English
Related papers

Related papers: Fixing Security Vulnerabilities with AI in OSS-Fuz…

200 papers

Fuzzing consists of repeatedly testing an application with modified, or fuzzed, inputs with the goal of finding security vulnerabilities in input-parsing code. In this paper, we show how to automate the generation of an input grammar…

Artificial Intelligence · Computer Science 2017-01-26 Patrice Godefroid , Hila Peleg , Rishabh Singh

Fuzzing has become one of the most effective bug finding approach for software. In recent years, 24*7 continuous fuzzing platforms have emerged to test critical pieces of software, e.g., Linux kernel. Though capable of discovering many bugs…

Cryptography and Security · Computer Science 2021-11-12 Xiaochen Zou , Guoren Li , Weiteng Chen , Hang Zhang , Zhiyun Qian

Large Language Models (LLMs) have transformed software development and AI applications. While LLMs are designed for text processing, LLM agents extend this capability by enabling autonomous actions, tool use, and multi-step task completion.…

Software Engineering · Computer Science 2026-04-21 Niful Islam , Muhammad Anas Raza , Mohammad Wardat

Correctness and robustness are essential for logic synthesis applications, but they are often only tested with a limited set of benchmarks. Moreover, when the application fails on a large benchmark, the debugging process may be tedious and…

Software Engineering · Computer Science 2022-07-28 Siang-Yun Lee , Heinz Riener , Giovanni De Micheli

Fuzzing is a highly effective automated testing method for uncovering software vulnerabilities. Despite advances in fuzzing techniques, such as coverage-guided greybox fuzzing, many fuzzers struggle with coverage plateaus caused by fuzz…

Software Engineering · Computer Science 2025-10-07 Wentao Gao , Renata Borovica-Gajic , Sang Kil Cha , Tian Qiu , Van-Thuan Pham

Fuzz testing has enjoyed great success at discovering security critical bugs in real software. Recently, researchers have devoted significant effort to devising new fuzzing techniques, strategies, and algorithms. Such new ideas are…

Cryptography and Security · Computer Science 2018-10-22 George Klees , Andrew Ruef , Benji Cooper , Shiyi Wei , Michael Hicks

As Large Language Models shift the programming toward human-guided ''vibe coding'', agentic coding tools increasingly rely on models to self-diagnose and repair their own subtle faults -- a capability central to autonomous software…

Software Engineering · Computer Science 2026-03-18 Srijan Bansal , Jiao Fangkai , Yilun Zhou , Austin Xu , Shafiq Joty , Semih Yavuz

Detecting bugs in Deep Learning (DL) libraries (e.g., TensorFlow/PyTorch) is critical for almost all downstream DL systems in ensuring effectiveness/safety for end users. Meanwhile, traditional fuzzing techniques can be hardly effective for…

Software Engineering · Computer Science 2023-03-08 Yinlin Deng , Chunqiu Steven Xia , Haoran Peng , Chenyuan Yang , Lingming Zhang

Autonomous agent frameworks built upon large language models (LLMs) are evolving into complex, tool-integrated, and continuously operating systems, introducing security risks beyond traditional prompt-level vulnerabilities. As this paradigm…

Cryptography and Security · Computer Science 2026-05-01 Luyao Xu , Xiang Chen

Large language models (LLMs) are increasingly being deployed as software engineering agents that autonomously contribute to repositories. A major benefit these agents present is their ability to find and patch security vulnerabilities in…

Cryptography and Security · Computer Science 2026-03-04 Nancy Lau , Louis Sloot , Jyoutir Raj , Giuseppe Marco Boscardin , Evan Harris , Dylan Bowman , Mario Brajkovski , Jaideep Chawla , Dan Zhao

Fuzzing is a popular dynamic program analysis technique used to find vulnerabilities in complex software. Fuzzing involves presenting a target program with crafted malicious input designed to cause crashes, buffer overflows, memory errors,…

Software Engineering · Computer Science 2017-11-15 Mohit Rajpal , William Blum , Rishabh Singh

Large Language Models (LLMs) show promise for Automated Program Repair (APR), yet their effectiveness on security vulnerabilities remains poorly characterized. This study analyzes 319 LLM-generated security patchesacross 64 Java…

Cryptography and Security · Computer Science 2026-03-12 Amir Al-Maamari

Although Rust ensures memory safety by default, it also permits the use of unsafe code, which can introduce memory safety vulnerabilities if misused. Unfortunately, existing tools for detecting memory bugs in Rust typically exhibit limited…

Cryptography and Security · Computer Science 2025-10-28 Georgios Androutsopoulos , Antonio Bianchi

Network-facing applications are commonly exposed to all kinds of attacks, especially when connected to the internet. As a result, web servers like Nginx or client applications such as curl make every effort to secure and harden their code…

Cryptography and Security · Computer Science 2024-09-04 Nils Bars , Moritz Schloegel , Nico Schiller , Lukas Bernhard , Thorsten Holz

Contemporary fuzz testing techniques focus on identifying memory corruption vulnerabilities that allow adversaries to achieve either remote code execution or information disclosure. Meanwhile, Algorithmic Complexity (AC)vulnerabilities,…

Cryptography and Security · Computer Science 2020-02-18 William Blair , Andrea Mambretti , Sajjad Arshad , Michael Weissbacher , William Robertson , Engin Kirda , Manuel Egele

Large Language Models (LLMs) increasingly exhibit over-refusal - erroneously rejecting benign queries due to overly conservative safety measures - a critical functional flaw that undermines their reliability and usability. Current methods…

Software Engineering · Computer Science 2026-05-05 Haonan Zhang , Dongxia Wang , Yi Liu , Kexin Chen , Jiashui Wang , Xinlei Ying , Long Liu , Wenhai Wang

Large Language Models (LLMs) have gained widespread use in various applications due to their powerful capability to generate human-like text. However, prompt injection attacks, which involve overwriting a model's original instructions with…

Cryptography and Security · Computer Science 2025-04-07 Jiahao Yu , Yangguang Shao , Hanwen Miao , Junzheng Shi

Open-source software (OSS) vulnerabilities are increasingly prevalent, emphasizing the importance of security patches. However, in widely used security platforms like NVD, a substantial number of CVE records still lack trace links to…

Software Engineering · Computer Science 2024-07-25 Kaixuan Li , Jian Zhang , Sen Chen , Han Liu , Yang Liu , Yixiang Chen

Fault Localization (FL), in which a developer seeks to identify which part of the code is malfunctioning and needs to be fixed, is a recurring challenge in debugging. To reduce developer burden, many automated FL techniques have been…

Software Engineering · Computer Science 2024-07-03 Sungmin Kang , Gabin An , Shin Yoo

In modern software development workflows, the open-source software supply chain contributes significantly to efficient and convenient engineering practices. With increasing system complexity, using open-source software as third-party…

Software Engineering · Computer Science 2025-11-18 Zihe Yan , Kai Luo , Haoyu Yang , Yang Yu , Zhuosheng Zhang , Guancheng Li