Leveraging multi-task learning to improve the detection of SATD and vulnerability
Multi-task learning is a paradigm that leverages information from related tasks to improve the performance of machine learning. Self-Admitted Technical Debt (SATD) are comments in the code that indicate not-quite-right code introduced for short-term needs, i.e., technical debt. Previous research has provided evidence of a possible relationship between SATD and the existence of vulnerabilities in the code. In this work, we investigate if multi-task learning could leverage the information shared between SATD and vulnerabilities to improve the automatic detection of these issues. To this aim, we implemented VulSATD, a deep learner that detects vulnerable and SATD code based on CodeBERT, a pre-trained transformers model. We evaluated VulSATD on MADE-WIC, a fused dataset of functions annotated for TD (through SATD) and vulnerability. We compared the results using single and multi-task approaches, obtaining no significant differences even after employing a weighted loss. Our findings indicate the need for further investigation into the relationship between these two aspects of low-quality code. Specifically, it is possible that only a subset of technical debt is directly associated with security concerns. Therefore, the relationship between different types of technical debt and software vulnerabilities deserves future exploration and a deeper understanding.
Sun 27 AprDisplayed time zone: Eastern Time (US & Canada) change
11:00 - 12:30 | Vulnerabilities, Technical Debt, DefectsEarly Research Achievements (ERA) / Research Track / Replications and Negative Results (RENE) at 205 Chair(s): Anthony Peruma University of Hawai‘i at Mānoa, Coen De Roover Vrije Universiteit Brussel, Gema Rodríguez-Pérez Department of Computer Science, Mathematics, Physics and Statistics, University of British Columbia, Okanagan Campus | ||
11:00 10mTalk | CalmDroid: Core-Set Based Active Learning for Multi-Label Android Malware Detection Research Track Minhong Dong Tiangong University, Liyuan Liu Tiangong University, Mengting Zhang Tiangong University, Sen Chen Nankai University, Wenying He Hebei University of Technology, Ze Wang Tiangong University, Yude Bai Tianjin University | ||
11:10 10mTalk | Towards Task-Harmonious Vulnerability Assessment based on LLM Research Track Zaixing Zhang Southeast University, Chang Jianming , Tianyuan Hu Southeast University, Lulu Wang Southeast University, Bixin Li Southeast University | ||
11:20 10mTalk | Slicing-Based Approach for Detecting and Patching Vulnerable Code Clones Research Track Hakam W. Alomari Miami University, Christopher Vendome Miami University, Himal Gyawali Miami University Pre-print | ||
11:30 6mTalk | Revisiting Security Practices for GitHub Actions Workflows Early Research Achievements (ERA) | ||
11:36 6mTalk | Leveraging multi-task learning to improve the detection of SATD and vulnerability Replications and Negative Results (RENE) Barbara Russo Free University of Bolzano, Jorge Melegati Free University of Bozen-Bolzano, Moritz Mock Free University of Bozen-Bolzano Pre-print | ||
11:42 10mTalk | Leveraging Context Information for Self-Admitted Technical Debt Detection Research Track Miki Yonekura Nara Institute of Science and Technology, Yutaro Kashiwa Nara Institute of Science and Technology, Bin Lin Hangzhou Dianzi University, Kenji Fujiwara Nara Women’s University, Hajimu Iida Nara Institute of Science and Technology | ||
11:52 6mTalk | Personalized Code Readability Assessment: Are We There Yet? Replications and Negative Results (RENE) Antonio Vitale Politecnico di Torino, University of Molise, Emanuela Guglielmi University of Molise, Rocco Oliveto University of Molise, Simone Scalabrino University of Molise | ||
11:58 6mTalk | Automated Refactoring of Non-Idiomatic Python Code: A Differentiated Replication with LLMs Replications and Negative Results (RENE) Pre-print | ||
12:04 10mResearch paper | Sonar: Detecting Logic Bugs in DBMS through Generating Semantic-aware Non-Optimizing Query Research Track Shiyang Ye Zhejiang University, Chao Ni Zhejiang University, Jue Wang Nanjing University, Qianqian Pang zhejang university, Xinrui Li School of Software Technology, Zhejiang University, xiaodanxu College of Computer Science and Technology, Zhejiang university | ||
12:14 6mTalk | A Study on Applying Large Language Models to Issue Classification Replications and Negative Results (RENE) | ||
12:20 10mLive Q&A | Session's Discussion: "Vulnerabilities, Technical Debt, Defects" Research Track | ||