English
Related papers

Related papers: Utilizing Precise and Complete Code Context to Gui…

200 papers

Background: Leaking sensitive information - such as API keys, tokens, and credentials - in source code remains a persistent security threat. Traditional regex and entropy-based tools often generate high false positives due to limited…

Software Engineering · Computer Science 2025-07-29 Md Nafiu Rahman , Sadif Ahmed , Zahin Wahab , S M Sohan , Rifat Shahriyar

While automated vulnerability detection techniques have made promising progress in detecting security vulnerabilities, their scalability and applicability remain challenging. The remarkable performance of Large Language Models (LLMs), such…

Cryptography and Security · Computer Science 2024-10-24 Avishree Khare , Saikat Dutta , Ziyang Li , Alaia Solko-Breslin , Rajeev Alur , Mayur Naik

Modern software relies on a multitude of automated testing and quality assurance tools to prevent errors, bugs and potential vulnerabilities. This study sets out to provide a head-to-head, quantitative and qualitative evaluation of six…

Software Engineering · Computer Science 2025-08-07 Damian Gnieciak , Tomasz Szandala

Large Language Models (LLMs) have shown impressive proficiency in code generation. Unfortunately, these models share a weakness with their human counterparts: producing code that inadvertently has security vulnerabilities. These…

Cryptography and Security · Computer Science 2024-10-17 Kamel Alrashedy , Abdullah Aljasser , Pradyumna Tambwekar , Matthew Gombolay

Despite various approaches being employed to detect vulnerabilities, the number of reported vulnerabilities shows an upward trend over the years. This suggests the problems are not caught before the code is released, which could be caused…

Cryptography and Security · Computer Science 2025-02-14 Karl Tamberg , Hayretdin Bahsi

Static analysis, the process of examining code without executing it, is crucial for identifying software issues. Yet, static analysis is hampered by its complexity and the need for customization for different targets. Traditional static…

Software Engineering · Computer Science 2023-12-15 Yu Hao , Weiteng Chen , Ziqiao Zhou , Weidong Cui

Security code review is a time-consuming and labor-intensive process typically requiring integration with automated security defect detection tools. However, existing security analysis tools struggle with poor generalization, high false…

Software Engineering · Computer Science 2026-05-12 Jiaxin Yu , Peng Liang , Yujia Fu , Amjed Tahir , Mojtaba Shahin , Chong Wang , Yangxiao Cai

Software vulnerabilities present a persistent security challenge, with over 25,000 new vulnerabilities reported in the Common Vulnerabilities and Exposures (CVE) database in 2024 alone. While deep learning based approaches show promise for…

Cryptography and Security · Computer Science 2025-07-23 Ahmed Lekssays , Hamza Mouhcine , Khang Tran , Ting Yu , Issa Khalil

Loop vulnerabilities are one major risky construct in software development. They can easily lead to infinite loops or executions, exhaust resources, or introduce logical errors that degrade performance and compromise security. The problem…

Software Engineering · Computer Science 2026-01-23 Adeyemi Adeseye , Aisvarya Adeseye

Software vulnerabilities continue to be ubiquitous, even in the era of AI-powered code assistants, advanced static analysis tools, and the adoption of extensive testing frameworks. It has become apparent that we must not simply prevent…

How code representation format shapes false positive behaviour in cross-language LLM vulnerability detection remains poorly understood. We systematically vary training intensity and code representation format, comparing raw source text with…

Cryptography and Security · Computer Science 2026-05-01 Maofei Chen , Laifu Wang , Yue Qin , Yuan Wang , Bo Wu , Dongxin Liu

The current cybersecurity landscape is increasingly complex, with traditional Static Application Security Testing (SAST) tools struggling to capture complex and emerging vulnerabilities due to their reliance on rule-based matching.…

Cryptography and Security · Computer Science 2024-11-25 Mete Keltek , Rong Hu , Mohammadreza Fani Sani , Ziyue Li

Large language models (LLMs) have recently achieved significant success across various application domains, garnering substantial attention from different communities. Unfortunately, even for the best LLM, many \textit{faults} still exist…

Software Engineering · Computer Science 2024-11-06 Qiang Hu , Jin Wen , Maxime Cordy , Yuheng Huang , Wei Ma , Xiaofei Xie , Lei Ma

Large language models (LLMs) excel in generating coherent text, but they often struggle with context awareness, leading to inaccuracies in tasks requiring faithful adherence to provided information. We introduce FastMem, a novel method…

Computation and Language · Computer Science 2024-10-08 Junyi Zhu , Shuochen Liu , Yu Yu , Bo Tang , Yibo Yan , Zhiyu Li , Feiyu Xiong , Tong Xu , Matthew B. Blaschko

Code analysis is fundamental in Software Engineering, supporting debugging, optimization, and security assessment. Human developers approach it through syntax parsing, static semantics inference, and dynamic reasoning. Traditional tools are…

Software Engineering · Computer Science 2026-05-22 Wei Ma , Zhihao Lin , Shangqing Liu , Qiang Hu , Ye Liu , Wenhan Wang , Cen Zhang , Liming Nie , Li Li , Yang Liu , Lingxiao Jiang

Providing timely and personalized guidance for students' programming assignments, offers significant practical value for helping students complete assignments and enhance their learning. In recent years, various automated Fault Localization…

Software Engineering · Computer Science 2025-10-01 Fang Liu , Tianze Wang , Li Zhang , Zheyu Yang , Jing Jiang , Zian Sun

Code-generating Large Language Models (LLMs) significantly accelerate software development. However, their frequent generation of insecure code presents serious risks. We present a comprehensive evaluation of seven parameter-efficient…

Cryptography and Security · Computer Science 2025-09-17 Kiho Lee , Jungkon Kim , Doowon Kim , Hyoungshick Kim

Modern instruction-tuned large language models (LLMs) have made remarkable progress in code generation. However, these LLMs fine-tuned with standard supervised fine-tuning (SFT) sometimes generate plausible-looking but functionally…

Software Engineering · Computer Science 2026-01-14 Lishui Fan , Zhongxin Liu , Haoye Wang , Lingfeng Bao , Xin Xia , Shanping Li

Static analysis is a widely used technique in software engineering for identifying and mitigating bugs. However, a significant hurdle lies in achieving a delicate balance between precision and scalability. Large Language Models (LLMs) offer…

Software Engineering · Computer Science 2023-11-17 Haonan Li , Yu Hao , Yizhuo Zhai , Zhiyun Qian

While large language models (LLMs) such as Llama-2 or GPT-4 have shown impressive zero-shot performance, fine-tuning is still necessary to enhance their performance for customized datasets, domain-specific tasks, or other private needs.…

Machine Learning · Computer Science 2025-01-07 Chia-Yi Hsu , Yu-Lin Tsai , Chih-Hsun Lin , Pin-Yu Chen , Chia-Mu Yu , Chun-Ying Huang