VulRepair: a T5-based automated software vulnerability repair
As software vulnerabilities grow in volume and complexity, researchers proposed various
Artificial Intelligence (AI)-based approaches to help under-resourced security analysts to …
Artificial Intelligence (AI)-based approaches to help under-resourced security analysts to …
PKRU-Safe: Automatically locking down the heap between safe and unsafe languages
After more than twenty-five years of research, memory safety violations remain one of the
major causes of security vulnerabilities in real-world software. Memory-safe languages, like …
major causes of security vulnerabilities in real-world software. Memory-safe languages, like …
{FIXREVERTER}: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing
Fuzz testing is an active area of research with proposed improvements published at a rapid
pace. Such proposals are assessed empirically: Can they be shown to perform better than …
pace. Such proposals are assessed empirically: Can they be shown to perform better than …
Vuldetector: Detecting vulnerabilities using weighted feature graph comparison
Code similarity is one promising approach to detect vulnerabilities hidden in software
programs. However, due to the complexity and diversity of source code, current methods …
programs. However, due to the complexity and diversity of source code, current methods …
Efficient feature selection for static analysis vulnerability prediction
Common software vulnerabilities can result in severe security breaches, financial losses,
and reputation deterioration and require research effort to improve software security. The …
and reputation deterioration and require research effort to improve software security. The …
PCA: memory leak detection using partial call-path analysis
Data dependence analysis underlies various applications in software quality assurance, yet
existing frameworks/tools for this analysis commonly suffer scalability challenges. We …
existing frameworks/tools for this analysis commonly suffer scalability challenges. We …
Sok: Demystifying binary lifters through the lens of downstream applications
Binary lifters convert executables into an intermediate representation (IR) of a compiler
framework. The recovered IR code is generally deemed “analysis friendly,” bridging low …
framework. The recovered IR code is generally deemed “analysis friendly,” bridging low …
Static data-flow analysis for software product lines in C: Revoking the preprocessor's special role
Many critical codebases are written in C, and most of them use preprocessor directives to
encode variability, effectively encoding software product lines. These preprocessor …
encode variability, effectively encoding software product lines. These preprocessor …
Seal: integrating program analysis and repository mining
Software projects are complex technical and organizational systems involving large
numbers of artifacts and developers. To understand and tame software complexity, a wide …
numbers of artifacts and developers. To understand and tame software complexity, a wide …
Tai-e: A developer-friendly static analysis framework for Java by harnessing the good designs of classics
Static analysis is a mature field with applications to bug detection, security analysis, program
understanding, optimization, and more. To facilitate these applications, static analysis …
understanding, optimization, and more. To facilitate these applications, static analysis …