{"id":"https://openalex.org/W7168031524","doi":"https://doi.org/10.1145/3786583.3786880","title":"Fixing Security Vulnerabilities with Agentic AI in OSS-Fuzz","display_name":"Fixing Security Vulnerabilities with Agentic AI in OSS-Fuzz","publication_year":2026,"publication_date":"2026-04-12","ids":{"openalex":"https://openalex.org/W7168031524","doi":"https://doi.org/10.1145/3786583.3786880"},"language":null,"primary_location":{"id":"doi:10.1145/3786583.3786880","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3786583.3786880","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the IEEE/ACM 48th International Conference on Software Engineering: Software Engineering in Practice","raw_type":"proceedings-article"},"type":"conference-paper","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3786583.3786880","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102920981","display_name":"Yuntong Zhang","orcid":"https://orcid.org/0009-0005-1664-7110"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Yuntong Zhang","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0009-0005-1664-7110","affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114444406","display_name":"Jiawei Wang","orcid":"https://orcid.org/0009-0001-7367-823X"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Jiawei Wang","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0009-0001-7367-823X","affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114638161","display_name":"Dominic Berzin","orcid":null},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Dominic Berzin","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0009-0004-9523-5036","affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060375528","display_name":"\u041c\u0430\u0440\u0442\u0438\u043d \u041c\u0438\u0440\u0447\u0435\u0432","orcid":"https://orcid.org/0000-0001-9145-964X"},"institutions":[{"id":"https://openalex.org/I28490864","display_name":"DSO National Laboratories","ror":"https://ror.org/03e05fb06","country_code":"SG","type":"nonprofit","lineage":["https://openalex.org/I28490864"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Martin Mirchev","raw_affiliation_strings":["SonarSource, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0001-9145-964X","affiliations":[{"raw_affiliation_string":"SonarSource, Singapore, Singapore","institution_ids":["https://openalex.org/I28490864"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5060115298","display_name":"Abhik Roychoudhury","orcid":"https://orcid.org/0000-0002-7127-1137"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Abhik Roychoudhury","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-7127-1137","affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"374","last_page":"384"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.5188000202178955,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.5188000202178955,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.11180000007152557,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.06689999997615814,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.8733000159263611},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.6640999913215637},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.6189000010490417},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.5716000199317932},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.49950000643730164},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.48030000925064087},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.4643000066280365},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.46070000529289246},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.38100001215934753}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.8733000159263611},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.6640999913215637},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6402000188827515},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.6189000010490417},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5954999923706055},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.5716000199317932},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.49950000643730164},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.48030000925064087},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.4643000066280365},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.46070000529289246},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.38100001215934753},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.3797999918460846},{"id":"https://openalex.org/C117447612","wikidata":"https://www.wikidata.org/wiki/Q1412670","display_name":"Software quality","level":4,"score":0.366100013256073},{"id":"https://openalex.org/C202105479","wikidata":"https://www.wikidata.org/wiki/Q265013","display_name":"Software