English
Related papers

Related papers: Fixing Security Vulnerabilities with AI in OSS-Fuz…

200 papers

Vulnerabilities in open-source operating systems (OSs) pose substantial security risks to software systems, making their detection crucial. While fuzzing has been an effective vulnerability detection technique in various domains, OS fuzzing…

Operating Systems · Computer Science 2026-01-21 Kun Hu , Qicai Chen , Wenzhuo Zhang , Zilong Lu , Bihuan Chen , You Lu , Haowen Jiang , Bingkun Sun , Xin Peng , Wenyun Zhao

Fuzzing is a popular vulnerability automated testing method utilized by professionals and broader community alike. However, despite its abilities, fuzzing is a time-consuming, computationally expensive process. This is problematic for the…

Software Engineering · Computer Science 2023-07-25 Michael Wang , Michael Robinson

Fuzz testing is one of the most effective techniques for finding software vulnerabilities. While modern fuzzers can generate inputs and monitor executions automatically, the overall workflow, from analyzing a codebase, to configuring…

Software Engineering · Computer Science 2025-09-19 Max Bazalii , Marius Fleischer

Fuzzing is a technique of finding bugs by executing a software recurrently with a large number of abnormal inputs. Most of the existing fuzzers consider all parts of a software equally, and pay too much attention on how to improve the code…

Cryptography and Security · Computer Science 2019-01-07 Yuwei Li , Shouling Ji , Chenyang Lv , Yuan Chen , Jianhai Chen , Qinchen Gu , Chunming Wu

High-quality datasets of real-world vulnerabilities are enormously valuable for downstream research in software security, but existing datasets are typically small, require extensive manual effort to update, and are missing crucial features…

Fuzzing continues to be the most effective method for identifying security vulnerabilities in software. In the context of fuzz testing, the fuzzer supplies varied inputs to fuzz targets, which are designed to comprehensively exercise…

Software Engineering · Computer Science 2026-01-21 Chi Thien Tran

Fuzzers and static analyzers find many bugs but struggle with logic bugs in mature codebases. Triggering such a bug often requires multi-step reasoning that produces no distinctive execution feedback, and variants can appear across…

Cryptography and Security · Computer Science 2026-05-12 Junyoung Park , Insu Yun

Large Language Models (LLMs) have emerged as promising tools in software development, enabling automated code generation and analysis. However, their knowledge is limited to a fixed cutoff date, making them prone to generating code…

Cryptography and Security · Computer Science 2025-12-01 Minjae Seo , Wonwoo Choi , Myoungsung You , Seungwon Shin

Fuzz testing to find semantic control vulnerabilities is an essential activity to evaluate the robustness of autonomous driving (AD) software. Whilst there is a preponderance of disparate fuzzing tools that target different parts of the…

Cryptography and Security · Computer Science 2025-04-16 Andrew Roberts , Lorenz Teply , Mert D. Pese , Olaf Maennel , Mohammad Hamad , Sebastian Steinhorst

Human developers can produce code with cybersecurity bugs. Can emerging 'smart' code completion tools help repair those bugs? In this work, we examine the use of large language models (LLMs) for code (such as OpenAI's Codex and AI21's…

Cryptography and Security · Computer Science 2022-08-16 Hammond Pearce , Benjamin Tan , Baleegh Ahmad , Ramesh Karri , Brendan Dolan-Gavitt

Software's pervasive impact and increasing reliance in the era of digital transformation raise concerns about vulnerabilities, emphasizing the need for software security. Fuzzy testing is a dynamic analysis software testing technique that…

Software Engineering · Computer Science 2024-07-22 Tiago Dias , Eva Maia , Isabel Praça

Fuzzing has emerged as a powerful technique for finding security bugs in complicated real-world applications. American fuzzy lop (AFL), a leading fuzzing tool, has demonstrated its powerful bug finding ability through a vast number of…

Cryptography and Security · Computer Science 2023-07-06 Tai D. Nguyen , Long H. Pham , Jun Sun

The Language Server Protocol (LSP) has revolutionized the integration of code intelligence in modern software development. There are approximately 300 LSP server implementations for various languages and 50 editors offering LSP integration.…

Software Engineering · Computer Science 2026-01-29 Hengcheng Zhu , Songqiang Chen , Valerio Terragni , Lili Wei , Yepang Liu , Jiarong Wu , Shing-Chi Cheung

Deep learning (DL) libraries are widely used in critical applications, where even subtle silent bugs can lead to serious consequences. While existing DL fuzzing techniques have made progress in detecting crashes, they inherently struggle to…

Software Engineering · Computer Science 2026-03-02 Kunpeng Zhang , Dongwei Xiao , Daoyuan Wu , Shuai Wang , Jiali Zhao , Yuanyi Lin , Tongtong Xu , Shaohua Wang

Recent advances in large language models (LLMs) have shown significant potential to automate various software development tasks, including code completion, test generation, and bug fixing. However, the application of LLMs for automated bug…

Software Engineering · Computer Science 2024-09-05 Yizhou Liu , Pengfei Gao , Xinchen Wang , Jie Liu , Yexuan Shi , Zhao Zhang , Chao Peng

Library fuzzing is essential for hardening the software supply chain, but adopting it at scale remains expensive. Practitioners still spend substantial effort on environment setup, struggle to generate harnesses that respect intricate API…

Software Engineering · Computer Science 2026-05-15 Yunlong Lyu , Peng Chen , Fengyi Wu , Junzhe Yu , Kit Long Hon , Hao Chen

Large language models (LLM) are perceived to offer promising potentials for automating security tasks, such as those found in security operation centers (SOCs). As a first step towards evaluating this perceived potential, we investigate the…

Cryptography and Security · Computer Science 2024-02-01 Kumar Shashwat , Francis Hahn , Xinming Ou , Dmitry Goldgof , Lawrence Hall , Jay Ligatti , S. Raj Rajgopalan , Armin Ziaie Tabari

Automated vulnerability patching is crucial for software security, and recent advancements in Large Language Models (LLMs) present promising capabilities for automating this task. However, existing research has primarily assessed LLMs using…

Cryptography and Security · Computer Science 2025-12-01 Aayush Garg , Zanis Ali Khan , Renzo Degiovanni , Qiang Tang

The purpose of continuous fuzzing platforms is to enable fuzzing for software projects via \emph{fuzz harnesses} -- but as the projects continue to evolve, are these harnesses updated in lockstep, or do they run out of date? If these…

Software Engineering · Computer Science 2025-05-12 Philipp Görz , Joschua Schilling , Thorsten Holz , Marcel Böhme

Vulnerable software represents a tremendous threat to modern information systems. Vulnerabilities in widespread applications may be used to spread malware, steal money and conduct target attacks. To address this problem, developers and…

Cryptography and Security · Computer Science 2018-07-06 Maksim Shudrak , Vyacheslav Zolotarev