Detect Treble, GSI, Mainline, APEX, system-as-root(SAR), A/B, etc.

The official repository of "GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics". The paper will appear in the IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, May 22-26, 2023.

The public dataset in the paper "PatchDB: A Large-Scale Security Patch Dataset". This paper appears in the 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Online, June 21-24, 2021.

PatchFinder: A Two-Phase Approach to Security Patch Tracing for Disclosed Vulnerabilities in Open Source Software (ISSTA 2024)

QualvoSec is a minimalistic security patch management tool for unattended upgrades on Linux and BSD based systems that are obtaining their packages from a distribution based repository.

A demo program of security patch identification using the RNN model, which is demonstrated in the paper "PatchRNN: A Deep Learning-Based System for Security Patch Identification". This paper appears in the 2021 IEEE/AFCEA Military Communications Conference (MILCOM 2021), San Diego, USA, November 29–December 2, 2021.

Hackathor 2020 Contest Project

A Demo Program of Security Patch Identification with Graph Neural Networks.

Oversampling operations on security/non-security patches. This method is described in the paper "PatchDB: A Large-Scale Security Patch Dataset", which appears in 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2021), Taipei, June 21-24, 2021, pp. 149-160.

Data clearance for security patches and non-security patches. This method is described as Nearest Link Search in the paper "PatchDB: A Large-Scale Security Patch Dataset", which appears in 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2021), Taipei, June 21-24, 2021, pp. 149-160.

Patch oversampling (synthesis) with direct patch analysis. This is an alternative solution to the PatchOversampling repository, providing a simpler and more direct way to synthesize patches. The original oversampling method is described in the DSN'21 paper "PatchDB: A Large-Scale Security Patch Dataset".

The source code in the paper "PatchRNN: A Deep Learning-Based System for Security Patch Identification". This paper appears in the 2021 IEEE/AFCEA Military Communications Conference (MILCOM 2021), San Diego, USA, November 29–December 2, 2021.

RNN-based security patch identification with oversampling samples. This is an extension code in the MILCOM'21 paper "PatchRNN: A Deep Learning-Based System for Security Patch Identification".

Security Patch Identification with Classical Machine Learning Algorithms.

Paimon: Patch Identification Monster (extended version of GraphSPD)

A security patch for eggdrop based on the eggdrop1.1.6 hybrid(core) patch.

Source Code for 'Pro Spring Security, 2nd Edition' by Carlo Scarioni and Massimo Nardone