Litcius/Paper detail

Can explainability and deep-learning be used for localizing vulnerabilities in source code?

Alessandro Marchetto

202410 citationsDOIOpen Access PDF

Abstract

Security vulnerabilities are weaknesses of software due for instance to design flaws or implementation bugs that can be exploited and lead to potentially devastating security breaches. Traditionally, static code analysis is recognized as effective in the detection of software security vulnerabilities but at the expense of a high human effort required for checking a large number of produced false positive cases. Deep-learning methods have been recently proposed to overcome such a limitation of static code analysis and detect the vulnerable code by using vulnerability-related patterns learned from large source code datasets. However, the use of these methods for localizing the causes of the vulnerability in the source code, i.e., localize the statements that contain the bugs, has not been extensively explored.

Topics & Concepts

Computer scienceSource codeSecure codingVulnerability (computing)Code (set theory)Software bugStatic program analysisStatic analysisSoftwareSoftware security assuranceCode reviewVulnerability managementComputer securityBuffer overflowVulnerability assessmentProgramming languageSoftware developmentInformation securitySet (abstract data type)Psychological resilienceSecurity servicePsychologyPsychotherapistSoftware Engineering ResearchSoftware Reliability and Analysis ResearchSoftware System Performance and Reliability
Can explainability and deep-learning be used for localizing vulnerabilities in source code? | Litcius