Limits of Machine Learning for Automatic Vulnerability Detection. (arXiv:2306.17193v1 [cs.CR])

Recent results of machine learning for automatic vulnerability detection have
been very promising indeed: Given only the source code of a function $f$,
models trained by machine learning techniques can decide if $f$ contains a
security flaw with up to 70% accuracy.

But how do we know that these results are general and not specific to the
datasets? To study this question, researchers proposed to amplify the testing
set by injecting semantic preserving changes and found that the model's
accuracy …

accuracy automatic code detection flaw function indeed machine machine learning results security security flaw source code techniques vulnerability vulnerability detection