Vulnerability discovery based on source code patch commit mining: a systematic literature review
In recent years, there has been a remarkable surge in the adoption of open-source software
(OSS). However, with the growing usage of OSS components in both free and proprietary …
(OSS). However, with the growing usage of OSS components in both free and proprietary …
Finetuning large language models for vulnerability detection
A Shestov, A Cheshkov, R Levichev… - arXiv preprint arXiv …, 2024 - arxiv.org
This paper presents the results of finetuning large language models (LLMs) for the task of
detecting vulnerabilities in source code. We leverage WizardCoder, a recent improvement of …
detecting vulnerabilities in source code. We leverage WizardCoder, a recent improvement of …
PatchFinder: A two-phase approach to security patch tracing for disclosed vulnerabilities in open-source software
Open-source software (OSS) vulnerabilities are increasingly prevalent, emphasizing the
importance of security patches. However, in widely used security platforms like NVD, a …
importance of security patches. However, in widely used security platforms like NVD, a …
VFCFinder: Pairing Security Advisories and Patches
Security advisories are the primary channel of communication for discovered vulnerabilities
in open-source software, but they often lack crucial information. Specifically, 63% of …
in open-source software, but they often lack crucial information. Specifically, 63% of …
Vision: Identifying Affected Library Versions for Open Source Software Vulnerabilities
Vulnerability reports play a crucial role in mitigating open-source software risks. Typically,
the vulnerability report contains affected versions of a software. However, despite the …
the vulnerability report contains affected versions of a software. However, despite the …
Identifying Affected Libraries and Their Ecosystems for Open Source Software Vulnerabilities
Software composition analysis (SCA) tools have been widely adopted to identify vulnerable
libraries used in software applications. Such SCA tools depend on a vulnerability database …
libraries used in software applications. Such SCA tools depend on a vulnerability database …
VFCFinder: Seamlessly pairing security advisories and patches
Security advisories are the primary channel of communication for discovered vulnerabilities
in open-source software, but they often lack crucial information. Specifically, 63% of …
in open-source software, but they often lack crucial information. Specifically, 63% of …
Dual Prompt-Based Few-Shot Learning for Automated Vulnerability Patch Localization
Vulnerabilities are disclosed with corresponding patches so that users can remediate them
in time. However, there are instances where patches are not released with the disclosed …
in time. However, there are instances where patches are not released with the disclosed …
Enhancing Security in Third-Party Library Reuse--Comprehensive Detection of 1-day Vulnerability through Code Patch Analysis
S Xu, J Dong, W Cai, J Li, A Shaghaghi, N Sun… - arXiv preprint arXiv …, 2024 - arxiv.org
Nowadays, software development progresses rapidly to incorporate new features. To
facilitate such growth and provide convenience for developers when creating and updating …
facilitate such growth and provide convenience for developers when creating and updating …
Improving Data Curation of Software Vulnerability Patches through Uncertainty Quantification
H Chen, Y Zhao, K Damevski - arXiv preprint arXiv:2411.11659, 2024 - arxiv.org
The changesets (or patches) that fix open source software vulnerabilities form critical
datasets for various machine learning security-enhancing applications, such as automated …
datasets for various machine learning security-enhancing applications, such as automated …