报告人:张婷
报告地点:淦昌苑D座320
报告时间:2026-07-15 10:00
Title: From Detection to Prevention: Advancing LLM-Based Software Vulnerability Management through Reasoning, Repair, and Secure Generation
Speaker Bio: Ting Zhang is a Lecturer (Assistant Professor) at Monash University, Australia, with research interests in software engineering and cybersecurity. Her work focuses on leveraging large language models to improve software security across the vulnerability lifecycle, from detection and repair to secure code generation. She has published at top venues including ICSE, FSE, ASE, ACL, ICML, TSE and TOSEM, with over 1,200 citations. Prior to joining Monash, she received her PhD from Singapore Management University.
Talk Summary: Software vulnerabilities continue to grow faster than developers can fix them. Large language models (LLMs) offer a promising path toward automating key stages of the vulnerability management lifecycle, but significant challenges remain in reasoning quality, repair correctness, and secure generation. This talk presents a unified research narrative spanning three recent works that address these challenges progressively. First, R2Vul introduces reinforcement learning (RL) from AI feedback with structured reasoning distillation to train small yet effective models for vulnerability detection, demonstrating that contrastive reasoning, distinguishing valid from flawed explanations, yields models that outperform commercial LLMs at a fraction of the cost. Second, SeCuRepair tackles automated vulnerability repair through an RL framework with semantic-aware rewards and curriculum learning, overcoming the syntactic overfitting problem that plagues supervised approaches and enabling reliable multi-hunk patch generation. Third, Stream of Revision rethinks the problem from the ground up by embedding self-correction directly into the code generation process, introducing special action tokens that allow LLMs to detect, localize, and patch vulnerabilities on the fly during a single forward pass, shifting the paradigm from post-hoc repair to real-time prevention. Together, these works trace a path from reactive vulnerability handling to proactive secure code generation, pointing toward a future where AI-assisted development is secure by design.
邀请人:李思远
审核人:郭山清