all InfoSec news
VulLibGen: Identifying Vulnerable Third-Party Libraries via Generative Pre-Trained Model. (arXiv:2308.04662v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
To avoid potential risks posed by vulnerabilities in third-party libraries,
security researchers maintain vulnerability databases (e.g., NVD) containing
vulnerability reports, each of which records the description of a vulnerability
and the name list of libraries affected by the vulnerability (a.k.a. vulnerable
libraries). However, recent studies on about 200,000 vulnerability reports in
NVD show that 53.3% of these reports do not include the name list of vulnerable
libraries, and 59.82% of the included name lists of vulnerable libraries are
incomplete or …
databases generative list name nvd party reports researchers risks security security researchers studies third third-party vulnerabilities vulnerability vulnerability reports vulnerable