Abstract: Identifying and resolving weaknesses in software are common, resource-intensive tasks for many organizations. Machine-learning models are provided to automatically identify software vulnerabilities or other flaws, such as via entries in a weakness or vulnerability database, identify affected software, generate patches to resolve the vulnerabilities, and apply the patch to affected software. The patch is automatically extracted from code deltas between a software version having the weakness and a subsequent version wherein the weakness has been resolved. Other differences between the versions, not affecting the weakness, are excluded from the code deltas.

Abstract: In some examples, a method may include detecting a vulnerability in an application during execution on a first computing device. The method may include triggering a breakpoint based on the detecting, thereby pausing the execution of the application before execution of a portion of code that exploits the vulnerability. The method may include communicating a message indicating occurrence of the breakpoint. The method may include receiving a connection request from a second computing device in response to the message. The method may include resuming execution of the application from the breakpoint subject to a signal from the second computing device.

Abstract: In some examples, a method may include detecting a vulnerability in an application during execution on a first computing device. The method may include triggering a breakpoint based on the detecting, thereby pausing the execution of the application before execution of a portion of code that exploits the vulnerability. The method may include communicating a message indicating occurrence of the breakpoint. The method may include receiving a connection request from a second computing device in response to the message. The method may include resuming execution of the application from the breakpoint subject to a signal from the second computing device.

Abstract: A technique includes receiving data representing issues identified in a security scan of an application and features associated with the issues. The technique includes processing the data in a processor-based machine to selectively assign classifiers to the security issues based at least in part on the features. The technique includes using the assigned classifiers to classify the issues.