all InfoSec news
PatchRNN: A Deep Learning-Based System for Security Patch Identification. (arXiv:2108.03358v2 [cs.CR] UPDATED)
cs.CR updates on arXiv.org arxiv.org
With the increasing usage of open-source software (OSS) components,
vulnerabilities embedded within them are propagated to a huge number of
underlying applications. In practice, the timely application of security
patches in downstream software is challenging. The main reason is that such
patches do not explicitly indicate their security impacts in the documentation,
which would be difficult to recognize for software maintainers and users.
However, attackers can still identify these "secret" security patches by
analyzing the source code and generate corresponding …
application applications attackers deep learning documentation embedded identification identify main maintainers open-source software oss patch patches practice security security patch software system vulnerabilities