{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,11]],"date-time":"2026-07-11T10:11:47Z","timestamp":1783764707443,"version":"3.55.0"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2026,4,12]],"date-time":"2026-04-12T00:00:00Z","timestamp":1775952000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/501100001459","name":"Ministry of Education - Singapore","doi-asserted-by":"publisher","award":["MOE-MOET32021-0001"],"award-info":[{"award-number":["MOE-MOET32021-0001"]}],"id":[{"id":"10.13039\/501100001459","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001381","name":"National Research Foundation Singapore","doi-asserted-by":"publisher","award":["NRF-NCR25-Fuzz-0001"],"award-info":[{"award-number":["NRF-NCR25-Fuzz-0001"]}],"id":[{"id":"10.13039\/501100001381","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,4,12]]},"DOI":"10.1145\/3786583.3786880","type":"proceedings-article","created":{"date-parts":[[2026,7,11]],"date-time":"2026-07-11T09:12:14Z","timestamp":1783761134000},"page":"374-384","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Fixing Security Vulnerabilities with Agentic AI in OSS-Fuzz"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-1664-7110","authenticated-orcid":false,"given":"Yuntong","family":"Zhang","sequence":"first","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-7367-823X","authenticated-orcid":false,"given":"Jiawei","family":"Wang","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-9523-5036","authenticated-orcid":false,"given":"Dominic","family":"Berzin","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9145-964X","authenticated-orcid":false,"given":"Martin","family":"Mirchev","sequence":"additional","affiliation":[{"name":"SonarSource, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7127-1137","authenticated-orcid":false,"given":"Abhik","family":"Roychoudhury","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2026,7,11]]},"reference":[{"key":"e_1_3_3_2_2_2","doi-asserted-by":"publisher","DOI":"10.1109\/PRDC.2006.18"},{"key":"e_1_3_3_2_3_2","unstructured":"Mike Aizatsky Kostya Serebryany Oliver Chang Abhishek Arya and Meredith Whittaker. 2024. Announcing OSS-Fuzz: Continuous Fuzzing for Open Source Software. https:\/\/testing.googleblog.com\/2016\/12\/announcing-oss-fuzz-continuous-fuzzing.html. Accessed: 2024-10-03."},{"key":"e_1_3_3_2_4_2","unstructured":"The Fluent\u00a0Bit Authors. 2025. Fluent Bit. https:\/\/github.com\/fluent\/fluent-bit. Accessed: 2025-09-29."},{"key":"e_1_3_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1145\/3475960.3475985"},{"key":"e_1_3_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE55347.2025.00157"},{"key":"e_1_3_3_2_7_2","doi-asserted-by":"crossref","unstructured":"M. B\u00f6hme C. Cadar and A. Roychoudhury. 2021. Fuzzing: Challenges and Reflections. IEEE Software 38 3 (2021).","DOI":"10.1109\/MS.2020.3016773"},{"key":"e_1_3_3_2_8_2","unstructured":"Justin Campbell and Mike Walker. 2024. Microsoft announces new Project OneFuzz framework an open source developer tool to find and fix bugs at scale. https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/09\/15\/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs\/. Accessed: 2024-10-03."},{"key":"e_1_3_3_2_9_2","doi-asserted-by":"crossref","unstructured":"Zimin Chen Steve Kommrusch and Martin Monperrus. 2022. Neural transfer learning for repairing security vulnerabilities in c code. IEEE Transactions on Software Engineering 49 1 (2022) 147\u2013165.","DOI":"10.1109\/TSE.2022.3147265"},{"key":"e_1_3_3_2_10_2","unstructured":"Zimin Chen Steve Kommrusch Michele Tufano Louis-No\u00ebl Pouchet Denys Poshyvanyk and Martin Monperrus. 2019. SequenceR: Sequence-to-Sequence Learning for End-to-End Program Repair. IEEE Transaction on Software Engineering (2019)."},{"key":"e_1_3_3_2_11_2","unstructured":"Chromium. 2024. The Chromium Projects - Security Bugs. https:\/\/www.chromium.org\/Home\/chromium-security\/bugs\/. Accessed: 2024-10-03."},{"key":"e_1_3_3_2_12_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSR52588.2021.00026"},{"key":"e_1_3_3_2_13_2","volume-title":"14th USENIX workshop on offensive technologies (WOOT 20)","author":"Fioraldi Andrea","year":"2020","unstructured":"Andrea Fioraldi, Dominik Maier, Heiko Ei\u00dffeldt, and Marc Heuse. 2020. { AFL++} : Combining incremental steps of fuzzing research. In 14th USENIX workshop on offensive technologies (WOOT 20)."