[2412.11194] Direction for Detection: A Survey of Automated Vulnerability Detection and all of its Pain Points

Computer Science > Software Engineering arXiv:2412.11194 (cs) [Submitted on 15 Dec 2024 (v1), last revised 7 May 2026 (this version, v2)] Title:Direction for Detection: A Survey of Automated Vulnerability Detection and all of its Pain Points Authors:Dan Ristea, Shae McFadden, Ezzeldin Shereen, Madeleine Dwyer, Sanyam Vyas, Chris Hicks, Vasilios Mavroudis View a PDF of the paper titled Direction for Detection: A Survey of Automated Vulnerability Detection and all of its Pain Points, by Dan Ristea and 6 other authors View PDF Abstract:Security vulnerabilities in software can have severe consequences; however, manual vulnerability detection is costly and does not scale, especially as agentic coding frameworks increase the rate of code production. Over the last decade, a large body of research has applied machine learning machine learning to automate vulnerability detection (ML4AVD), yet self-reported performance on the most popular datasets shows no clear upward trend. The ML4AVD research community has identified several flaws in problem formulations, datasets, and metrics, but these are discussed in isolation, leaving the overarching problems that generate and reinforce these flaws unaddressed. We first systematize the field through a survey of 87 influential works based on their problem formulation, input and detection granularity, target programming languages, evaluation metrics, datasets, and detection approach. Drawing on this corpus and prior empirical work, we identify...