3 matches found
Finding Memory Leaks in C/C++ Programs Via Neuro-Symbolic Augmented Static Analysis
Memory leaks remain prevalent in real-world C/C++ software. Static analyzers such as CodeQL provide scalable program analysis but frequently miss such bugs because they cannot recognize project-specific custom memory-management functions and lack path-sensitive control-flow modeling. We present...
OSS-CRS: Liberating AIxCC Cyber Reasoning Systems for Real-World Open-Source Security
DARPA's AI Cyber Challenge AIxCC showed that cyber reasoning systems CRSs can go beyond vulnerability discovery to autonomously confirm and patch bugs: seven teams built such systems and open-sourced them after the competition. Yet all seven open-sourced CRSs remain largely unusable outside their...
Sifting the Noise: A Comparative Study of LLM Agents in Vulnerability False Positive Filtering
Static Application Security Testing SAST tools are essential for identifying software vulnerabilities, but they often produce a high volume of false positives FPs, imposing a substantial manual triage burden on developers. Recent advances in Large Language Model LLM agents offer a promising...