},{"key":"e_1_3_3_2_14_2","doi-asserted-by":"publisher","unstructured":"Michael Fu Chakkrit Tantithamthavorn Trung Le Van Nguyen and Dinh Phung. 2022. VulRepair: a T5-based automated software vulnerability repair(ESEC\/FSE 2022). Association for Computing Machinery New York NY USA 935\u2013947. 10.1145\/3540250.3549098","DOI":"10.1145\/3540250.3549098"},{"key":"e_1_3_3_2_15_2","doi-asserted-by":"publisher","unstructured":"Xiang Gao Bo Wang Gregory\u00a0J. Duck Ruyi Ji Yingfei Xiong and Abhik Roychoudhury. 2021. Beyond Tests: Program Vulnerability Repair via Crash Constraint Extraction. ACM Trans. Softw. Eng. Methodol. 30 2 Article 14 (Feb. 2021) 27\u00a0pages. 10.1145\/3418461","DOI":"10.1145\/3418461"},{"key":"e_1_3_3_2_16_2","unstructured":"GitHub. 2024. CodeQL. https:\/\/codeql.github.com\/. Accessed: 2024-10-03."},{"key":"e_1_3_3_2_17_2","volume-title":"addr2line (GNU Binutils)","author":"Project GNU","year":"2024","unstructured":"GNU Project. 2024. addr2line (GNU Binutils). https:\/\/linux.die.net\/man\/1\/addr2line Version 2.40."},{"key":"e_1_3_3_2_18_2","unstructured":"GNU Project. 2024. GNU Debugger (GDB). https:\/\/sourceware.org\/gdb\/. Accessed: 2024-10-02."},{"key":"e_1_3_3_2_19_2","unstructured":"GNU Project. 2024. nm - List symbols from object files (GNU Binutils). https:\/\/linux.die.net\/man\/1\/nm. Accessed: 2024-10-02."},{"key":"e_1_3_3_2_20_2","unstructured":"Google. 2024. AddressSanitizer. https:\/\/github.com\/google\/sanitizers\/wiki\/AddressSanitizer. Accessed: 2024-10-31."},{"key":"e_1_3_3_2_21_2","unstructured":"Google. 2024. MemorySanitizer. https:\/\/github.com\/google\/sanitizers\/wiki\/MemorySanitizer. Accessed: 2024-10-31."},{"key":"e_1_3_3_2_22_2","unstructured":"Google. 2025. Honggfuzz. https:\/\/github.com\/google\/honggfuzz."},{"key":"e_1_3_3_2_23_2","unstructured":"Google. 2025. OSS Fuzz Issue Tracker. https:\/\/issues.oss-fuzz.com\/issues. Accessed: 2025-09-29."},{"key":"e_1_3_3_2_24_2","doi-asserted-by":"crossref","unstructured":"C.\u00a0Le Goues M. Pradel and A. Roychoudhury. 2019. Automated Program Repair. Commun. ACM 62 (2019). Issue 12.","DOI":"10.1145\/3318162"},{"key":"e_1_3_3_2_25_2","unstructured":"Jiawei Gu Xuhui Jiang Zhichao Shi Hexiang Tan Xuehao Zhai Chengjin Xu Wei Li Yinghan Shen Shengjie Ma Honghao Liu et\u00a0al. 2024. A survey on llm-as-a-judge. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2411.15594 (2024)."},{"key":"e_1_3_3_2_26_2","unstructured":"Zhaoqiang Guo Tingting Tan Shiran Liu Xutong Liu Wei Lai Yibiao Yang Yanhui Li Lin Chen Wei Dong and Yuming Zhou. 2023. Mitigating false positive static analysis warnings: Progress challenges and opportunities. IEEE Transactions on Software Engineering (2023)."},{"key":"e_1_3_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00071"},{"key":"e_1_3_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00107"},{"key":"e_1_3_3_2_29_2","volume-title":"AI-powered patching: the future of automated vulnerability fixes","author":"Keller Jan","year":"2024","unstructured":"Jan Keller and Jan Nowakowski. 2024. AI-powered patching: the future of automated vulnerability fixes. Technical Report."},{"key":"e_1_3_3_2_30_2","first-page":"4401","volume-title":"34th USENIX Security Symposium (USENIX Security 25)","author":"Kim Youngjoon","year":"2025","unstructured":"Youngjoon Kim, Sunguk Shin, Hyoungshick Kim, and Jiwon Yoon. 2025. Logs In, Patches Out: Automated Vulnerability Repair via { Tree-of-Thought}{ LLM} Analysis. In 34th USENIX Security Symposium (USENIX Security 25). 4401\u20134419."},{"key":"e_1_3_3_2_31_2","unstructured":"Open Asset\u00a0Import Library. 2025. Open Asset Import Library (assimp). https:\/\/github.com\/assimp\/assimp. Accessed: 2025-09-29."},{"key":"e_1_3_3_2_32_2","unstructured":"Xiang Mei Pulkit\u00a0Singh Singaria Jordi Del\u00a0Castillo Haoran Xi Tiffany Bao Ruoyu Wang Yan Shoshitaishvili Adam Doup\u00e9 Hammond Pearce Brendan Dolan-Gavitt et\u00a0al. 2024. ARVO: Atlas of Reproducible Vulnerabilities for Open Source Software. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2408.02153 (2024)."},{"key":"e_1_3_3_2_33_2","first-page":"4481","volume-title":"34th USENIX Security Symposium (USENIX Security 25)","author":"Nong Yu","year":"2025","unstructured":"Yu Nong, Haoran Yang, Long Cheng, Hongxin Hu, and Haipeng Cai. 2025. { APPATCH} : Automated Adaptive Prompting Large Language Models for { Real-World} Software Vulnerability Patching. In 34th USENIX Security Symposium (USENIX Security 25). 