Kui Liu

The significant increase in software production, driven by the acceleration of development cycles over the past two decades, has led to a steady rise in software vulnerabilities, as shown by statistics published yearly by the CVE program.…

Software Engineering · Computer Science 2025-12-11 Dyna Soumhane Ouchebara , Stéphane Dupont

It is increasingly suggested to identify Software Vulnerabilities (SVs) in code commits to give early warnings about potential security risks. However, there is a lack of effort to assess vulnerability-contributing commits right after they…

Software Engineering · Computer Science 2021-08-19 Triet H. M. Le , David Hin , Roland Croft , M. Ali Babar

Thousands of security vulnerabilities are discovered in production software each year, either reported publicly to the Common Vulnerabilities and Exposures database or discovered internally in proprietary code. Vulnerabilities often…

Software vulnerabilities can result in catastrophic cyberattacks that increasingly threaten business operations. Consequently, ensuring the safety of software systems has become a paramount concern for both private and public sectors.…

Software Engineering · Computer Science 2024-12-10 Boyu Zhang , Triet H. M. Le , M. Ali Babar

Large Language Models (LLMs) have shown promise in tasks like code translation, prompting interest in their potential for automating software vulnerability detection (SVD) and patching (SVP). To further research in this area, establishing a…

Software Engineering · Computer Science 2024-09-18 Arastoo Zibaeirad , Marco Vieira

Software vulnerabilities continue to be ubiquitous, even in the era of AI-powered code assistants, advanced static analysis tools, and the adoption of extensive testing frameworks. It has become apparent that we must not simply prevent…

Automatically detecting software vulnerabilities is an important problem that has attracted much attention from the academic research community. However, existing vulnerability detectors still cannot achieve the vulnerability detection…

Cryptography and Security · Computer Science 2021-05-04 Zhen Li , Deqing Zou , Shouhuai Xu , Zhaoxuan Chen , Yawei Zhu , Hai Jin

Automated Vulnerability Repair (AVR) systems, especially those leveraging large language models (LLMs), have demonstrated promising results in patching vulnerabilities -- that is, if we trust their patch validation methodology. Ground-truth…

Software Engineering · Computer Science 2026-03-23 Zheng Yu , Wenxuan Shi , Xinqian Sun , Zheyun Feng , Meng Xu , Xinyu Xing

Vulnerability detection is a critical aspect of software security. Accurate detection is essential to prevent potential security breaches and protect software systems from malicious attacks. Recently, vulnerability detection methods…

Software Engineering · Computer Science 2025-04-24 Yixin Yang , Bowen Xu , Xiang Gao , Hailong Sun

Detecting vulnerabilities in source code remains critical yet challenging, as conventional static analysis tools construct inaccurate program representations, while existing LLM-based approaches often miss essential vulnerability context…

Software Engineering · Computer Science 2026-04-14 Yiheng Cao , Yihao Chen , Xin Hu , Bihuan Chen , Jiayi Deng , Zhuotong Zhou , Susheng Wu , Yiheng Huang , Xueying Du , Xingman Chen , Miaohua Li , Xin Peng