evolution","level":5,"score":0.365200012922287},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.3528999984264374},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.34929999709129333},{"id":"https://openalex.org/C183469790","wikidata":"https://www.wikidata.org/wiki/Q333501","display_name":"Crash","level":2,"score":0.3257000148296356},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.3257000148296356},{"id":"https://openalex.org/C21491501","wikidata":"https://www.wikidata.org/wiki/Q430253","display_name":"Backporting","level":5,"score":0.32179999351501465},{"id":"https://openalex.org/C74579156","wikidata":"https://www.wikidata.org/wiki/Q7554342","display_name":"Software peer review","level":5,"score":0.3133000135421753},{"id":"https://openalex.org/C186846655","wikidata":"https://www.wikidata.org/wiki/Q3398377","display_name":"Software construction","level":4,"score":0.31150001287460327},{"id":"https://openalex.org/C2988343187","wikidata":"https://www.wikidata.org/wiki/Q1130645","display_name":"Open source software","level":3,"score":0.30809998512268066},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.2849000096321106},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.27480000257492065},{"id":"https://openalex.org/C48002344","wikidata":"https://www.wikidata.org/wiki/Q2919644","display_name":"Verification and validation","level":2,"score":0.2653000056743622},{"id":"https://openalex.org/C512654426","wikidata":"https://www.wikidata.org/wiki/Q19652","display_name":"Public domain","level":2,"score":0.2621000111103058},{"id":"https://openalex.org/C82214349","wikidata":"https://www.wikidata.org/wiki/Q657339","display_name":"Software metric","level":5,"score":0.257099986076355},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.2556999921798706}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3786583.3786880","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3786583.3786880","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the IEEE/ACM 48th International Conference on Software Engineering: Software Engineering in Practice","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3786583.3786880","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3786583.3786880","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the IEEE/ACM 48th International Conference on Software Engineering: Software Engineering in Practice","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.49364301562309265,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G1726499989","display_name":null,"funder_award_id":"NRF-NCR25-Fuzz-0001","funder_id":"https://openalex.org/F4320320709","funder_display_name":"National Research Foundation Singapore"},{"id":"https://openalex.org/G3952734959","display_name":null,"funder_award_id":"MOE-MOET32021-0001","funder_id":"https://openalex.org/F4320320751","funder_display_name":"Ministry of Education - Singapore"}],"funders":[{"id":"https://openalex.org/F4320320709","display_name":"National Research Foundation Singapore","ror":"https://ror.org/03cpyc314"},{"id":"https://openalex.org/F4320320751","display_name":"Ministry of Education - Singapore","ror":"https://ror.org/01kcva023"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W2061575154","https://openalex.org/W2128049346","https://openalex.org/W2974889942","https://openalex.org/W2998011150","https://openalex.org/W3049735680","https://openalex.org/W3121734253","https://openalex.org/W3129269689","https://openalex.org/W3134686229","https://openalex.org/W3156480510","https://openalex.org/W3173990398","https://openalex.org/W3183469243","https://openalex.org/W4285490485","https://openalex.org/W4308641648","https://openalex.org/W4385187279","https://openalex.org/W4394769405","https://openalex.org/W4402442868","https://openalex.org/W4411449940","https://openalex.org/W4411551762","https://openalex.org/W4411552133","https://openalex.org/W7103754783"],"related_works":[],"abstract_inverted_index":{"Critical":[0],"open":[1,62,83],"source":[2,54,63,84],"software":[3,36,47,55,64,100],"systems":[4,48],"undergo":[5],"significant":[6,74],"validation":[7,81],"in":[8,49,114],"the":[9,25,35,44,72,102],"form":[10],"of":[11,27,46,66,82],"lengthy":[12],"fuzz":[13,16],"campaigns.":[14],"The":[15],"campaigns":[17],"typically":[18],"conduct":[19],"a":[20],"biased":[21],"random":[22],"search":[23],"over":[24],"domain":[26],"program":[28],"inputs,":[29],"to":[30,42],"find":[31],"inputs":[32],"which":[33],"crash":[34],"system.":[37],"Such":[38],"fuzzing":[39],"is":[40,65,71,111],"useful":[41],"enhance":[43],"security":[45],"general":[50],"since":[51],"even":[52,87],"closed":[53],"may":[56,105],"use":[57],"open-source":[58],"components.":[59],"Hence":[60],"testing":[61],"paramount":[67],"importance.":[68],"Currently":[69],"OSS-Fuzz":[70,89],"most":[73],"and":[75],"widely":[76],"used":[77],"infra-structure":[78],"for":[79],"continuous":[80],"systems.":[85],"Unfortunately":[86],"though":[88],"has":[90],"identified":[91],"more":[92,99],"than":[93],"13,000":[94],"vulnerabilities":[95,104],"across":[96],"1000":[97],"or":[98],"projects,":[101],"detected":[103],"remain":[106],"unpatched,":[107],"as":[108],"vulnerability":[109],"fixing":[110],"often":[112],"manual":[113],"practice.":[115]},"counts_by_year":[],"updated_date":"2026-07-14T23:27:15.235271","created_date":"2026-07-12T00:00:00"}
