Vulnerable Code

Vulnerable code research focuses on automatically identifying and repairing security flaws in software, aiming to improve software security and reduce the burden on developers. Current research heavily utilizes large language models (LLMs), often incorporating techniques like prompt tuning, multi-agent frameworks, and reinforcement learning with semantic rewards, to enhance vulnerability detection and code repair capabilities. These advancements are significant because they offer the potential for more efficient and effective automated security analysis and remediation, ultimately leading to more secure software systems.

Papers

September 27, 2024

Code Vulnerability Repair with Large Language Model using Context-Aware Prompt Tuning
Arshiya Khan, Guannan Liu, Xing Gao
Large Language Model Prompt Tuning Software Vulnerability Vulnerable Code Vulnerability Repair

September 16, 2024

AutoSafeCoder: A Multi-Agent Framework for Securing LLM Code Generation through Static Analysis and Fuzz Testing
Ana Nunez, Nafis Tanveer Islam, Sumit Kumar Jha, Peyman Najafirad
Multi Agent Code Generation Multi Agent Framework Fuzz Testing Static Analysis Vulnerable Code Automatic Coding Code Vulnerability LLM Driven Agent

September 10, 2024

HexaCoder: Secure Code Generation via Oracle-Guided Synthetic Training Data
Hossein Hajipour, Lea Schönherr, Thorsten Holz, Mario Fritz
Code Generation Encoder Side Synthetic Training Data Vulnerable Code LLM Generated Code Code Security

September 1, 2024

Enhancing Source Code Security with LLMs: Demystifying The Challenges and Generating Reliable Repairs
Nafis Tanveer Islam, Joseph Khoury, Andrew Seong, Elias Bou-Harb, Peyman Najafirad
Large Language Model Technical Challenge Vulnerable Code Provable Repair Vulnerability Repair

August 30, 2024

Unintentional Security Flaws in Code: Automated Defense via Root Cause Analysis
Nafis Tanveer Islam, Mazal Bethany, Dylan Manuel, Murtuza Jadliwala, Peyman Najafirad
Real World Code Root Cause Vulnerable Code Code Security

August 28, 2024

ANVIL: Anomaly-based Vulnerability Identification without Labelled Training Data
Weizhou Wang, Eric Liu, Xiangyu Guo, David Lie
Vulnerability Detection Vulnerable Code

August 20, 2024

How Well Do Large Language Models Serve as End-to-End Secure Code Producers?
Jianian Gong, Nachuan Duan, Ziheng Tao, Zhaohui Gong, Yuan Yuan, Minlie Huang
Code Generation Source Code Vulnerable Code Code Security Insecure Code

August 7, 2024

Exploring RAG-based Vulnerability Augmentation with LLMs
Seyed Shayan Daneshvar, Yu Nong, Xu Yang, Shaowei Wang, Haipeng Cai
Large Language Model Vulnerable Code Vulnerability Data Based Vulnerability Detection

August 5, 2024

Practical Attacks against Black-box Code Completion Engines
Slobodan Jenko, Jingxuan He, Niels Mündler, Mark Vero, Martin Vechev
Code Completion Vulnerable Code

July 31, 2024

Automated Software Vulnerability Static Code Analysis Using Generative Pre-Trained Transformer Models
Elijah Pelofske, Vincent Urias, Lorie M. Liebrock
Generative Pre Trained Transformer Vulnerability Detection Vulnerable Code Code Datasets

July 2, 2024

Is Your AI-Generated Code Really Safe? Evaluating Large Language Models on Secure Code Generation with CodeSecEval
Jiexin Wang, Xitong Luo, Liuwen Cao, Hongkui He, Hailin Huang, Jiayuan Xie, Adam Jatowt, Yi Cai
Code Generation Program Repair Vulnerable Code Code Model Safe AI

May 26, 2024

Predicting Likely-Vulnerable Code Changes: Machine Learning-based Vulnerability Protections for Android Open Source Project
Keun Soo Yim
Vulnerable Code Code Security Software Security AI Vulnerability Open Source Software

