English
Related papers

Related papers: VulZoo: A Comprehensive Vulnerability Intelligence…

200 papers

Vulnerabilities in software security can remain undiscovered even after being exploited. Linking attacks to vulnerabilities helps experts identify and respond promptly to the incident. This paper introduces VULDAT, a classification tool…

Cryptography and Security · Computer Science 2024-07-12 Refat Othman , Bruno Rossi , Barbara Russo

Open source software vulnerabilities pose significant security risks to downstream applications. While vulnerability databases provide valuable information for mitigation, many security patches are released silently in new commits of OSS…

Software Engineering · Computer Science 2025-03-27 Yiran Cheng , Ting Zhang , Lwin Khin Shar , Zhe Lang , David Lo , Shichao Lv , Dongliang Fang , Zhiqiang Shi , Limin Sun

Software vulnerabilities can have serious consequences, which is why many techniques have been proposed to defend against them. Among these, vulnerability detection techniques are a major area of focus. However, there is a lack of a…

Software Engineering · Computer Science 2023-03-30 Yingzhou Bi , Jiangtao Huang , Penghui Liu , Lianmei Wang

The use of open-source software (OSS) is ever-increasing, and so is the number of open-source vulnerabilities being discovered and publicly disclosed. The gains obtained from the reuse of community-developed libraries may be offset by the…

Cryptography and Security · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta

Large language models (LLMs) have recently shown strong potential in vulnerability detection (VD). However, accurately detecting vulnerabilities in real-world repositories requires reasoning over complex contextual interactions. Existing…

Cryptography and Security · Computer Science 2026-05-28 Youpeng Li , Fuxun Yu , Weiliang Qi , Xinda Wang

The significant increase in software production driven by automation and faster development lifecycles has resulted in a corresponding surge in software vulnerabilities. In parallel, the evolving landscape of software vulnerability…

Cryptography and Security · Computer Science 2024-08-30 Yuejun Guo , Constantinos Patsakis , Qiang Hu , Qiang Tang , Fran Casino

Learning multimodal representations involves integrating information from multiple heterogeneous sources of data. In order to accelerate progress towards understudied modalities and tasks while ensuring real-world robustness, we release…

Machine Learning · Computer Science 2023-06-29 Paul Pu Liang , Yiwei Lyu , Xiang Fan , Arav Agarwal , Yun Cheng , Louis-Philippe Morency , Ruslan Salakhutdinov

Bug reports help software development teams enhance software quality, yet their utility is often compromised by unclear or incomplete information. This issue not only hinders developers' ability to quickly understand and resolve bugs but…

Software Engineering · Computer Science 2025-04-29 Jagrit Acharya , Gouri Ginde

The increasing prevalence of software vulnerabilities highlights the need for effective Automatic Vulnerability Repair (AVR) tools. While LLM-based approaches are promising, they struggle to incorporate structured security knowledge from…

Cryptography and Security · Computer Science 2026-05-08 Jia Li , Zhuangbin Chen , Yuxin Su , Michael R. Lyu

Least-privilege separation decomposes applications into compartments limited to accessing only what they need. When compartmentalizing existing software, many approaches neglect securing the new inter-compartment interfaces, although what…

Cryptography and Security · Computer Science 2023-01-06 Hugo Lefeuvre , Vlad-Andrei Bădoiu , Yi Chien , Felipe Huici , Nathan Dautenhahn , Pierre Olivier

Software vulnerabilities are often detected via taint analysis, penetration testing, or fuzzing. They are also found via unit tests that exercise security-sensitive behavior with specific inputs, called vulnerability-witnessing tests.…

Software Engineering · Computer Science 2026-01-23 Emanuele Iannone , Quang-Cuong Bui , Riccardo Scandariato

The Common Vulnerability Scoring System (CVSS) is a popular method for evaluating the severity of vulnerabilities in vulnerability management. In the evaluation process, a numeric score between 0 and 10 is calculated, 10 being the most…

Cryptography and Security · Computer Science 2024-05-09 Julia Wunder , Andreas Kurtz , Christian Eichenmüller , Freya Gassmann , Zinaida Benenson

Organizations struggle to handle sheer number of vulnerabilities in their cloud environments. The de facto methodology used for prioritizing vulnerabilities is to use Common Vulnerability Scoring System (CVSS). However, CVSS has inherent…

Cryptography and Security · Computer Science 2022-06-23 Muhammed Fatih Bulut , Abdulhamid Adebayo , Daby Sow , Steve Ocepek

We present VulStyle, a multi-modal software vulnerability detection model that jointly encodes function-level source code, non-terminal Abstract Syntax Tree (AST) structure, and code stylometry (CStyle) features. Prior work in code…

Cryptography and Security · Computer Science 2026-04-30 Chidera Biringa , Ajmal Abbas , Vishnu Selvaraj , Gokhan Kul

Software vulnerabilities are flaws in computer software systems that pose significant threats to the integrity, security, and reliability of modern software and its application data. These vulnerabilities can lead to substantial economic…

Software Engineering · Computer Science 2024-11-11 Penghui Liu , Yingzhou Bi , Jiangtao Huang , Xinxin Jiang , Lianmei Wang

Automatically locating vulnerable statements in source code is crucial to assure software security and alleviate developers' debugging efforts. This becomes even more important in today's software ecosystem, where vulnerable code can flow…

Software Engineering · Computer Science 2022-01-14 Yangruibo Ding , Sahil Suneja , Yunhui Zheng , Jim Laredo , Alessandro Morari , Gail Kaiser , Baishakhi Ray

Agile software development is nowadays a widely adopted practise in both open-source and industrial software projects. Agile teams typically heavily rely on issue management tools to document new issues and keep track of outstanding ones,…

Software Engineering · Computer Science 2022-02-03 Vali Tawosi , Afnan Al-Subaihin , Rebecca Moussa , Federica Sarro

We constructed a newly large-scale and comprehensive C/C++ vulnerability dataset named MegaVul by crawling the Common Vulnerabilities and Exposures (CVE) database and CVE-related open-source projects. Specifically, we collected all…

Cryptography and Security · Computer Science 2024-06-19 Chao Ni , Liyu Shen , Xiaohu Yang , Yan Zhu , Shaohua Wang

Software Vulnerability (SV) assessment is a crucial process of determining different aspects of SVs (e.g., attack vectors and scope) for developers to effectively prioritize efforts in vulnerability mitigation. It presents a challenging and…

Software Engineering · Computer Science 2025-01-28 Xin-Cheng Wen , Jiaxin Ye , Cuiyun Gao , Lianwei Wu , Qing Liao

Many ML-based approaches have been proposed to automatically detect, localize, and repair software vulnerabilities. While ML-based methods are more effective than program analysis-based vulnerability analysis tools, few have been integrated…

Software Engineering · Computer Science 2023-05-29 Michael Fu , Chakkrit Tantithamthavorn , Trung Le , Yuki Kume , Van Nguyen , Dinh Phung , John Grundy