Triet Huynh Minh Le
YOU?
Author Swipe
View article: VulGuard: An Unified Tool for Evaluating Just-In-Time Vulnerability Prediction Models
VulGuard: An Unified Tool for Evaluating Just-In-Time Vulnerability Prediction Models Open
We present VulGuard, an automated tool designed to streamline the extraction, processing, and analysis of commits from GitHub repositories for Just-In-Time vulnerability prediction (JIT-VP) research. VulGuard automatically mines commit his…
View article: Toward Realistic Evaluations of Just-In-Time Vulnerability Prediction
Toward Realistic Evaluations of Just-In-Time Vulnerability Prediction Open
Modern software systems are increasingly complex, presenting significant challenges in quality assurance. Just-in-time vulnerability prediction (JIT-VP) is a proactive approach to identifying vulnerable commits and providing early warnings…
View article: LLMSecConfig: An LLM-Based Approach for Fixing Software Container Misconfigurations
LLMSecConfig: An LLM-Based Approach for Fixing Software Container Misconfigurations Open
Security misconfigurations in Container Orchestrators (COs) can pose serious threats to software systems. While Static Analysis Tools (SATs) can effectively detect these security vulnerabilities, the industry currently lacks automated solu…
View article: MVD: A Multi-Lingual Software Vulnerability Detection Framework
MVD: A Multi-Lingual Software Vulnerability Detection Framework Open
Software vulnerabilities can result in catastrophic cyberattacks that increasingly threaten business operations. Consequently, ensuring the safety of software systems has become a paramount concern for both private and public sectors. Rece…
View article: MVD: A Multi-Lingual Software Vulnerability Detection Framework
MVD: A Multi-Lingual Software Vulnerability Detection Framework Open
Software vulnerabilities can result in catastrophic cyberattacks that increasingly threaten business operations. Consequently, ensuring the safety of software systems has become a paramount concern for both private and public sectors. Rece…
View article: Automated Code-centric Software Vulnerability Assessment: How Far Are We? An Empirical Study in C/C++
Automated Code-centric Software Vulnerability Assessment: How Far Are We? An Empirical Study in C/C++ Open
Background: The C and C++ languages hold significant importance in Software\nEngineering research because of their widespread use in practice. Numerous\nstudies have utilized Machine Learning (ML) and Deep Learning (DL) techniques\nto dete…
View article: Automatic Data Labeling for Software Vulnerability Prediction Models: How Far Are We?
Automatic Data Labeling for Software Vulnerability Prediction Models: How Far Are We? Open
Background: Software Vulnerability (SV) prediction needs large-sized and high-quality data to perform well. Current SV datasets mostly require expensive labeling efforts by experts (human-labeled) and thus are limited in size. Meanwhile, t…
View article: Mitigating Data Imbalance for Software Vulnerability Assessment: Does Data Augmentation Help?
Mitigating Data Imbalance for Software Vulnerability Assessment: Does Data Augmentation Help? Open
Background: Software Vulnerability (SV) assessment is increasingly adopted to address the ever-increasing volume and complexity of SVs. Data-driven approaches have been widely used to automate SV assessment tasks, particularly the predicti…
View article: Systematic Literature Review on Application of Learning-based Approaches in Continuous Integration
Systematic Literature Review on Application of Learning-based Approaches in Continuous Integration Open
Context: Machine learning (ML) and deep learning (DL) analyze raw data to extract valuable insights in specific phases. The rise of continuous practices in software projects emphasizes automating Continuous Integration (CI) with these lear…
View article: Software Vulnerability Prediction in Low-Resource Languages: An Empirical Study of CodeBERT and ChatGPT
Software Vulnerability Prediction in Low-Resource Languages: An Empirical Study of CodeBERT and ChatGPT Open
Background: Software Vulnerability (SV) prediction in emerging languages is increasingly important to ensure software security in modern systems. However, these languages usually have limited SV data for developing high-performing predicti…
View article: Are Latent Vulnerabilities Hidden Gems for Software Vulnerability Prediction? An Empirical Study
Are Latent Vulnerabilities Hidden Gems for Software Vulnerability Prediction? An Empirical Study Open
Collecting relevant and high-quality data is integral to the development of effective Software Vulnerability (SV) prediction models. Most of the current SV datasets rely on SV-fixing commits to extract vulnerable functions and lines. Howev…
View article: Systematic Literature Review on Application of Learning-Based Approaches in Continuous Integration
Systematic Literature Review on Application of Learning-Based Approaches in Continuous Integration Open
Machine learning (ML) and deep learning (DL) analyze raw data to extract valuable insights in specific phases. The rise of continuous practices in software projects emphasizes automating Continuous Integration (CI) with these learning-base…
View article: Systematic Literature Review on Application of Machine Learning in Continuous Integration
Systematic Literature Review on Application of Machine Learning in Continuous Integration Open
