Current machine-learning based software vulnerability detection methods are primarily
conducted at the function-level. However, a key limitation of these methods is that they do …

Despite the successes of machine learning (ML) and deep learning (DL)-based vulnerability
detectors (VD), they are limited to providing only the decision on whether a given code is …

Static bug detection has shown its effectiveness in detecting well-defined memory errors, eg,
memory leaks, buffer overflows, and null dereference. However, modern software systems …

The Java platform provides various cryptographic APIs to facilitate secure coding. However,
correctly using these APIs is challenging for developers who lack cybersecurity training …

The automatic detection of software vulnerabilities is an important research problem.
However, existing solutions to this problem rely on human experts to define features and …

Fine-grained software vulnerability detection is an important and challenging problem.
Ideally, a detection system (or detector) not only should be able to detect whether or not a …

Since deep learning (DL) can automatically learn features from source code, it has been
widely used to detect source code vulnerability. To achieve scalable vulnerability scanning …

Context: Zero-day vulnerabilities are highly destructive and sudden. However, traditional
static and dynamic testing methods cannot efficiently detect them. Objective: In this paper, a …

The ecosystem of open source software (OSS) has been growing considerably in size. In
addition, code clones-code fragments that are copied and pasted within or between software …

Automatically detecting software vulnerabilities is an important problem that has attracted
much attention from the academic research community. However, existing vulnerability …