English
Related papers

Related papers: Large Language Models for Secure Code Assessment: …

200 papers

Recently, Automated Vulnerability Localization (AVL) has attracted growing attention, aiming to facilitate diagnosis by pinpointing the specific lines of code responsible for vulnerabilities. Large Language Models (LLMs) have shown…

Software Engineering · Computer Science 2025-12-29 Jian Zhang , Chong Wang , Anran Li , Weisong Sun , Cen Zhang , Wei Ma , Yang Liu

Despite the continued research and progress in building secure systems, Android applications continue to be ridden with vulnerabilities, necessitating effective detection methods. Current strategies involving static and dynamic analysis…

Cryptography and Security · Computer Science 2024-02-14 Noble Saji Mathews , Yelizaveta Brus , Yousra Aafer , Meiyappan Nagappan , Shane McIntosh

The significant increase in software production, driven by the acceleration of development cycles over the past two decades, has led to a steady rise in software vulnerabilities, as shown by statistics published yearly by the CVE program.…

Software Engineering · Computer Science 2025-12-11 Dyna Soumhane Ouchebara , Stéphane Dupont

Vulnerability Detection (VD) using machine learning faces a significant challenge: the vast diversity of vulnerability types. Each Common Weakness Enumeration (CWE) represents a unique category of vulnerabilities with distinct…

Cryptography and Security · Computer Science 2024-08-06 Syafiq Al Atiiq , Christian Gehrmann , Kevin Dahlén , Karim Khalil

Manual vulnerability scoring, such as assigning Common Vulnerability Scoring System (CVSS) scores, is a resource-intensive process that is often influenced by subjective interpretation. This study investigates the potential of…

Cryptography and Security · Computer Science 2026-01-06 Sima Jafarikhah , Daniel Thompson , Eva Deans , Hossein Siadati , Yi Liu

The large-scale deployment of Solidity smart contracts on the Ethereum mainnet has increasingly attracted financially-motivated attackers in recent years. A few now-infamous attacks in Ethereum's history includes DAO attack in 2016 (50…

Cryptography and Security · Computer Science 2024-10-29 Md Tauseef Alam , Raju Halder , Abyayananda Maiti

Software developers frequently hard-code credentials such as passwords, generic secrets, private keys, and generic tokens in software repositories, even though it is strictly advised against due to the severe threat to the security of the…

Cryptography and Security · Computer Science 2025-06-17 Chidera Biringa , Gokhan Kul

Code Pre-trained Models (CodePTMs) based vulnerability detection have achieved promising results over recent years. However, these models struggle to generalize as they typically learn superficial mapping from source code to labels instead…

Cryptography and Security · Computer Science 2024-06-07 Xiaohu Du , Ming Wen , Jiahao Zhu , Zifan Xie , Bin Ji , Huijun Liu , Xuanhua Shi , Hai Jin

This paper proposes a pipeline for quantitatively evaluating interactive LLMs such as ChatGPT using publicly available dataset. We carry out an extensive technical evaluation of ChatGPT using Big-Vul covering five different common software…

Software Engineering · Computer Science 2024-04-08 Xin Yin

Software vulnerabilities present a persistent security challenge, with over 25,000 new vulnerabilities reported in the Common Vulnerabilities and Exposures (CVE) database in 2024 alone. While deep learning based approaches show promise for…

Cryptography and Security · Computer Science 2025-07-23 Ahmed Lekssays , Hamza Mouhcine , Khang Tran , Ting Yu , Issa Khalil

Recently, deep learning techniques have garnered substantial attention for their ability to identify vulnerable code patterns accurately. However, current state-of-the-art deep learning models, such as Convolutional Neural Networks (CNN),…

Cryptography and Security · Computer Science 2023-02-24 Marwan Omar

The increasing adoption of Large Language Models (LLMs) in software engineering has sparked interest in their use for software vulnerability detection. However, the rapid development of this field has resulted in a fragmented research…

Software Engineering · Computer Science 2025-12-22 Sabrina Kaniewski , Fabian Schmidt , Markus Enzweiler , Michael Menth , Tobias Heer

Security vulnerabilities present in a code that has been written in diverse programming languages are among the most critical yet complicated aspects of source code to detect. Static analysis tools based on rule-based patterns usually do…

Cryptography and Security · Computer Science 2025-08-19 Hael Abdulhakim Ali Humran , Ferdi Sonmez

The growing use of Large Language Models (LLMs) for automated code generation has enhanced software development efficiency, but often at the cost of security. Generated code frequently overlooks critical concerns, leaving it vulnerable to…

Cryptography and Security · Computer Science 2026-05-26 Mohammed Kharma , Ahmed Sabbah , Mohammad Alkhanafseh , Mohammad Hammoudeh , David Mohaisen

Large language models have shown good potential in supporting software development tasks. This is why more and more developers turn to LLMs (e.g. ChatGPT) to support them in fixing their buggy code. While this can save time and effort, many…

Software Engineering · Computer Science 2024-09-06 Yacine Majdoub , Eya Ben Charrada

Background: The C and C++ languages hold significant importance in Software Engineering research because of their widespread use in practice. Numerous studies have utilized Machine Learning (ML) and Deep Learning (DL) techniques to detect…

Software Engineering · Computer Science 2024-08-06 Anh The Nguyen , Triet Huynh Minh Le , M. Ali Babar

In the context of the rising interest in code language models (code LMs) and vulnerability detection, we study the effectiveness of code LMs for detecting vulnerabilities. Our analysis reveals significant shortcomings in existing…

Software Engineering · Computer Science 2024-07-11 Yangruibo Ding , Yanjun Fu , Omniyyah Ibrahim , Chawin Sitawarin , Xinyun Chen , Basel Alomair , David Wagner , Baishakhi Ray , Yizheng Chen

We propose and release a new vulnerable source code dataset. We curate the dataset by crawling security issue websites, extracting vulnerability-fixing commits and source codes from the corresponding projects. Our new dataset contains…

Cryptography and Security · Computer Science 2023-08-10 Yizheng Chen , Zhoujie Ding , Lamya Alowain , Xinyun Chen , David Wagner

Security vulnerabilities are increasingly prevalent in modern software and they are widely consequential to our society. Various approaches to defending against these vulnerabilities have been proposed, among which those leveraging deep…

Cryptography and Security · Computer Science 2024-02-28 Yu Nong , Mohammed Aldeen , Long Cheng , Hongxin Hu , Feng Chen , Haipeng Cai

Software vulnerabilities, caused by unintentional flaws in source code, are a primary root cause of cyberattacks. Static analysis of source code has been widely used to detect these unintentional defects introduced by software developers.…

Software Engineering · Computer Science 2024-08-08 Andrew A Mahyari