Lyuye Zhang is a final-year PhD candidate. He completed his undergraduate studies at Harbin Engineering University, China in 2016, earning a Bachelor’s degree. In 2018, he furthered his academic pursuits by obtaining a Master of Engineering degree from Nanyang Technological University, Singapore. Currently, he is engaged in a doctoral program at the School of Computer and Science Engineering at Nanyang Technological University, where he is under the esteemed guidance of Professor Yang Liu.

Research Interests

My primary research interests lie in the domains of Software Security and Maintenance, encompassing various aspects such as Open Source Security, Software Supply Chain Security, Open Source Governance, and Software Evolution Analysis. Currently, I am working on LLM-driven software security.

News

• Mar 2025: Our paper “Fixing Outside the Box: Uncovering Tactics for Open-Source Security Issue Management” was accepted by ISSTA 2025.
• Mar 2025: Our paper “Drop the Golden Apples: Identifying Third-Party Reuse by DB-Less Software Composition Analysis” was accepted by FSE-IVR 2025.
• Jan 2025: Our paper “LLMs Meet Library Evolution: Evaluating Deprecated API Usage in LLM-based Code Completion” was accepted by ICSE 2025.
• May 2024: My short paper “Vulnerability Root Cause Function Locating For Java Vulnerabilities” was accepted by ICSE 2024 Student Competition Track.
• Dec 2023: Our paper “Empirical Analysis of Vulnerabilities Life Cycle in Golang Ecosystem” was accepted by ICSE 2024.
• August 2023: Our paper “Software Composition Analysis for Vulnerability Detection: An Empirical Study on Java Projects” was accepted by FSE2023.
• July 2023: Our paper “Mitigating Persistence of Open-Source Vulnerabilities in Maven Ecosystem” was accepted by ASE2023.
• February 2023: Our paper “Compatible Remediation on Vulnerabilities from Third-Party Libraries for Java Projects” received the ACM SIGSOFT Distinguished Paper Award at ICSE2023!
• December 2022: Our paper “Compatible Remediation on Vulnerabilities from Third-Party Libraries for Java Projects” was accepted by ICSE2023.
• December 2022: Our paper “OSSFP: Precise and Scalable C/C++ Third-Party Library Detection using Fingerprinting Functions” was accepted by ICSE2023.
• October 2022: Our paper “Has My Release Disobeyed Semantic Versioning? Static Detection Based on Semantic Differencing” received the ACM SIGSOFT Distinguished Paper Award at ASE2022.
• July 2022: Our paper “Has My Release Disobeyed Semantic Versioning? Static Detection Based on Semantic Differencing for Java” was accepted by ASE2022!

Selected Publications

• ISSTA 2025 Lyuye Zhang, Jiahui Wu, Chengwei Liu, Kaixuan Li, Xiaoyu Sun, Lida Zhao, Chong Wang, and Yang Liu. 2025. Fixing Outside the Box: Uncovering Tactics for Open-Source Security Issue Management. In Proceedings of International Symposium on Software Testing and Analysis (ISSTA ’25). ACM, New York, NY, USA, 24 pages.
• FSE-IVR 2025 Lyuye Zhang, Chengwei Liu*, Jiahui Wu, Shiyang Zhang, Chengyue Liu, Zhengzi Xu, Sen Chen, Yang Liu, “Drop the Golden Apples: Identifying Third-Party Reuse by DB-Less Software Composition Analysis”, In Proceedings of the ACM International Conference on the Foundations of Software Engineering (FSE), 2025.
• ICSE 2025 Chong Wang, Kaifeng Huang, Jian Zhang, Yebo Feng, Lyuye Zhang, Yang Liu, Xin Peng, “LLMs Meet Library Evolution: Evaluating Deprecated API Usage in LLM-based Code Completion”. 47th International Conference on Software Engineering (ICSE 2025).
• Pre-print Lyueye Zhang, Kaixuan Li, Kairan Sun, Daoyuan Wu, Ye Liu, Haoye Tian, and Yang Liu. 2024. “Acfix: Guiding LLMs with mined common RBAC practices for context-aware repair of access control vulnerabilities in smart contracts.” arXiv preprint arXiv:2403.06838 (2024), Preprint
• Pre-print “Llm4vuln: A unified evaluation framework for decoupling and enhancing llms’ vulnerability reasoning”, Yuqiang Sun, Daoyuan Wu, Yue Xue, Han Liu, Wei Ma, Lyuye Zhang, Yang Liu, Yingjiu Li.
• [ICSE-APR 2025] Lyuye Zhang, Jiahui Wu, Chengwei Liu, Kaixuan Li, Sen Chen, and Yang Liu, “Towards Unveiling Vulnerability Remediation Tactics from OSS Community”, Ottawa, Ontario, Canada, In Proceedings of the 6th International Workshop on Automated Program Repair, In conjunction with 47th International Conference on Software Engineering (ICSE 2025), Sun 27 April - Sat 3 May 2025.
• ASE 2023 Lyuye Zhang, Chengwei Liu*, Sen Chen, Zhengzi Xu, Lingling Fan, Lida Zhao, Yiran Zhang, Yang Liu, “Mitigating Persistence of Open-Source Vulnerabilities in Maven Ecosystem”, In Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering, 2023.
• ICSE 2023 Lyuye Zhang, Chengwei Liu*, Zhengzi Xu, Sen Chen, Lingling Fan, Lida Zhao, Jiahui Wu, and Yang Liu, “Compatible Remediation on Vulnerabilities from Third-Party Libraries for Java Projects”, In Proceedings of the 45th International Conference on Software Engineering, 2023. (SIGSOFT Distinguished Paper Award.)
• ASE 2022 Lyuye Zhang, Chengwei Liu, Zhengzi Xu, Sen Chen, Lingling Fan, Bihuan Chen, and Yang Liu, “Has My Release Disobeyed Semantic Versioning? Static Detection Based On Semantic Differencing”, In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, 2022. (SIGSOFT Distinguished Paper Award)
• [FSE 2023] Lida Zhao, Sen Chen, Zhengzi Xu, Chengwei Liu, Lyuye Zhang, Jiahui Wu, Jun Sun, Yang Liu, “Software Composition Analysis for Vulnerability Detection: An Empirical Study on Java Projects”, In Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2023.
• [ICSE 2023] Jiahui Wu, Zhengzi Xu, Wei Tang, Lyuye Zhang, Yueming Wu, Chengyue Liu, Kairan Sun, Lida Zhao, Yang Liu, “Ossfp: Precise and scalable c/c++ third-party library detection using fingerprinting functions”, In Proceedings of the 45th International Conference on Software Engineering, 2023.

Services

======

• APSEC 2024 PC.
• ACSAC 2024 PC.
• Internetware 2024 PC.
• MSR2024 Junior PC.
• CCS2023 AEC.