{"id":"https://openalex.org/W4308641648","doi":"https://doi.org/10.1145/3540250.3549098","title":"VulRepair: a T5-based automated software vulnerability repair","display_name":"VulRepair: a T5-based automated software vulnerability repair","publication_year":2022,"publication_date":"2022-11-07","ids":{"openalex":"https://openalex.org/W4308641648","doi":"https://doi.org/10.1145/3540250.3549098"},"language":"en","primary_location":{"id":"doi:10.1145/3540250.3549098","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3540250.3549098","pdf_url":null,"source":{"id":"https://openalex.org/S4363608883","display_name":"Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102710465","display_name":"Michael C. Fu","orcid":"https://orcid.org/0000-0001-7211-3491"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Michael Fu","raw_affiliation_strings":["Monash University, Australia"],"affiliations":[{"raw_affiliation_string":"Monash University, Australia","institution_ids":["https://openalex.org/I56590836"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081449581","display_name":"Chakkrit Tantithamthavorn","orcid":"https://orcid.org/0000-0002-5516-9984"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Chakkrit Tantithamthavorn","raw_affiliation_strings":["Monash University, Australia"],"affiliations":[{"raw_affiliation_string":"Monash University, Australia","institution_ids":["https://openalex.org/I56590836"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102780660","display_name":"Trung Le","orcid":"https://orcid.org/0000-0003-0414-9067"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Trung Le","raw_affiliation_strings":["Monash University, Australia"],"affiliations":[{"raw_affiliation_string":"Monash University, Australia","institution_ids":["https://openalex.org/I56590836"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100769134","display_name":"Van Nguyen","orcid":"https://orcid.org/0000-0002-5838-3409"},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Van Nguyen","raw_affiliation_strings":["University of Adelaide, Australia"],"affiliations":[{"raw_affiliation_string":"University of Adelaide, Australia","institution_ids":["https://openalex.org/I5681781"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5036447132","display_name":"Dinh Phung","orcid":"https://orcid.org/0000-0002-9977-8247"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Dinh Phung","raw_affiliation_strings":["Monash University, Australia"],"affiliations":[{"raw_affiliation_string":"Monash University, Australia","institution_ids":["https://openalex.org/I56590836"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5102710465"],"corresponding_institution_ids":["https://openalex.org/I56590836"],"apc_list":null,"apc_paid":null,"fwci":23.5144,"has_fulltext":false,"cited_by_count":169,"citation_normalized_percentile":{"value":0.996854,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"935","last_page":"947"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.8816589713096619},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7792972326278687},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.6501625776290894},{"id":"https://openalex.org/keywords/baseline","display_name":"Baseline (sea)","score":0.6277388334274292},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.6252249479293823},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5588704347610474},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5559085011482239},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5499234199523926},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.4336668848991394},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.4331783652305603},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.34419092535972595},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.21008607745170593},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.15503209829330444},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.07891234755516052},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.057643383741378784}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.8816589713096619},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7792972326278687},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.6501625776290894},{"id":"https://openalex.org/C12725497","wikidata":"https://www.wikidata.org/wiki/Q810247","display_name":"Baseline (sea)","level":2,"score":0.6277388334274292},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.6252249479293823},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5588704347610474},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5559085011482239},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5499234199523926},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.4336668848991394},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.4331783652305603},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.34419092535972595},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.21008607745170593},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.15503209829330444},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.07891234755516052},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.057643383741378784},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C111368507","wikidata":"https://www.wikidata.org/wiki/Q43518","display_name":"Oceanography","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3540250.3549098","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3540250.3549098","pdf_url":null,"source":{"id":"https://openalex.org/S4363608883","display_name":"Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G4416570303","display_name":null,"funder_award_id":"DE200100941","funder_id":"https://openalex.org/F4320334704","funder_display_name":"Australian