English
Related papers

Related papers: PatUntrack: Automated Generating Patch Examples fo…

200 papers

Large language models (LLMs) and their agentic frameworks are increasingly adopted to perform development tasks such as automated program repair (APR). While prior work has identified security risks in LLM-generated code, most have focused…

Cryptography and Security · Computer Science 2025-12-30 Amirali Sajadi , Kostadin Damevski , Preetha Chatterjee

Timely and effective vulnerability patching is essential for cybersecurity defense, for which various approaches have been proposed yet still struggle to generate valid and correct patches for real-world vulnerabilities. In this paper, we…

Cryptography and Security · Computer Science 2025-04-04 Yu Nong , Haoran Yang , Long Cheng , Hongxin Hu , Haipeng Cai

Large Language Models (LLMs) have shown impressive proficiency in code generation. Unfortunately, these models share a weakness with their human counterparts: producing code that inadvertently has security vulnerabilities. These…

Cryptography and Security · Computer Science 2024-10-17 Kamel Alrashedy , Abdullah Aljasser , Pradyumna Tambwekar , Matthew Gombolay

Large Language Models (LLMs) have become powerful tools for automated code generation. However, these models often overlook critical security practices, which can result in the generation of insecure code that contains…

Software Engineering · Computer Science 2025-07-01 Hao Yan , Swapneel Suhas Vaidya , Xiaokuan Zhang , Ziyu Yao

Large Language Model (LLM) - based Automated Program Repair (APR) systems are increasingly integrated into modern software development workflows, offering automated patches in response to natural language bug reports. However, this reliance…

Software Engineering · Computer Science 2026-05-26 Piotr Przymus , Andreas Happe , Jürgen Cito

Developers are increasingly overwhelmed by AI-generated issue reports that lack actionability and reproducibility, eroding trust in automated bug detection tools. In this paper, we present IssueSpecter, an automated tool that finds bugs in…

Software Engineering · Computer Science 2026-05-07 Diany Pressato , Honghao Tan , Mariam Elmoazen , Shin Hwei Tan

Developers often build software on top of third-party libraries (Libs) to improve productivity, but these libraries may contain vulnerabilities that enable supply chain attacks. Existing tools detect vulnerable dependencies, yet developers…

Cryptography and Security · Computer Science 2026-03-31 Ying Zhang , Wenjia Song , Zhengjie Ji , Danfeng , Yao , Na Meng

Open-source code is pervasive. In this setting, embedded vulnerabilities are spreading to downstream software at an alarming rate. While such vulnerabilities are generally identified and addressed rapidly, inconsistent maintenance policies…

Cryptography and Security · Computer Science 2024-11-27 Xunzhu Tang , Zhenghan Chen , Kisub Kim , Haoye Tian , Saad Ezzini , Jacques Klein

Software vulnerabilities exist in open-source software (OSS), and the developers who discover these vulnerabilities may submit issue reports (IRs) to describe their details. Security practitioners need to spend a lot of time manually…

Software Engineering · Computer Science 2025-09-05 Ziyou Jiang , Mingyang Li , Guowei Yang , Lin Shi , Qing Wang

Automated vulnerability patching is crucial for software security, and recent advancements in Large Language Models (LLMs) present promising capabilities for automating this task. However, existing research has primarily assessed LLMs using…

Cryptography and Security · Computer Science 2025-12-01 Aayush Garg , Zanis Ali Khan , Renzo Degiovanni , Qiang Tang

Security critical software, e.g., OpenSSL, comes with numerous side-channel leakages left unpatched due to a lack of resources or experts. The situation will only worsen as the pace of code development accelerates, with developers relying…

Cryptography and Security · Computer Science 2023-08-28 M. Caner Tol , Berk Sunar

As software systems evolve, patches may unintentionally alter program behavior. Validating patches against their intended semantics is difficult due to incomplete regression tests and informal, non-executable natural language (NL)…

Software Engineering · Computer Science 2026-02-06 Thanh Le-Cong , Bach Le , Toby Murray , Michael Pradel , Cristian Cadar

We propose patching for large language models (LLMs) like software versions, a lightweight and modular approach for addressing safety vulnerabilities. While vendors release improved LLM versions, major releases are costly, infrequent, and…

Artificial Intelligence · Computer Science 2026-04-28 Huzaifa Arif , Keerthiram Murugesan , Ching-Yun Ko , Pin-Yu Chen , Payel Das , Alex Gittens

Large language models (LLMs) have achieved remarkable progress in code understanding tasks. However, they demonstrate limited performance in vulnerability detection and struggle to distinguish vulnerable code from patched code. We argue…

Software Engineering · Computer Science 2026-03-31 Hao Zhu , Jia Li , Cuiyun Gao , Jiaru Qian , Yihong Dong , Huanyu Liu , Lecheng Wang , Ziliang Wang , Xiaolong Hu , Ge Li

Background: Bug reports are essential to the software development life cycle. They help developers track and resolve issues, but are often difficult to process due to their complexity, which can delay resolution and affect software quality.…

Software Engineering · Computer Science 2025-04-30 Zhiyuan Chen , Vanessa Nava-Camal , Ahmad Suleiman , Yiming Tang , Daqing Hou , Weiyi Shang

This paper introduces Patched Round-Trip Correctness (Patched RTC), a novel evaluation technique for Large Language Models (LLMs) applied to diverse software development tasks, particularly focusing on "outer loop" activities such as bug…

Software Engineering · Computer Science 2025-05-01 Asankhaya Sharma

Large Language Models (LLMs) have shown promise in tasks like code translation, prompting interest in their potential for automating software vulnerability detection (SVD) and patching (SVP). To further research in this area, establishing a…

Software Engineering · Computer Science 2024-09-18 Arastoo Zibaeirad , Marco Vieira

Automated Program Repair (APR) techniques have shown more and more promising results in fixing real-world bugs. Despite the effectiveness, APR techniques still face an overfitting problem: a generated patch can be incorrect although it…

Software Engineering · Computer Science 2024-03-26 Xin Zhou , Bowen Xu , Kisub Kim , DongGyun Han , Thanh Le-Cong , Junda He , Bach Le , David Lo

Failure-inducing inputs play a crucial role in diagnosing and analyzing software bugs. Bug reports typically contain these inputs, which developers extract to facilitate debugging. Since bug reports are written in natural language, prior…

Software Engineering · Computer Science 2025-12-16 Alif Al Hasan , Subarna Saha , Mia Mohammad Imran , Tarannum Shaila Zaman

Large Language Models (LLMs) have emerged as promising tools in software development, enabling automated code generation and analysis. However, their knowledge is limited to a fixed cutoff date, making them prone to generating code…

Cryptography and Security · Computer Science 2025-12-01 Minjae Seo , Wonwoo Choi , Myoungsung You , Seungwon Shin
‹ Prev 1 2 3 10 Next ›