Finding and fixing security (or safety) problems of a computer program (or software) are critical, as the problems can endanger the security of the computer program. For example, the problems can include injection attacks within (web) applications such as SQL injection and cross-site scripting (XSS), or private data leaks in mobile applications. When fixing the problems, there can be two conflicting goals: fixing the problems with the smallest possible changes to the existing code, and ensuring that no existing functionality is modified or harmed unintentionally. Additionally, not all findings reported by an automated test tool (e.g., an application security testing tool) are real issues. Thus, a human expert may need to analyze such findings to decide, if the findings need to be fixed or not. Besides large effort, these two conflicting goals also require a highly skilled expert, and thus further increases the costs.