4481\u20134500."},{"key":"e_1_3_3_2_34_2","unstructured":"OSS-Fuzz. 2024. OSS-Fuzz. https:\/\/google.github.io\/oss-fuzz\/. Accessed: 2024-10-03."},{"key":"e_1_3_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179324"},{"key":"e_1_3_3_2_36_2","unstructured":"LLVM Project. 2024. libFuzzer \u2013 a library for coverage-guided fuzz testing. https:\/\/llvm.org\/docs\/LibFuzzer.html. Accessed: 2024-10-03."},{"key":"e_1_3_3_2_37_2","unstructured":"LibTIFF project. 2025. LibTIFF: TIFF Library and Utilities. https:\/\/gitlab.com\/libtiff\/libtiff. Accessed: 2025-09-29."},{"key":"e_1_3_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE55347.2025.00080"},{"key":"e_1_3_3_2_39_2","unstructured":"Semgrep. 2024. Semgrep. https:\/\/semgrep.dev\/. Accessed: 2024-10-03."},{"key":"e_1_3_3_2_40_2","unstructured":"Skybox. 2024. Vulnerability & Threat Trends Report 2024. Accessed: 2024-10-03."},{"key":"e_1_3_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786825"},{"key":"e_1_3_3_2_42_2","unstructured":"The\u00a0Clang Team. 2024. UndefinedBehaviorSanitizer. https:\/\/clang.llvm.org\/docs\/UndefinedBehaviorSanitizer.html. Accessed: 2024-10-25."},{"key":"e_1_3_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/3324884.3416590"},{"key":"e_1_3_3_2_44_2","unstructured":"WizardMac. 2025. ReadStat: Read (and write) data sets from SAS Stata and SPSS. https:\/\/github.com\/WizardMac\/ReadStat. Accessed: 2025-09-29."},{"key":"e_1_3_3_2_45_2","doi-asserted-by":"crossref","unstructured":"Chunqiu\u00a0Steven Xia Yinlin Deng Soren Dunn and Lingming Zhang. 2025. Demystifying llm-based software engineering agents. Proceedings of the ACM on Software Engineering 2 FSE (2025) 801\u2013824.","DOI":"10.1145\/3715754"},{"key":"e_1_3_3_2_46_2","doi-asserted-by":"crossref","unstructured":"John Yang Carlos\u00a0E Jimenez Alexander Wettig Kilian Lieret Shunyu Yao Karthik Narasimhan and Ofir Press. 2024. Swe-agent: Agent-computer interfaces enable automated software engineering. Advances in Neural Information Processing Systems 37 (2024) 50528\u201350652.","DOI":"10.52202\/079017-1601"},{"key":"e_1_3_3_2_47_2","volume-title":"Proceedings of the 34th USENIX Security Symposium (USENIX Security\u201925), Seattle, WA, USA","author":"Yu Zheng","year":"2025","unstructured":"Zheng Yu, Ziyi Guo, Yuhang Wu, Jiahao Yu, Meng Xu, Dongliang Mu, Yan Chen, and Xinyu Xing. 2025. Patchagent: A practical program repair agent mimicking human expertise. In Proceedings of the 34th USENIX Security Symposium (USENIX Security\u201925), Seattle, WA, USA."},{"key":"e_1_3_3_2_48_2","unstructured":"Michal Zalewski. 2024. Technical \"whitepaper\" for afl-fuzz. https:\/\/lcamtuf.coredump.cx\/afl\/technical_details.txt. Accessed: 2024-10-03."},{"key":"e_1_3_3_2_49_2","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534387"},{"key":"e_1_3_3_2_50_2","doi-asserted-by":"publisher","DOI":"10.1145\/3650212.3680384"},{"key":"e_1_3_3_2_51_2","unstructured":"Han Zheng Ilia Shumailov Tianqi Fan Aiden Hall and Mathias Payer. 2025. Fixing 7 400 Bugs for 1$: Cheap Crash-Site Program Repair. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2505.13103 (2025)."},{"key":"e_1_3_3_2_52_2","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639222"}],"event":{"name":"ICSE-SEIP '26: 2026 IEEE\/ACM 48th International Conference on Software Engineering","location":"Rio de Janeiro Brazil","acronym":"ICSE-SEIP '26","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS","Faculty of Engineering of University of Porto"]},"container-title":["Proceedings of the IEEE\/ACM 48th International Conference on Software Engineering: Software Engineering in Practice"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3786583.3786880","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,7,11]],"date-time":"2026-07-11T09:15:08Z","timestamp":1783761308000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3786583.3786880"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,12]]},"references-count":51,"alternative-id":["10.1145\/3786583.3786880","10.1145\/3786583"],"URL":"https:\/\/doi.org\/10.1145\/3786583.3786880","relation":{},"subject":[],"published":{"date-parts":[[2026,4,12]]},"assertion":[{"value":"2026-07-11","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}