Collecting relevant and high-quality data is integral to the development of effective Software Vulnerability (SV) prediction models. Most of the current SV datasets rely on SV-fixing commits to extract vulnerable functions and lines. However, none of ...

Knowing the exploitability and severity of software vulnerabilities helps practitioners prioritize vulnerability mitigation efforts. Researchers have proposed and evaluated many different exploitability assessment methods. The goal of this research is to ...

Deep learning-based approaches for software vulnerability prediction currently mainly rely on the original text of software code as the feature of nodes in the graph of code and thus could learn a representation that is only specific to the code ...

Software vulnerabilities are prevalent in software systems and the unresolved vulnerable code may cause system failures or serious data breaches. To enhance security and prevent potential cyberattacks on software systems, it is critical to (1) early ...

Building new, powerful data-driven defenses against prevalent software vulnerabilities needs sizable, quality vulnerability datasets, so does large-scale benchmarking of existing defense solutions. Automatic data generation would promisingly meet the ...

Prior studies have demonstrated the effectiveness of Deep Learning (DL) in automated software vulnerability detection. Graph Neural Networks (GNNs) have proven effective in learning the graph representations of source code and are commonly adopted by ...

The use of learning-based techniques to achieve automated software vulnerability detection has been of longstanding interest within the software security domain. These data-driven solutions are enabled by large software vulnerability datasets used for ...

Vulnerability disclosure is a widely recognized practice in the software industry, but there is a lack of literature detailing the firsthand experiences of researchers who have gone through the process. This work aims to bridge that gap by sharing our ...

During software product development, the combination of digital resources (such as application programming interfaces and software development kits) establishes loose and tight edges between nodes, which form a software product network (SPN). ...

• Greater software vulnerability diffusion is demonstrated when software products are arranged globally compared to neighboring within their respective networks.
• Rapid responses of software developers toward mitigating vulnerability diffusion ...

Recent years have witnessed tremendous progress in NLP-based code comprehension via deep neural networks (DNN) learning, especially Large Language Models (LLMs). While the original application of LLMs is focused on code generation, there have been ...

Coverage-guided Greybox fuzzing is regarded as a practical approach to detect software vulnerabilities, which targets to expand code coverage as much as possible. A common implementation is to assign more energy to such seeds which find new edges with ...

• software vulnerability
• exploitability assessment

Assessing the exploitability of vulnerabilities is critical for defenders. But the vulnerability-triggering samples available for analysts often do not trigger exploitable states, making it hard to accurately assess whether the ...

Common Vulnerability and Exposure (CVE) reports published by Vulnerability Management Systems (VMSs) are used to evaluate the severity and exploitability of software vulnerabilities. Public vulnerability databases such as NVD uses the Common ...

Searching and reusing code snippets from open-source software repositories based on natural-language queries can greatly improve programming productivity.Recently, deep-learning-based approaches have become increasingly popular for code search. ...

The availability of large-scale, realistic vulnerability datasets is essential both for benchmarking existing techniques and for developing effective new data-driven approaches for software security. Yet such datasets are critically lacking. A promising ...

It is increasingly suggested to identify Software Vulnerabilities (SVs) in code commits to give early warnings about potential security risks. However, there is a lack of effort to assess vulnerability-contributing commits right after they are detected ...

Cyberattacks typically exploit software vulnerabilities to compromise computers and smart devices. To address vulnerabilities, many approaches have been developed to detect vulnerabilities using deep learning. However, most learning-based approaches ...

Software developers often focus on the functional aspects of software and defer consideration of security vulnerabilities until late in the development process. Consequently, vulnerabilities plague contemporary software. This work presents an approach ...

The paper considers the technology of fuzz testing, which is testing software systems by feeding critical or unexpected input data to them. An overview of the current problem state is made and the main systems of fuzz testing are presented. An ...

Software protection from exploitation of possible unknown vulnerabilities can be ensured both by searching for (for example, using symbolic execution) and subsequently eliminating vulnerabilities and by means of detection and/or intrusion ...