Vulnerability Root Cause Function Locating For Java Vulnerabilities
Software Composition Analysis has emerged as an essential solution for mitigating vulnerabilities within the dependencies of software projects. Reachability analysis has been increasingly leveraged to significantly streamline vulnerability remediation procedures by prioritizing reachable vulnerabilities, which require the code-level root cause of vulnerabilities to perform reachability analysis. Notwithstanding, pinpointing the root cause leading to exploitation is laborious and resource-intensive, given the requisite manual oversight from specialists. To this end, we introduce root cause function Finder (RCFer), a solution capable of autonomously identifying the root cause function utilizing semantic analysis of enriched vulnerability descriptions and source code. The top-10 outcomes successfully pinpoint root cause functions for 73.81% of assessed vulnerabilities.
Wed 17 AprDisplayed time zone: Lisbon change
16:00 - 17:30 | SRC PostersSRC - ACM Student Research Competition at Open Space Chair(s): Mattia Fazzini University of Minnesota, André Restivo LIACC, Universidade do Porto, Porto, Portugal | ||
16:00 90mPoster | Program Decomposition and Translation with Static Analysis SRC - ACM Student Research Competition Ali Reza Ibrahimzada University of Illinois Urbana-Champaign DOI Pre-print File Attached | ||
16:00 90mPoster | IntTracer: Sanitization-aware IO2BO Vulnerability Detection across Codebases SRC - ACM Student Research Competition Xiang Chen Shanghai Jiao Tong University | ||
16:00 90mPoster | Vulnerability Root Cause Function Locating For Java Vulnerabilities SRC - ACM Student Research Competition Lyuye Zhang Nanyang Technological University | ||
16:00 90mPoster | Flakiness Repair in the Era of Large Language Models SRC - ACM Student Research Competition Yang Chen University of Illinois at Urbana-Champaign | ||
16:00 90mPoster | Refining Abstract Specifications into Dangerous Traffic Scenarios SRC - ACM Student Research Competition Aren Babikian McGill University | ||
16:00 90mPoster | An Ensemble Method for Bug Triaging using Large Language Models SRC - ACM Student Research Competition Atish Kumar Dipongkor University of Central Florida | ||
16:00 90mPoster | Classifying Source Code: How Far Can Compressor-based Classifiers Go? SRC - ACM Student Research Competition Zhou Yang Singapore Management University | ||