Asteria-Pro: Enhancing Deep Learning-based Binary Code Similarity Detection by Incorporating Domain Knowledge
Widespread code reuse allows vulnerabilities to proliferate among a vast variety of firmware.
There is an urgent need to detect these vulnerable codes effectively and efficiently. By …
There is an urgent need to detect these vulnerable codes effectively and efficiently. By …
{MOVERY}: A Precise Approach for Modified Vulnerable Code Clone Discovery from Modified {Open-Source} Software Components
Vulnerabilities inherited from third-party open-source software (OSS) components can
compromise the entire software security. However, discovering propagated vulnerable code …
compromise the entire software security. However, discovering propagated vulnerable code …
Vision: Identifying affected library versions for open source software vulnerabilities
Vulnerability reports play a crucial role in mitigating open-source software risks. Typically,
the vulnerability report contains affected versions of a software. However, despite the …
the vulnerability report contains affected versions of a software. However, despite the …
VMUD: Detecting Recurring Vulnerabilities with Multiple Fixing Functions via Function Selection and Semantic Equivalent Statement Matching
The widespread use of open-source software (OSS) has led to extensive code reuse,
making vulnerabilities in OSS significantly pervasive. The vulnerabilities due to code reuse …
making vulnerabilities in OSS significantly pervasive. The vulnerabilities due to code reuse …
LLM-Enhanced Static Analysis for Precise Identification of Vulnerable OSS Versions
Open-source software (OSS) has experienced a surge in popularity, attributed to its
collaborative development model and cost-effective nature. However, the adoption of …
collaborative development model and cost-effective nature. However, the adoption of …
{V1SCAN}: Discovering 1-day Vulnerabilities in Reused {C/C++} Open-source Software Components Using Code Classification Techniques
We present V1SCAN, an effective approach for discovering 1-day vulnerabilities in reused
C/C++ open-source software (OSS) components. Reusing third-party OSS has many …
C/C++ open-source software (OSS) components. Reusing third-party OSS has many …
xVDB: A high-coverage approach for constructing a vulnerability database
Security patches play an important role in detecting and fixing one-day vulnerabilities.
However, collecting abundant security patches from diverse data sources is not a simple …
However, collecting abundant security patches from diverse data sources is not a simple …
{FIRE}: Combining {Multi-Stage} Filtering with Taint Analysis for Scalable Recurring Vulnerability Detection
S Feng, Y Wu, W Xue, S Pan, D Zou, Y Liu… - 33rd USENIX Security …, 2024 - usenix.org
With the continuous development of software open-sourcing, the reuse of open-source
software has led to a significant increase in the occurrence of recurring vulnerabilities …
software has led to a significant increase in the occurrence of recurring vulnerabilities …
Benchmarking Software Vulnerability Detection Techniques: A Survey
Y Bi, J Huang, P Liu, L Wang - arxiv preprint arxiv:2303.16362, 2023 - arxiv.org
Software vulnerabilities can have serious consequences, which is why many techniques
have been proposed to defend against them. Among these, vulnerability detection …
have been proposed to defend against them. Among these, vulnerability detection …
Dicos: Discovering insecure code snippets from stack overflow posts by leveraging user discussions
Online Q&A fora such as Stack Overflow assist developers to solve their faced coding
problems. Despite the advantages, Stack Overflow has the potential to provide insecure …
problems. Despite the advantages, Stack Overflow has the potential to provide insecure …