VulEval: Towards Repository-Level Evaluation of Software Vulnerability Detection

arXiv:2404.15596v1 Announce Type: cross
Abstract: Deep Learning (DL)-based methods have proven to be effective for software vulnerability detection, with a potential for substantial productivity enhancements for detecting vulnerabilities. Current methods mainly focus on detecting single functions (i.e., intra-procedural vulnerabilities), ignoring the more complex inter-procedural vulnerability detection scenarios in practice. For example, developers routinely engage with program analysis to detect vulnerabilities that span multiple functions within repositories. In addition, the widely-used benchmark datasets generally contain only intra-procedural vulnerabilities, leaving the assessment …

arxiv cs.cr cs.se current deep learning detection developers evaluation focus functions practice productivity repository single software software vulnerability vulnerabilities vulnerability vulnerability detection