English
Related papers

Related papers: Fine-Grained 1-Day Vulnerability Detection in Bina…

200 papers

The number of vulnerabilities reported in open source software has increased substantially in recent years. Security patches provide the necessary measures to protect software from attacks and vulnerabilities. In practice, it is difficult…

Software Engineering · Computer Science 2024-01-17 Zhiyuan Pan , Xing Hu , Xin Xia , Xian Zhan , David Lo , Xiaohu Yang

In modern software ecosystems, 1-day vulnerabilities pose significant security risks due to extensive code reuse. Identifying vulnerable functions in target binaries alone is insufficient; it is also crucial to determine whether these…

Software Engineering · Computer Science 2025-11-04 Siyuan Li , Yaowen Zheng , Hong Li , Jingdong Guo , Chaopeng Dong , Chunpeng Yan , Weijie Wang , Yimo Ren , Limin Sun , Hongsong Zhu

Nowadays, software development progresses rapidly to incorporate new features. To facilitate such growth and provide convenience for developers when creating and updating software, reusing open-source software (i.e., thirdparty library…

Software Engineering · Computer Science 2024-12-02 Shangzhi Xu , Jialiang Dong , Weiting Cai , Juanru Li , Arash Shaghaghi , Nan Sun , Siqi Ma

Similar vulnerability repeats in real-world software products because of code reuse, especially in wildly reused third-party code and libraries. Detecting repeating vulnerabilities like 1-day and N-day vulnerabilities is an important cyber…

Cryptography and Security · Computer Science 2024-01-19 Zian Liu , Lei Pan , Chao Chen , Ejaz Ahmed , Shigang Liu , Jun Zhang , Dongxi Liu

Automatic patch generation can significantly reduce the window of exposure after a vulnerability is disclosed. Towards this goal, a long-standing problem has been that of patch localization: to find a program point at which a patch can be…

Cryptography and Security · Computer Science 2020-08-12 Shiqi Shen , Aashish Kolluri , Zhen Dong , Prateek Saxena , Abhik Roychoudhury

During software development, vulnerabilities have posed a significant threat to users. Patches are the most effective way to combat vulnerabilities. In a large-scale software system, testing the presence of a security patch in every…

Software Engineering · Computer Science 2024-01-15 Qi Zhan , Xing Hu , Zhiyang Li , Xin Xia , David Lo , Shanping Li

The identification of vulnerabilities is an important element in the software development life cycle to ensure the security of software. While vulnerability identification based on the source code is a well studied field, the identification…

Cryptography and Security · Computer Science 2022-12-05 Andreas Schaad , Dominik Binder

Open-source software vulnerability patch detection is a critical component for maintaining software security and ensuring software supply chain integrity. Traditional manual detection methods face significant scalability challenges when…

Software Engineering · Computer Science 2025-09-30 Haoran Xu , Chen Zhi , Junxiao Han , Xinkui Zhao , Jianwei Yin , Shuiguang Deng

A timely software update is vital to combat the increasing security vulnerabilities. However, some software vendors may secretly patch their vulnerabilities without creating CVE entries or even describing the security issue in their change…

Cryptography and Security · Computer Science 2023-12-14 Xu He , Shu Wang , Pengbin Feng , Xinda Wang , Shiyu Sun , Qi Li , Kun Sun

Vulnerabilities are challenging to locate and repair, especially when source code is unavailable and binary patching is required. Manual methods are time-consuming, require significant expertise, and do not scale to the rate at which new…

Cryptography and Security · Computer Science 2023-06-13 Pemma Reiter , Hui Jun Tay , Westley Weimer , Adam Doupé , Ruoyu Wang , Stephanie Forrest

Open-source software (OSS) has experienced a surge in popularity, attributed to its collaborative development model and cost-effective nature. However, the adoption of specific software versions in development projects may introduce…

Software Engineering · Computer Science 2025-08-15 Yiran Cheng , Ting Zhang , Lwin Khin Shar , Shouguo Yang , Chaopeng Dong , David Lo , Shichao Lv , Zhiqiang Shi , Limin Sun

The development of machine learning techniques for discovering software vulnerabilities relies fundamentally on the availability of appropriate datasets. The ideal dataset consists of a large and diverse collection of real-world…

Cryptography and Security · Computer Science 2025-04-29 Sima Arasteh , Georgios Nikitopoulos , Wei-Cheng Wu , Nicolaas Weideman , Aaron Portnoy , Mukund Raghothaman , Christophe Hauser

This paper is an introductory discussion on the cause of open source software vulnerabilities, their importance in the cybersecurity ecosystem, and a selection of detection methods. A recent application security report showed 44% of…

Cryptography and Security · Computer Science 2022-03-31 Stuart Millar

Vulnerability prediction is valuable in identifying security issues efficiently, even though it requires the source code of the target software system, which is a restrictive hypothesis. This paper presents an experimental study to predict…

Cryptography and Security · Computer Science 2025-04-01 D. Cotroneo , F. C. Grasso , R. Natella , V. Orbinato

Vulnerabilities severely threaten software systems, making the timely application of security patches crucial for mitigating attacks. However, software vendors often silently patch vulnerabilities with limited disclosure, where Security…

Software Engineering · Computer Science 2026-01-12 Qingyuan Li , Chenchen Yu , Chuanyi Li , Xin-Cheng Wen , Cheryl Lee , Cuiyun Gao , Bin Luo

Applying security patches in open source software timely is critical for ensuring the security of downstream applications. However, it is challenging to apply these patches promptly because notifications of patches are often incomplete and…

Cryptography and Security · Computer Science 2024-06-11 Tianyu Chen , Lin Li , Taotao Qian , Jingyi Liu , Wei Yang , Ding Li , Guangtai Liang , Qianxiang Wang , Tao Xie

Code reuse is common in modern software development, but it can also spread vulnerabilities when developers unknowingly copy risky code. The code fragments that preserve the logic of known vulnerabilities are known as vulnerable code clones…

Identifying which software versions are affected by a vulnerability is critical for patching, risk mitigation. Despite a growing body of tools, their real-world effectiveness remains unclear due to narrow evaluation scopes often limited to…

Software Engineering · Computer Science 2025-09-10 Xingchu Chen , Chengwei Liu , Jialun Cao , Yang Xiao , Xinyue Cai , Yeting Li , Jingyi Shi , Tianqi Sun , Haiming Chen ang Wei Huo

The absolute majority of software today is developed collaboratively using collaborative version control tools such as Git. It is a common practice that once a vulnerability is detected and fixed, the developers behind the software issue a…

Cryptography and Security · Computer Science 2023-02-07 Nitzan Farhi , Noam Koenigstein , Yuval Shavitt

Each year, thousands of software vulnerabilities are discovered and reported to the public. Unpatched known vulnerabilities are a significant security risk. It is imperative that software vendors quickly provide patches once vulnerabilities…

Cryptography and Security · Computer Science 2017-07-26 Benjamin L. Bullough , Anna K. Yanchenko , Christopher L. Smith , Joseph R. Zipkin
‹ Prev 1 2 3 10 Next ›