US 12,443,719 B2
False positive vulnerability detection using neural transformers
Colin Bruce Clement, Seattle, WA (US); Matthew Glenn Jin, Seattle, WA (US); Anant Girish Kharkar, Huntersville, NC (US); Xiaoyu Liu, Sammamish, WA (US); Xin Shi, Kirkland, WA (US); Neelakantan Sundaresan, Bellevue, WA (US); and Roshanak Zilouchian Moghaddam, Kirkland, WA (US)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by MICROSOFT TECHNOLOGY LICENSING, LLC., Redmond, WA (US)
Filed on Mar. 4, 2022, as Appl. No. 17/687,529.
Prior Publication US 2023/0281317 A1, Sep. 7, 2023
Int. Cl. G06F 21/57 (2013.01); G06F 8/75 (2018.01); G06N 3/10 (2006.01)
CPC G06F 21/577 (2013.01) [G06F 8/75 (2013.01); G06N 3/10 (2013.01); G06F 2221/033 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system comprising:
one or more processors coupled to a memory; and
one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs including instructions to performs actions that:
obtain a source code program in an editing session of a software development environment having an identified software vulnerability of an identified vulnerability type;
extract features from the source code program representing a context of the identified software vulnerability, wherein the extracted features include a method containing the identified software vulnerability and the identified vulnerability type;
cause a deep learning model, given the extracted features, to determine whether the software vulnerability is a false positive, wherein the deep learning model is trained to identify, for the identified vulnerability type, whether the identified software vulnerability is a false positive; and
upon the deep learning model determining that the identified software vulnerability is a false positive, utilize the source code program in the software development environment.