May 20, 2024

Vulnerability Detection in C/C++ Code with Deep Learning
Zhen Huang, Amy Aumpansub
Deep Learning Vulnerability Detection Software Vulnerability Vulnerable Code C++ Implementation C Program Vulnerability Pattern

April 30, 2024

Constrained Decoding for Secure Code Generation
Yanjun Fu, Ethan Baker, Yu Ding, Yizheng Chen
Large Language Model Code Generation Vulnerable Code Code LLM Constrained Decoding Code Security

March 11, 2024

Poisoning Programs by Un-Repairing Code: Security Concerns of AI-generated Code
Cristina Improta
Data Poisoning Attack Vulnerable Code Code Generator Security Implication AI Generated Code Code Repair

February 6, 2024

Studying Vulnerable Code Entities in R
Zixiao Zhao, Millon Madhur Das, Fatemeh H. Fard
Language Model Code Summarization Code LLM Vulnerable Code

January 7, 2024

LLM-Powered Code Vulnerability Repair with Reinforcement Learning and Semantic Reward
Nafis Tanveer Islam, Joseph Khoury, Andrew Seong, Mohammad Bahrami Karkevandi, Gonzalo De La Torre Parra, Elias Bou-Harb, Peyman Najafirad
Reinforcement Learning Vulnerability Detection Vulnerable Code Functional Programming Code Vulnerability Code Security Vulnerability Repair Semantic Reward

December 7, 2023

DeceptPrompt: Exploiting LLM-driven Code Generation via Adversarial Natural Language Instructions
Fangzhou Wu, Xiaogeng Liu, Chaowei Xiao
Large Language Model Code Generation Code Generation Task Vulnerable Code LLM Based Code Generation Adversarial Visual Instruction

November 13, 2023

Can LLMs Patch Security Issues?
Kamel Alrashedy, Abdullah Aljasser, Pradyumna Tambwekar, Matthew Gombolay
Large Language Model Code Generation Code LLM Vulnerable Code Code Security Diverse Solution

October 25, 2023

Enhancing Large Language Models for Secure Code Generation: A Dataset-driven Study on Vulnerability Mitigation
Jiexin Wang, Liuwen Cao, Xitong Luo, Zhiping Zhou, Jiayuan Xie, Adam Jatowt, Yi Cai
Code Generation Data Driven Vulnerable Code Model Trustworthiness

Vulnerable Code

Papers

Code Vulnerability Repair with Large Language Model using Context-Aware Prompt Tuning

AutoSafeCoder: A Multi-Agent Framework for Securing LLM Code Generation through Static Analysis and Fuzz Testing

HexaCoder: Secure Code Generation via Oracle-Guided Synthetic Training Data

Enhancing Source Code Security with LLMs: Demystifying The Challenges and Generating Reliable Repairs

Unintentional Security Flaws in Code: Automated Defense via Root Cause Analysis

ANVIL: Anomaly-based Vulnerability Identification without Labelled Training Data

How Well Do Large Language Models Serve as End-to-End Secure Code Producers?

Exploring RAG-based Vulnerability Augmentation with LLMs

Practical Attacks against Black-box Code Completion Engines

Automated Software Vulnerability Static Code Analysis Using Generative Pre-Trained Transformer Models

Is Your AI-Generated Code Really Safe? Evaluating Large Language Models on Secure Code Generation with CodeSecEval

Predicting Likely-Vulnerable Code Changes: Machine Learning-based Vulnerability Protections for Android Open Source Project

Vulnerability Detection in C/C++ Code with Deep Learning

Constrained Decoding for Secure Code Generation

Poisoning Programs by Un-Repairing Code: Security Concerns of AI-generated Code

Studying Vulnerable Code Entities in R

LLM-Powered Code Vulnerability Repair with Reinforcement Learning and Semantic Reward

DeceptPrompt: Exploiting LLM-driven Code Generation via Adversarial Natural Language Instructions

Can LLMs Patch Security Issues?

Enhancing Large Language Models for Secure Code Generation: A Dataset-driven Study on Vulnerability Mitigation