Security Patch

Security patch detection and tracing are crucial for mitigating software vulnerabilities, yet identifying patches remains challenging due to inconsistent reporting practices and the sheer volume of code changes. Current research focuses on automated methods, employing techniques like large language models (LLMs) to analyze vulnerability reports and code commits, and leveraging both code-based and behavioral data (e.g., commit patterns) to identify patches even without explicit vulnerability disclosures. These advancements improve the efficiency and accuracy of patch identification, ultimately enhancing software security and reducing the risk of exploitation.

Papers

August 16, 2024

PatUntrack: Automated Generating Patch Examples for Issue Reports without Tracked Insecure Code
Ziyou Jiang, Lin Shi, Guowei Yang, Qing Wang
Bug Report Patch Generation Insecure Code Security Patch

July 24, 2024

PatchFinder: A Two-Phase Approach to Security Patch Tracing for Disclosed Vulnerabilities in Open-Source Software
Kaixuan Li, Jian Zhang, Sen Chen, Han Liu, Yang Liu, Yixiang Chen
Open Source Security Vulnerability Two Phase CVE Record Security Patch

December 2, 2023

Just-in-Time Security Patch Detection -- LLM At the Rescue for Data Augmentation
Xunzhu Tang, Zhenghan Chen, Kisub Kim, Haoye Tian, Saad Ezzini, Jacques Klein
Data Augmentation Medical LLM Search and Rescue Security Patch

February 4, 2023

Detecting Security Patches via Behavioral Data in Code Repositories
Nitzan Farhi, Noam Koenigstein, Yuval Shavitt
Security Vulnerability Common Vulnerability Behavioral Data Code Repository Version Control CVE Record Security Patch

Security Patch

Papers

PatUntrack: Automated Generating Patch Examples for Issue Reports without Tracked Insecure Code

PatchFinder: A Two-Phase Approach to Security Patch Tracing for Disclosed Vulnerabilities in Open-Source Software

Just-in-Time Security Patch Detection -- LLM At the Rescue for Data Augmentation

Detecting Security Patches via Behavioral Data in Code Repositories