ML4AVD research remains locked into binary function-level classification of C/C++ vulnerabilities because twelve pain points in the pipeline reinforce each other through feedback loops.
VUDDY: A scalable approach for vulnerable code clone discovery
4 Pith papers cite this work. Polarity classification is still indexing.
citation-role summary
citation-polarity summary
fields
cs.SE 4roles
background 1polarities
background 1representative citing papers
Large-scale analysis of 200K PyPI packages identifies 1,361 replicated popular packages, 256 replicated vulnerable packages, and 7 new replicated malicious packages, showing replication as a security threat vector.
Empirical analysis of 338 PRs with self-admitted ChatGPT usage shows low full integration (median 25%), selective adaptation patterns, and broader influence on developer reasoning during reviews.
SBridge uses cross-domain control block matching to find source-to-binary function similarity, reporting 75.13% recall@1 and 80.98% recall@5 on 3,904 real-world binaries despite ~40% inlining.
citing papers explorer
-
Uncovering Similar but Different Packages in PyPI and Potential Security Threats
Large-scale analysis of 200K PyPI packages identifies 1,361 replicated popular packages, 256 replicated vulnerable packages, and 7 new replicated malicious packages, showing replication as a security threat vector.
-
SBridge: Identifying Source-to-Binary Function Similarity via Cross-Domain Control Block Matching
SBridge uses cross-domain control block matching to find source-to-binary function similarity, reporting 75.13% recall@1 and 80.98% recall@5 on 3,904 real-world binaries despite ~40% inlining.