English
Related papers

Related papers: Vulnerability-Triggering Test Case Generation from…

200 papers

Accompanying the successes of learning-based defensive software vulnerability analyses is the lack of large and quality sets of labeled vulnerable program samples, which impedes further advancement of those defenses. Existing automated…

Software Engineering · Computer Science 2024-01-08 Yu Nong , Richard Fang , Guangbei Yi , Kunsong Zhao , Xiapu Luo , Feng Chen , Haipeng Cai

Large language models (LLMs) have brought significant advancements to code generation, benefiting both novice and experienced developers. However, their training using unsanitized data from open-source repositories, like GitHub, introduces…

Software Engineering · Computer Science 2023-10-26 Jiexin Wang , Liuwen Cao , Xitong Luo , Zhiping Zhou , Jiayuan Xie , Adam Jatowt , Yi Cai

While several studies have examined the security of code generated by GPT and other Large Language Models (LLMs), most have relied on controlled experiments rather than real developer interactions. This paper investigates the security of…

Software Engineering · Computer Science 2026-02-19 Vladislav Belozerov , Peter J Barclay , Ashkan Sami

The significant increase in software production, driven by the acceleration of development cycles over the past two decades, has led to a steady rise in software vulnerabilities, as shown by statistics published yearly by the CVE program.…

Software Engineering · Computer Science 2025-12-11 Dyna Soumhane Ouchebara , Stéphane Dupont

Our work explores the utilization of deep learning, specifically leveraging the CodeBERT model, to enhance code security testing for Python applications by detecting SQL injection vulnerabilities. Unlike traditional security testing methods…

Cryptography and Security · Computer Science 2025-08-29 Guan-Yan Yang , Yi-Heng Ko , Farn Wang , Kuo-Hui Yeh , Haw-Shiang Chang , Hsueh-Yi Chen

Code vulnerability detection (CVD) is essential for addressing and preventing system security issues, playing a crucial role in ensuring software security. Previous learning-based vulnerability detection methods rely on either fine-tuning…

Computation and Language · Computer Science 2025-01-07 Xuefeng Jiang , Lvhua Wu , Sheng Sun , Jia Li , Jingjing Xue , Yuwei Wang , Tingting Wu , Min Liu

OAuth protocols have been widely adopted to simplify user authentication and service authorization for third-party applications. However, little effort has been devoted to automatically checking the security of the libraries that service…

Cryptography and Security · Computer Science 2023-08-30 Tamjid Al Rahat , Yu Feng , Yuan Tian

The application of language models to project-level vulnerability detection remains challenging, owing to the dual requirement of accurately localizing security-sensitive code and correctly correlating and reasoning over complex program…

Software Engineering · Computer Science 2025-09-16 Ziliang Wang , Ge Li , Jia Li , Hao Zhu , Zhi Jin

Code vulnerability detection is crucial for ensuring the security and reliability of modern software systems. Recently, Large Language Models (LLMs) have shown promising capabilities in this domain. However, notable discrepancies in…

Software Engineering · Computer Science 2025-09-19 Zhihong Sun , Jia Li , Yao Wan , Chuanyi Li , Hongyu Zhang , Zhi jin , Ge Li , Hong Liu , Chen Lyu , Songlin Hu

Timely identification of issue reports reflecting software vulnerabilities is crucial, particularly for Internet-of-Things (IoT) where analysis is slower than non-IoT systems. While Machine Learning (ML) and Large Language Models (LLMs)…

Software Engineering · Computer Science 2025-11-05 Sogol Masoumzadeh

Large language models (LLMs) have demonstrated significant potential in various tasks, including those requiring human-level intelligence, such as vulnerability detection. However, recent efforts to use LLMs for vulnerability detection…

Cryptography and Security · Computer Science 2025-06-10 Yuqiang Sun , Daoyuan Wu , Yue Xue , Han Liu , Wei Ma , Lyuye Zhang , Yang Liu , Yingjiu Li

Large language models (LLMs) are now largely involved in software development workflows, and the code they generate routinely includes third-party library (TPL) imports annotated with specific version identifiers. These version choices can…

Software Engineering · Computer Science 2026-05-08 Chengjie Wang , Jingzheng Wu , Xiang Ling , Tianyue Luo , Chen Zhao

Open-source software supply chain security relies heavily on assessing affected versions of library vulnerabilities. While prior studies have leveraged exploits for verifying vulnerability affected versions, they point out a key limitation…

Software Engineering · Computer Science 2026-03-30 Zirui Chen , Qi Zhan , Jiayuan Zhou , Xing Hu , Xin Xia , Xiaohu Yang

Deep Learning (DL) models have rapidly advanced, focusing on achieving high performance through testing model accuracy and robustness. However, it is unclear whether DL projects, as software systems, are tested thoroughly or functionally…

Software Engineering · Computer Science 2024-02-27 Han Wang , Sijia Yu , Chunyang Chen , Burak Turhan , Xiaodong Zhu

The widespread adoption of conversational LLMs for software development has raised new security concerns regarding the safety of LLM-generated content. Our motivational study outlines ChatGPT's potential in volunteering context-specific…

Software Engineering · Computer Science 2025-04-07 Amirali Sajadi , Binh Le , Anh Nguyen , Kostadin Damevski , Preetha Chatterjee

Python applications depend on third-party native libraries that may be vendored within package distributions or installed on the host system. When vulnerabilities are discovered in these native libraries, determining which Python packages…

Increasing numbers of software vulnerabilities are discovered every year whether they are reported publicly or discovered internally in proprietary code. These vulnerabilities can pose serious risk of exploit and result in system…

Software vulnerabilities continue to undermine the reliability and security of modern systems, particularly as software complexity outpaces the capabilities of traditional detection methods. This study introduces a genetic algorithm-based…

Software Engineering · Computer Science 2025-08-11 Yanusha Mehendran , Maolin Tang , Yi Lu

Despite the critical threat posed by software security vulnerabilities, reports are often incomplete, lacking the proof-of-vulnerability (PoV) tests needed to validate fixes and prevent regressions. These tests are crucial not only for…

Software Engineering · Computer Science 2025-07-22 Vikram Nitin , Baishakhi Ray , Roshanak Zilouchian Moghaddam

In this paper, we present a challenging code reasoning task: vulnerability detection. Large Language Models (LLMs) have shown promising results in natural-language and math reasoning, but state-of-the-art (SOTA) models reported only 54.5%…

Software Engineering · Computer Science 2025-01-09 Benjamin Steenhoek , Md Mahbubur Rahman , Monoshi Kumar Roy , Mirza Sanjida Alam , Hengbo Tong , Swarna Das , Earl T. Barr , Wei Le