Using Sequence-to-Sequence Learning for Repairing C Vulnerabilities
This addresses software vulnerability repair for businesses and researchers, but it is incremental as it applies an existing method to a new domain.
The paper tackled the problem of automatically repairing C vulnerabilities by training a sequence-to-sequence learning model on a large dataset of code changes from GitHub, and demonstrated feasibility by evaluating it on real-world vulnerabilities from the CVE database.
Software vulnerabilities affect all businesses and research is being done to avoid, detect or repair them. In this article, we contribute a new technique for automatic vulnerability fixing. We present a system that uses the rich software development history that can be found on GitHub to train an AI system that generates patches. We apply sequence-to-sequence learning on a big dataset of code changes and we evaluate the trained system on real world vulnerabilities from the CVE database. The result shows the feasibility of using sequence-to-sequence learning for fixing software vulnerabilities.