English
Related papers

Related papers: Java Components Vulnerabilities - An Experimental …

200 papers
Impact assessment for vulnerabilities in open-source software libraries

Software applications integrate more and more open-source software (OSS) to benefit from code reuse. As a drawback, each vulnerability discovered in bundled OSS potentially affects the application. Upon the disclosure of every new…

Cryptography and Security · Computer Science 2025-03-18 Henrik Plate , Serena Elisa Ponta , Antonino Sabetta
Towards a Formalization of the OSGi Component Framework

We present a formalization of the OSGi component framework. Our formalization is intended to be used as a basis for describing behavior of OSGi based systems. Furthermore, we describe specification formalisms for describing properties of…

Software Engineering · Computer Science 2015-03-20 Jan Olaf Blech
Secure Component Deployment in the OSGi(tm) Release 4 Platform

Last years have seen a dramatic increase in the use of component platforms, not only in classical application servers, but also more and more in the domain of Embedded Systems. The OSGi(tm) platform is one of these platforms dedicated to…

Cryptography and Security · Computer Science 2016-08-16 Pierre Parrend , Stéphane Frénot
Towards a Framework for Behavioral Specifications of OSGi Components

We present work on behavioral specifications of OSGi components. Our behavioral specifications are based on finite automata like formalisms. Behavioral specifications can be used to find appropriate components to interact with, detect…

Software Engineering · Computer Science 2013-02-22 Jan Olaf Blech
Detection of Configuration Vulnerabilities in Distributed (Web) Environments

Many tools and libraries are readily available to build and operate distributed Web applications. While the setup of operational environments is comparatively easy, practice shows that their continuous secure operation is more difficult to…

Cryptography and Security · Computer Science 2012-07-13 Matteo Maria Casalino , Michele Mangili , Henrik Plate , Serena Elisa Ponta
Vulnerability Coverage as an Adequacy Testing Criterion

Mainstream software applications and tools are the configurable platforms with an enormous number of parameters along with their values. Certain settings and possible interactions between these parameters may harden (or soften) the security…

Software Engineering · Computer Science 2020-06-17 Shuvalaxmi Dass , Akbar Siami Namin
Secure Coding Practices in Java: Challenges and Vulnerabilities

Java platform and third-party libraries provide various security features to facilitate secure coding. However, misusing these features can cost tremendous time and effort of developers or cause security vulnerabilities in software. Prior…

Cryptography and Security · Computer Science 2017-09-29 Na Meng , Stefan Nagy , Daphne Yao , Wenjie Zhuang , Gustavo Arango Argoty
On Behavioral Types for OSGi: From Theory to Implementation

This report presents our work on behavioral types for OSGi component systems. It extends previously published work and presents features and details that have not yet been published. In particular, we cover a discussion on behavioral types…

Software Engineering · Computer Science 2013-06-27 Jan Olaf Blech , Harald Rueß , Bernhard Schätz
Vulnerable Open Source Dependencies: Counting Those That Matter

BACKGROUND: Vulnerable dependencies are a known problem in today's open-source software ecosystems because OSS libraries are highly interconnected and developers do not always update their dependencies. AIMS: In this paper we aim to present…

Software Engineering · Computer Science 2018-08-30 Ivan Pashchenko , Henrik Plate , Serena Elisa Ponta , Antonino Sabetta , Fabio Massacci
A Mixed-Methods Study of Open-Source Software Maintainers On Vulnerability Management and Platform Security Features

In open-source software (OSS), software vulnerabilities have significantly increased. Although researchers have investigated the perspectives of vulnerability reporters and OSS contributor security practices, understanding the perspectives…

Software Engineering · Computer Science 2025-02-04 Jessy Ayala , Yu-Jye Tung , Joshua Garcia
Trust, but Verify: Evaluating Developer Behavior in Mitigating Security Vulnerabilities in Open-Source Software Projects

This study investigates vulnerabilities in dependencies of sampled open-source software (OSS) projects, the relationship between these and overall project security, and how developers' behaviors and practices influence their mitigation.…

