3150                                                       软件学报  2025  年第  36  卷第  7  期


                 [30]  Zhou YQ, Liu SQ, Siow J, Du XN, Liu Y. Devign: Effective vulnerability identification by learning comprehensive program semantics
                     via graph neural networks. In: Proc. of the 33rd Conf. on Neural Information Processing Systems. Vancouver: Curran Associates Inc.,
                     2019. 10197–10207.
                 [31]  Feng ZY, Guo DY, Tang DY, Duan N, Feng XC, Gong M, Shou LJ, Qin B, Liu T, Jiang DX, Zhou M. CodeBERT: A pre-trained model
                     for programming and natural languages. In: Findings of the Association for Computational Linguistics: EMNLP 2020. Association for
                     Computational Linguistics, 2020. 1536–1547. [doi: 10.18653/v1/2020.findings-emnlp.139]
                 [32]  Wu YM, Zou DQ, Dou SH, Yang W, Xu D, Jin H. VulCNN: An image-inspired scalable vulnerability detection system. In: Proc. of the
                     44th Int’l Conf. on Software Engineering. Pittsburgh: ACM, 2022. 2365–2376. [doi: 10.1145/3510003.3510229]
                 [33]  Yuan B, Lu YF, Fang YL, Wu YM, Zou DQ, Li Z, Li Z, Jin H. Enhancing deep learning-based vulnerability detection by building
                     behavior graph model. In: Proc. of the 45th IEEE/ACM Int’l Conf. on Software Engineering. Melbourne: IEEE, 2023. 2262–2274. [doi:
                     10.1109/ICSE48619.2023.00190]
                 [34]  Fan JH, Li Y, Wang SH, Nguyen TN. A C/C++ code vulnerability dataset with code changes and CVE summaries. In: Proc. of the 17th
                     Int’l Conf. on Mining Software Repositories. Seoul: ACM, 2020. 508–512. [doi: 10.1145/3379597.3387501]
                 [35]  FFmpeg Security. 2024. https://www.ffmpeg.org/security.html
                 [36]  Croft R, Babar MA, Kholoosi MM. Data quality for software vulnerability datasets. In: Proc. of the 45th IEEE/ACM Int’l Conf. on
                     Software Engineering. Melbourne: IEEE, 2023. 121–133. [doi: 10.1109/ICSE48619.2023.00022]

                 附中文参考文献:
                  [8]  刘剑, 苏璞睿, 杨珉, 和亮, 张源, 朱雪阳, 林惠民. 软件与网络安全研究综述. 软件学报, 2018, 29(1): 42–68. http://www.jos.org.cn/
                     1000-9825/5320.htm [doi: 10.13328/j.cnki.jos.005320]
                  [9]  邵思豪, 高庆, 马森, 段富尧, 马骁, 张世琨, 胡津华. 缓冲区溢出漏洞分析技术研究进展. 软件学报, 2018, 29(5): 1179–1198. http://
                     www.jos.org.cn/1000-9825/5504.htm [doi: 10.13328/j.cnki.jos.005504]
                 [16]  陈可, 鲁辉, 方滨兴, 孙彦斌, 苏申, 田志宏. 自动化渗透测试技术研究综述. 软件学报, 2024, 35(5): 2268–2288. http://www.jos.org.cn/
                     1000-9825/7038.htm [doi: 10.13328/j.cnki.jos.007038]


                             邱少健(1990－), 男, 博士, 讲师, CCF  专业会员,            黄梦阳(1998－), 男, 硕士生, 主要研究领域为软
                            主要研究领域为智能软件工程.                               件可靠性.




                             程嘉濠(1999－), 男, 硕士生, 主要研究领域为机                 黄琼(1982－), 男, 博士, 教授, 博士生导师, CCF
                            器学习, 软件漏洞检测.                                 杰出会员, 主要研究领域为密码学与信息安全.