Libafl: A framework to build modular and reusable fuzzers
The release of AFL marked an important milestone in the area of software security testing,
revitalizing fuzzing as a major research topic and spurring a large number of research …
revitalizing fuzzing as a major research topic and spurring a large number of research …
Program vulnerability repair via inductive inference
Program vulnerabilities, even when detected and reported, are not fixed immediately. The
time lag between the reporting and fixing of a vulnerability causes open-source software …
time lag between the reporting and fixing of a vulnerability causes open-source software …
Evocatio: Conjuring bug capabilities from a single poc
Z Jiang, S Gan, A Herrera, F Toffalini… - Proceedings of the …, 2022 - dl.acm.org
The popularity of coverage-guided greybox fuzzers has led to a tsunami of security-critical
bugs that developers must prioritize and fix. Knowing the capabilities a bug exposes (eg …
bugs that developers must prioritize and fix. Knowing the capabilities a bug exposes (eg …
Program repair
Automated program repair is an emerging technology which consists of a suite of techniques
to automatically fix bugs or vulnerabilities in programs. In this paper, we present a …
to automatically fix bugs or vulnerabilities in programs. In this paper, we present a …
Out of Sight, Out of Mind: Better Automatic Vulnerability Repair by Broadening Input Ranges and Sources
The advances of deep learning (DL) have paved the way for automatic software vulnerability
repair approaches, which effectively learn the mapping from the vulnerable code to the fixed …
repair approaches, which effectively learn the mapping from the vulnerable code to the fixed …
An extensive comparison of static application security testing tools
M Esposito, V Falaschi, D Falessi - arXiv preprint arXiv:2403.09219, 2024 - arxiv.org
Context: Static Application Security Testing Tools (SASTTs) identify software vulnerabilities
to support the security and reliability of software applications. Interestingly, several studies …
to support the security and reliability of software applications. Interestingly, several studies …
Crashtalk: Automated generation of precise, human readable, descriptions of software security bugs
K James, K Valakuzhy, K Snow… - Proceedings of the …, 2024 - dl.acm.org
Understanding the cause, consequences, and severity of a security bug are critical facets of
the overall bug triaging and remediation process. Unfortunately, diagnosing failures is often …
the overall bug triaging and remediation process. Unfortunately, diagnosing failures is often …
{ICSPatch}: Automated Vulnerability Localization and {Non-Intrusive} Hotpatching in Industrial Control Systems using Data Dependence Graphs
The paradigm shift of enabling extensive intercommunication between the Operational
Technology (OT) and Information Technology (IT) devices allows vulnerabilities typical to the …
Technology (OT) and Information Technology (IT) devices allows vulnerabilities typical to the …
User-Customizable Transpilation of Scripting Languages
A transpiler converts code from one programming language to another. Many practical uses
of transpilers require the user to be able to guide or customize the program produced from a …
of transpilers require the user to be able to guide or customize the program produced from a …
On the Effectiveness of Function-Level Vulnerability Detectors for Inter-Procedural Vulnerabilities
Software vulnerabilities are a major cyber threat and it is important to detect them. One
important approach to detecting vulnerabilities is to use deep learning while treating a …
important approach to detecting vulnerabilities is to use deep learning while treating a …