ML-CSS@ICL

MITRE reports an increase in the number of CVEs submitted yearly since 2016, reflecting the increased threat to the overall security of the software ecosystem. Accordingly, research in software vulnerability detection has steadily grown across a spectrum of approaches such as static analysis, dynamic analysis and machine learning-based detection models. On the other hand, the advancement of deep learning techniques in natural language processing also encourages researchers from the security domain to apply them for vulnerability detection. Since then, numerous deep learning-based vulnerability detectors have been proposed to detect vulnerabilities across multiple programming languages. However, can these vulnerability detectors tackle the problem effectively, or do they lack the core elements that make them accurate and robust detectors? This talk briefly examines the challenges of using deep learning models to detect software vulnerabilities and discusses possible solutions.