Research Council"}],"funders":[{"id":"https://openalex.org/F4320334704","display_name":"Australian Research Council","ror":"https://ror.org/05mmh0f86"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":43,"referenced_works":["https://openalex.org/W2008158744","https://openalex.org/W2134646643","https://openalex.org/W2344444819","https://openalex.org/W2367798545","https://openalex.org/W2474835145","https://openalex.org/W2754913139","https://openalex.org/W2794889478","https://openalex.org/W2907705732","https://openalex.org/W2930019028","https://openalex.org/W2954823997","https://openalex.org/W2962960733","https://openalex.org/W2963520355","https://openalex.org/W2963925437","https://openalex.org/W2979826702","https://openalex.org/W2981328759","https://openalex.org/W2981852735","https://openalex.org/W3011564318","https://openalex.org/W3013745307","https://openalex.org/W3043761819","https://openalex.org/W3083954092","https://openalex.org/W3084918652","https://openalex.org/W3089621332","https://openalex.org/W3091588759","https://openalex.org/W3094130708","https://openalex.org/W3098605233","https://openalex.org/W3111602563","https://openalex.org/W3122149408","https://openalex.org/W3134686229","https://openalex.org/W3156480510","https://openalex.org/W3161027892","https://openalex.org/W3166095789","https://openalex.org/W3174067697","https://openalex.org/W3174220201","https://openalex.org/W3174750614","https://openalex.org/W3175995826","https://openalex.org/W3183469243","https://openalex.org/W3198685994","https://openalex.org/W4207068100","https://openalex.org/W4225640545","https://openalex.org/W4288089799","https://openalex.org/W4297824267","https://openalex.org/W4312436517","https://openalex.org/W4312969325"],"related_works":["https://openalex.org/W2383958993","https://openalex.org/W3043810321","https://openalex.org/W2560421591","https://openalex.org/W2892115998","https://openalex.org/W2537414278","https://openalex.org/W2796094063","https://openalex.org/W2123075981","https://openalex.org/W1978034799","https://openalex.org/W2062583373","https://openalex.org/W4384518368"],"abstract_inverted_index":{"As":[0],"software":[1,74,105],"vulnerabilities":[2,173],"grow":[3],"in":[4],"volume":[5],"and":[6,23,82,187],"complexity,":[7],"researchers":[8],"proposed":[9,48],"various":[10,63,87],"Artificial":[11],"Intelligence":[12],"(AI)-based":[13],"approaches":[14],"to":[15,20,31,38,62,85,131],"help":[16],"under-resourced":[17,197],"security":[18,27,198],"analysts":[19,28,199],"find,":[21],"detect,":[22],"localize":[24],"vulnerabilities.":[25,202],"However,":[26],"still":[29,57],"have":[30],"spend":[32],"a":[33,71,113],"huge":[34],"amount":[35],"of":[36,90,116,148,169,189],"effort":[37],"manually":[39],"fix":[40],"or":[41],"repair":[42,76,163],"such":[43],"vulnerable":[44],"functions.":[45],"Recent":[46],"work":[47],"an":[49,94],"NMT-based":[50,149],"Automated":[51,150],"Vulnerability":[52,151],"Repair,":[53],"but":[54],"it":[55],"is":[56,119,136],"far":[58],"from":[59,102],"perfect":[60],"due":[61],"limitations.":[64],"In":[65],"this":[66],"paper,":[67],"we":[68,107],"propose":[69],"VulRepair,":[70],"T5-based":[72],"automated":[73],"vulnerability":[75,100,194],"approach":[77],"that":[78,109,133,158],"leverages":[79],"the":[80,145,185],"pre-training":[81],"BPE":[83],"components":[84],"address":[86],"technical":[88],"limitations":[89],"prior":[91],"work.":[92],"Through":[93],"extensive":[95],"experiment":[96],"with":[97],"over":[98],"8,482":[99],"fixes":[101],"1,754":[103],"real-world":[104,171],"projects,":[106],"find":[108],"our":[110,134,159,190],"VulRepair":[111,135,160,191],"achieves":[112],"Perfect":[114],"Prediction":[115],"44%,":[117],"which":[118],"13%-21%":[120],"more":[121,138],"accurate":[122,139],"than":[123,140],"competitive":[124],"baseline":[125,142],"approaches.":[126],"These":[127],"results":[128],"lead":[129],"us":[130],"conclude":[132],"considerably":[137],"two":[141],"approaches,":[143],"highlighting":[144],"substantial":[146],"advancement":[147],"Repairs.":[152],"Our":[153],"additional":[154],"investigation":[155],"also":[156],"shows":[157],"can":[161],"accurately":[162],"as":[164,166],"many":[165],"745":[167],"out":[168],"1,706":[170],"well-known":[172],"(e.g.,":[174],"Use":[175],"After":[176],"Free,":[177],"Improper":[178],"Input":[179],"Validation,":[180],"OS":[181],"Command":[182],"Injection),":[183],"demonstrating":[184],"practicality":[186],"significance":[188],"for":[192],"generating":[193],"repairs,":[195],"helping":[196],"on":[200],"fixing":[201]},"counts_by_year":[{"year":2026,"cited_by_count":8},{"year":2025,"cited_by_count":75},{"year":2024,"cited_by_count":58},{"year":2023,"cited_by_count":26},{"year":2022,"cited_by_count":2}],"updated_date":"2026-03-31T07:56:22.981413","created_date":"2025-10-10T00:00:00"}