1. VCC-Finder is a tool that uses machine learning to identify Vulnerability-Contributing Commits (VCCs) in open source projects from version control histories like Git in order to assist code audits. 2. It analyzed 66 open source projects written in C and C++ with over 170,000 commits total, and identified 640 VCCs corresponding to 718 CVEs, with a precision of 99% compared to existing static analysis tools. 3. The tool works by representing commits as bag-of-words models of code changes based on identifiers, then using a linear SVM classifier trained on prior VCCs to label new commits as vulnerability-contributing or not. This