This research conducted a systematic review of the literature on machine learning (ML)-based methods in the context of Continuous Integration (CI) over the past 22 years. The study aimed to identify and describe the techniques used in ML-b…
View article: Mitigating ML Model Decay in Continuous Integration with Data Drift Detection: An Empirical Study
Mitigating ML Model Decay in Continuous Integration with Data Drift Detection: An Empirical Study Open
Background: Machine Learning (ML) methods are being increasingly used for automating different activities, e.g., Test Case Prioritization (TCP), of Continuous Integration (CI). However, ML models need frequent retraining as a result of cha…
View article: SoK: Machine Learning for Continuous Integration
SoK: Machine Learning for Continuous Integration Open
Continuous Integration (CI) has become a well-established software development practice for automatically and continuously integrating code changes during software development. An increasing number of Machine Learning (ML) based approaches…
View article: Towards an Improved Understanding of Software Vulnerability Assessment Using Data-Driven Approaches
Towards an Improved Understanding of Software Vulnerability Assessment Using Data-Driven Approaches Open
The thesis advances the field of software security by providing knowledge and automation support for software vulnerability assessment using data-driven approaches. Software vulnerability assessment provides important and multifaceted info…
View article: A Survey on Data-driven Software Vulnerability Assessment and Prioritization
A Survey on Data-driven Software Vulnerability Assessment and Prioritization Open
Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security risks to many software systems. Given the limited resources in practice, SV assessment and prioritization help practitioners devise optimal SV mit…
View article: On the Use of Fine-grained Vulnerable Code Statements for Software Vulnerability Assessment Models
On the Use of Fine-grained Vulnerable Code Statements for Software Vulnerability Assessment Models Open
Many studies have developed Machine Learning (ML) approaches to detect Software Vulnerabilities (SVs) in functions and fine-grained code statements that cause such SVs. However, there is little work on leveraging such detection outputs for…
View article: Automated Security Assessment for the Internet of Things
Automated Security Assessment for the Internet of Things Open
Internet of Things (IoT) based applications face an increasing number of potential security risks, which need to be systematically assessed and addressed. Expert-based manual assessment of IoT security is a predominant approach, which is u…
View article: DeepCVA: Automated Commit-level Vulnerability Assessment with Deep Multi-task Learning
DeepCVA: Automated Commit-level Vulnerability Assessment with Deep Multi-task Learning Open
It is increasingly suggested to identify Software Vulnerabilities (SVs) in code commits to give early warnings about potential security risks. However, there is a lack of effort to assess vulnerability-contributing commits right after they…
View article: A Survey on Data-driven Software Vulnerability Assessment and Prioritization
A Survey on Data-driven Software Vulnerability Assessment and Prioritization Open
Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security risks to many software systems. Given the limited resources in practice, SV assessment and prioritization help practitioners devise optimal SV mit…
View article: Demystifying the Mysteries of Security Vulnerability Discussions on Developer Q&A Sites.
Demystifying the Mysteries of Security Vulnerability Discussions on Developer Q&A Sites. Open
Detection and mitigation of Security Vulnerabilities (SVs) are integral tasks in software development and maintenance. Software developers often explore developer Question and Answer (Q&A) websites to find solutions for securing their soft…
View article: Deep Learning for Source Code Modeling and Generation
Deep Learning for Source Code Modeling and Generation Open
Deep Learning (DL) techniques for Natural Language Processing have been evolving remarkably fast. Recently, the DL advances in language modeling, machine translation, and paragraph understanding are so prominent that the potential of DL in…
View article: Deep Learning for Source Code Modeling and Generation: Models, Applications and Challenges
Deep Learning for Source Code Modeling and Generation: Models, Applications and Challenges Open
Deep Learning (DL) techniques for Natural Language Processing have been evolving remarkably fast. Recently, the DL advances in language modeling, machine translation and paragraph understanding are so prominent that the potential of DL in …
View article: Automated Software Vulnerability Assessment with Concept Drift
Automated Software Vulnerability Assessment with Concept Drift Open
Software Engineering researchers are increasingly using Natural Language Processing (NLP) techniques to automate Software Vulnerabilities (SVs) assessment using the descriptions in public repositories. However, the existing NLP-based appro…
View article: Personalized Facets for Faceted Search Using Wikipedia Disambiguation and Social Network
Personalized Facets for Faceted Search Using Wikipedia Disambiguation and Social Network Open
The main aim of this paper is to deal with semantic search based on personalized facets using Wikipedia disambiguation data which can help to solve lexical ambiguity. User profile is learned from his/her activities and preferences in Faceb…