English
Related papers

Related papers: Favia: Forensic Agent for Vulnerability-fix Identi…

200 papers

Software vulnerability management has become increasingly critical as modern systems scale in size and complexity. However, existing automated approaches remain insufficient. Traditional static analysis methods struggle to precisely capture…

Software Engineering · Computer Science 2026-01-27 Zelong Zheng , Jiayuan Zhou , Xing Hu , Yi Gao , Shengyi Pan

Accurate identification of software vulnerabilities is crucial for system integrity. Vulnerability datasets, often derived from the National Vulnerability Database (NVD) or directly from GitHub, are essential for training machine learning…

Software plays a crucial role in our daily lives, and therefore the quality and security of software systems have become increasingly important. However, vulnerabilities in software still pose a significant threat, as they can have serious…

Software Engineering · Computer Science 2023-09-18 Chaozheng Wang , Zongjie Li , Yun Peng , Shuzheng Gao , Sirong Chen , Shuai Wang , Cuiyun Gao , Michael R. Lyu

The rapid advancement of Large Language Models (LLMs) presents new opportunities for automated software vulnerability detection, a crucial task in securing modern codebases. This paper presents a comparative study on the effectiveness of…

Software Engineering · Computer Science 2026-01-05 Md Hasan Saju , Maher Muhtadi , Akramul Azim

Machine learning and Large language models (LLMs) for vulnerability detection has received significant attention in recent years. Unfortunately, state-of-the-art techniques show that LLMs are unsuccessful in even distinguishing the…

Cryptography and Security · Computer Science 2025-08-05 Mohammed Sayagh , Mohammad Ghafari

The lack of comprehensive sources of accurate vulnerability data represents a critical obstacle to studying and understanding software vulnerabilities (and their corrections). In this paper, we present an approach that combines heuristics…

Software Engineering · Computer Science 2025-03-18 Daan Hommersom , Antonino Sabetta , Bonaventura Coppola , Dario Di Nucci , Damian A. Tamburri

The widespread adoption of open-source software (OSS) necessitates the mitigation of vulnerability risks. Most vulnerability detection (VD) methods are limited by inadequate contextual understanding, restrictive single-round interactions,…

Cryptography and Security · Computer Science 2025-10-02 Youpeng Li , Kartik Joshi , Xinda Wang , Eric Wong

Software vulnerabilities pose serious risks to modern software ecosystems. While the National Vulnerability Database (NVD) is the authoritative source for cataloging these vulnerabilities, it often lacks explicit links to the corresponding…

Software Engineering · Computer Science 2025-09-10 Huu Hung Nguyen , Anh Tuan Nguyen , Thanh Le-Cong , Yikun Li , Han Wei Ang , Yide Yin , Frank Liauw , Shar Lwin Khin , Ouh Eng Lieh , Ting Zhang , David Lo

Detecting vulnerabilities in source code remains critical yet challenging, as conventional static analysis tools construct inaccurate program representations, while existing LLM-based approaches often miss essential vulnerability context…

Software Engineering · Computer Science 2026-04-14 Yiheng Cao , Yihao Chen , Xin Hu , Bihuan Chen , Jiayi Deng , Zhuotong Zhou , Susheng Wu , Yiheng Huang , Xueying Du , Xingman Chen , Miaohua Li , Xin Peng

Large Language Models (LLMs) struggle to automate real-world vulnerability detection due to two key limitations: the heterogeneity of vulnerability patterns undermines the effectiveness of a single unified model, and manual prompt…

Software Engineering · Computer Science 2026-01-28 Zihan Wu , Jie Xu , Yun Peng , Chun Yong Chong , Xiaohua Jia

Large Language Models (LLMs) and their agent systems have recently demonstrated strong potential in automating code reasoning and vulnerability detection. However, when applied to large-scale firmware, their performance degrades due to the…

Cryptography and Security · Computer Science 2025-11-25 Xiangrui Zhang , Zeyu Chen , Haining Wang , Qiang Li

It is increasingly suggested to identify Software Vulnerabilities (SVs) in code commits to give early warnings about potential security risks. However, there is a lack of effort to assess vulnerability-contributing commits right after they…

Software Engineering · Computer Science 2021-08-19 Triet H. M. Le , David Hin , Roland Croft , M. Ali Babar

Code authorship attribution (CAA) supports software forensics, plagiarism detection, and intellectual property protection. However, existing supervised CAA approaches suffer from scarce training data and closed-world assumptions: they…

Software Engineering · Computer Science 2026-05-18 Jingwei Ye , Zhi Wang , Xin Li , Cong Gao , Chenbin Su , Jieshuai Yang , Jianfei Tang , Ge Chu

Large language model (LLM) agents are increasingly used for automated vulnerability repair (AVR), where repository-level reasoning enables them to inspect context and produce source-code patches. However, recent empirical results show that…

Software Engineering · Computer Science 2026-05-19 Simiao Liu , Fang Liu , Li Zhang , Yang Liu , Yinghao Zhu

Context: Software Vulnerability Assessment (SVA) plays a vital role in evaluating and ranking vulnerabilities in software systems to ensure their security and reliability. Objective: Although Large Language Models (LLMs) have recently shown…

Software Engineering · Computer Science 2025-11-24 Zhijie Chen , Xiang Chen , Ziming Li , Jiacheng Xue , Chaoyang Gao

Large Language Models (LLMs) have emerged as promising tools in software development, enabling automated code generation and analysis. However, their knowledge is limited to a fixed cutoff date, making them prone to generating code…

Cryptography and Security · Computer Science 2025-12-01 Minjae Seo , Wonwoo Choi , Myoungsung You , Seungwon Shin

Infrastructure as code (IaC) tools automate cloud provisioning but verifying that deployed systems remain consistent with the IaC specifications remains challenging. Such configuration drift occurs because of bugs in the IaC specification,…

Software Engineering · Computer Science 2026-03-04 Sami Abuzakuk , Lucas Crijns , Anne-Marie Kermarrec , Rafael Pires , Martijn de Vos

Software vulnerabilities pose critical security threats, with nearly 50,000 CVEs reported in 2025. While Large Language Models (LLMs) show promise for automated vulnerability detection, three key challenges remain. First, LLM-generated…

Cryptography and Security · Computer Science 2026-05-22 Ze Sheng , Zhicheng Chen , Qingxiao Xu , Kewen Zhu , Jeff Huang

High-quality datasets of real-world vulnerabilities and their corresponding verifiable exploits are crucial resources in software security research. Yet such resources remain scarce, as their creation demands intensive manual effort and…

Static Application Security Testing (SAST) tools are essential for identifying software vulnerabilities, but they often produce a high volume of false positives (FPs), imposing a substantial manual triage burden on developers. Recent…

Software Engineering · Computer Science 2026-02-02 Yunpeng Xiong , Ting Zhang
‹ Prev 1 2 3 10 Next ›