Common Weakness Enumeration
PulseAugur coverage of Common Weakness Enumeration — every cluster mentioning Common Weakness Enumeration across labs, papers, and developer communities, ranked by signal.
6 day(s) with sentiment data
-
New benchmarks released for LLM-based Java and Rust vulnerability detection
Two new benchmarks, JavaVulBench and RustMizan, have been released to evaluate the capabilities of large language models in detecting software vulnerabilities. JavaVulBench focuses on Java methods and includes over 1,74…
-
AVE clarified: AI agent weaknesses classified like CWE, not CVE
The author clarifies that AVE (Agent Vulnerability Enumeration) is more akin to CWE (Common Weakness Enumeration) than CVE (Common Vulnerabilities and Exposures). Unlike CVEs, which identify specific flaws in particular…
-
Developer seeks feedback on novel LLM vulnerability detection benchmark
A developer has created a benchmark system designed to test Large Language Models' (LLMs) ability to detect vulnerabilities in code, even when the code is obfuscated and includes misleading comments. The system uses Jul…
-
Syscall-based HIDS generalization to unseen CVEs shows mixed results
Researchers explored the generalization capabilities of system-call based Host Intrusion Detection Systems (HIDS). They investigated whether a HIDS trained on normal behavior for specific Common Vulnerabilities and Expo…
-
Syscall-based HIDS generalisation tested across CVEs and CWEs
Researchers have investigated the generalizability of Host Intrusion Detection Systems (HIDS) that utilize syscall traces. The study empirically tested whether anomaly detectors trained on known Common Vulnerabilities a…
-
Developer integrates OWASP security audits into Claude Code workflow
A developer has created a custom command for Claude Code to perform automated security audits on files before deployment. This command prompts Claude to identify specific vulnerabilities such as SQL injection, cross-sit…
-
New SPARK system enhances LLM secure code generation
Researchers have developed SPARK, a novel inference-time system designed to improve the security of code generated by large language models. SPARK addresses the issue of LLMs producing code with vulnerabilities by activ…
-
LLM framework automates vulnerability analysis reports
Researchers have developed RAVEN, a framework that uses Large Language Models (LLMs) and Retrieval Augmented Generation (RAG) to automatically create detailed vulnerability analysis reports. RAVEN synthesizes reports ba…
-
AI-generated code security remains a concern despite advanced prompting
New research indicates that while advanced prompting techniques can influence the types of security vulnerabilities present in AI-generated code, they do not reliably reduce the overall number or severity of these issue…
-
CyberSecQwen-4B: Small, specialized model offers local defense for cybersecurity
A new, specialized language model named CyberSecQwen-4B has been developed for defensive cybersecurity tasks. This model is designed to be small, runnable locally, and handle sensitive data without needing external APIs…
-
CWE 4.20 release adds new view for AI-related security weaknesses
The Common Weakness Enumeration (CWE) program has released version 4.20, introducing a new view specifically designed to group common weaknesses related to artificial intelligence. This update also incorporates communit…
-
FixV2W uses knowledge graph embeddings to improve CVE-CWE mapping accuracy
Researchers have developed FixV2W, a novel method to enhance the accuracy of mappings between Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) entries. This approach utilizes knowledge gr…
-
Multi-agent AI architecture enhances code vulnerability detection cost-effectively
Researchers have developed a novel heterogeneous multi-agent architecture for detecting code vulnerabilities more efficiently. This system combines multiple cloud-based LLM experts with a local verifier, inspired by gam…
-
Anthropic's Mythos security claims face scrutiny over marketing vs. reality
A critical analysis suggests Anthropic's claims about its Claude Mythos Preview's security capabilities are largely unsubstantiated marketing. The author found the system card to be excessively long and lacking in speci…