Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
IEEE

Finetuning Large Language Models for Vulnerability Detection

Abstract: This paper presents the results of finetuning large language models (LLMs) for the task of detecting vulnerabilities in Java source code. We leverage WizardCoder, a recent improvement of the ...

Cracking the code: How a 'prediction machine' is resurrecting the Singapore Stone

Several years ago, my linguistic research team and I began developing a computational tool we call "Read-y Grammarian." Our ...

Dark Sky Technology Announces Air-Gapped SBOM Generation for Mixed-Code Development Environments with Bulletproof Trust™

New capability delivers compliant, rich, analysis-ready SBOMs from a single folder-based workflow—even for mixed and ...

Amazon insists AI coding isn't source of outages

Writing for The Register last month, Corey Quinn, chief cloud economist at Duckbill, expressed disbelief at the company's assertion that AI was not to blame in the February outage. "AWS would rather ...

AI is getting scary good at finding hidden software bugs - even in decades-old code

Researchers have found that LLM-driven bug finding is not a drop-in replacement for mature static analysis pipelines. Studies comparing AI coding agents to human developers show that while AI can be ...
IEEE

Static Analysis as a Feedback Loop: Enhancing LLM-Generated Code Beyond Correctness

Abstract: Large language models (LLMs) have demonstrated impressive capabilities in code generation, achieving high scores on benchmarks such as HumanEval and MBPP. However, these benchmarks primarily ...