A survey of learning-based automated program repair
Automated program repair (APR) aims to fix software bugs automatically and plays a crucial
role in software development and maintenance. With the recent advances in deep learning …
role in software development and maintenance. With the recent advances in deep learning …
Data quality matters: A case study on data label correctness for security bug report prediction
In the research of mining software repositories, we need to label a large amount of data to
construct a predictive model. The correctness of the labels will affect the performance of a …
construct a predictive model. The correctness of the labels will affect the performance of a …
Large language models for cyber security: A systematic literature review
The rapid advancement of Large Language Models (LLMs) has opened up new
opportunities for leveraging artificial intelligence in various domains, including cybersecurity …
opportunities for leveraging artificial intelligence in various domains, including cybersecurity …
Pre-trained model-based automated software vulnerability repair: How far are we?
Various approaches are proposed to help under-resourced security researchers to detect
and analyze software vulnerabilities. It is still incredibly time-consuming and labor-intensive …
and analyze software vulnerabilities. It is still incredibly time-consuming and labor-intensive …
V-SZZ: automatic identification of version ranges affected by CVE vulnerabilities
Vulnerabilities publicly disclosed in the National Vulnerability Database (NVD) are assigned
with CVE (Common Vulnerabilities and Exposures) IDs and associated with specific …
with CVE (Common Vulnerabilities and Exposures) IDs and associated with specific …
An empirical study of oss-fuzz bugs
ZY Ding, C Le Goues - 2021 IEEE/ACM 18th International …, 2021 - ieeexplore.ieee.org
Continuous fuzzing is an increasingly popular technique for automated quality and security
assurance. Google maintains OSS-Fuzz: a continuous fuzzing service for open source …
assurance. Google maintains OSS-Fuzz: a continuous fuzzing service for open source …
Understanding the threats of upstream vulnerabilities to downstream projects in the maven ecosystem
Y Wu, Z Yu, M Wen, Q Li, D Zou… - 2023 IEEE/ACM 45th …, 2023 - ieeexplore.ieee.org
Modern software systems are increasingly relying on dependencies from the ecosystem. A
recent estimation shows that around 35% of an open-source project's code come from its …
recent estimation shows that around 35% of an open-source project's code come from its …
SLIME: program-sensitive energy allocation for fuzzing
The energy allocation strategy is one of the most popular techniques in fuzzing to improve
code coverage and vulnerability discovery. The core intuition is that fuzzers should allocate …
code coverage and vulnerability discovery. The core intuition is that fuzzers should allocate …
A large-scale security-oriented static analysis of python packages in PyPI
J Ruohonen, K Hjerppe… - 2021 18th International …, 2021 - ieeexplore.ieee.org
Different security issues are a common problem for open source packages archived to and
delivered through software ecosystems. These often manifest themselves as software …
delivered through software ecosystems. These often manifest themselves as software …
Igor: Crash deduplication through root-cause clustering
Z Jiang, X Jiang, A Hazimeh, C Tang, C Zhang… - Proceedings of the …, 2021 - dl.acm.org
Fuzzing has emerged as the most effective bug-finding technique. The output of a fuzzer is a
set of proof-of-concept (PoC) test cases for all observed" unique''crashes. It costs developers …
set of proof-of-concept (PoC) test cases for all observed" unique''crashes. It costs developers …