Cryptography and Security · Computer Science 2024-08-27 Janislley Oliveira de Sousa , Bruno Carvalho de Farias , Eddie Batista de Lima Filho , Lucas Carvalho Cordeiro
Beyond Metadata: Code-centric and Usage-based Analysis of Known Vulnerabilities in Open-source Software

The use of open-source software (OSS) is ever-increasing, and so is the number of open-source vulnerabilities being discovered and publicly disclosed. The gains obtained from the reuse of community-developed libraries may be offset by the…

Cryptography and Security · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta
Automated Debugging In Java Using OCL And JDI

Correctness constraints provide a foundation for automated debugging within object-oriented systems. This paper discusses a new approach to incorporating correctness constraints into Java development environments. Our approach uses the…

Software Engineering · Computer Science 2007-05-23 David J. Murray , Dale E. Parson
SAVANT: Vulnerability Detection in Application Dependencies through Semantic-Guided Reachability Analysis

The integration of open-source third-party library dependencies in Java development introduces significant security risks when these libraries contain known vulnerabilities. Existing Software Composition Analysis (SCA) tools struggle to…

Software Engineering · Computer Science 2025-07-25 Wang Lingxiang , Quanzhi Fu , Wenjia Song , Gelei Deng , Yi Liu , Dan Williams , Ying Zhang
JavaVFC: Java Vulnerability Fixing Commits from Open-source Software

We present a comprehensive dataset of Java vulnerability-fixing commits (VFCs) to advance research in Java vulnerability analysis. Our dataset, derived from thousands of open-source Java projects on GitHub, comprises two variants: JavaVFC…

Software Engineering · Computer Science 2024-09-10 Tan Bui , Yan Naing Tun , Yiran Cheng , Ivana Clairine Irsan , Ting Zhang , Hong Jin Kang
Causative Insights into Open Source Software Security using Large Language Code Embeddings and Semantic Vulnerability Graph

Open Source Software (OSS) security and resilience are worldwide phenomena hampering economic and technological innovation. OSS vulnerabilities can cause unauthorized access, data breaches, network disruptions, and privacy violations,…

Software Engineering · Computer Science 2024-01-17 Nafis Tanveer Islam , Gonzalo De La Torre Parra , Dylan Manual , Murtuza Jadliwala , Peyman Najafirad
An Empirical Study on Bug Severity Estimation using Source Code Metrics and Static Analysis

In the past couple of decades, significant research efforts have been devoted to the prediction of software bugs (i.e., defects). In general, these works leverage a diverse set of metrics, tools, and techniques to predict which classes,…

Software Engineering · Computer Science 2024-08-06 Ehsan Mashhadi , Shaiful Chowdhury , Somayeh Modaberi , Hadi Hemmati , Gias Uddin
Automatically Assessing Vulnerabilities Discovered by Compositional Analysis

Testing is the most widely employed method to find vulnerabilities in real-world software programs. Compositional analysis, based on symbolic execution, is an automated testing method to find vulnerabilities in medium- to large-scale…

Software Engineering · Computer Science 2018-07-25 Saahil Ognawala , Ricardo Nales Amato , Alexander Pretschner , Pooja Kulkarni
A Novel Model for Vulnerability Analysis through Enhanced Directed Graphs and Quantitative Metrics

Industrial components are of high importance because they control critical infrastructures that form the lifeline of modern societies. However, the rapid evolution of industrial components, together with the new paradigm of Industry 4.0,…

Cryptography and Security · Computer Science 2022-03-16 Ángel Longueira-Romero , Rosa Iglesias , Jose Luis Flores , Iñaki Garitano
What's in a Package? Getting Visibility Into Dependencies Using Security-Sensitive API Calls

Knowing what sensitive resources a dependency could potentially access would help developers assess the risk of a dependency before selection. One way to get an understanding of the potential sensitive resource usage by a dependency is…

Cryptography and Security · Computer Science 2025-03-19 Imranur Rahman , Ranidya Paramitha , Henrik Plate , Dominik Wermke , Laurie Williams
‹ Prev 1 2 3 10 Next ›