English
Related papers

Related papers: Java Components Vulnerabilities - An Experimental …

200 papers

Nowadays, more and more applications require OSGi to have some form of real-time support, which is currently very limited. The resulting closed-system solutions lack of a standard management scheme which forbids standard, system-wide…

Software Engineering · Computer Science 2015-08-25 Ning Gui , Vincenzo De Florio , Hong Sun , Chris Blondia

Context: Static Application Security Testing Tools (SASTTs) identify software vulnerabilities to support the security and reliability of software applications. Interestingly, several studies have suggested that alternative solutions may be…

Software Engineering · Computer Science 2024-03-15 Matteo Esposito , Valentina Falaschi , Davide Falessi

The ever increasing complexity of hardware platforms poses a challenge to systems programmers. Correctly programming a multitude of components, providing functionality and security, is difficult: semantics of individual units are described…

Cryptography and Security · Computer Science 2026-04-21 Ben Fiedler , Samuel Gruetter , Timothy Roscoe

Automated vulnerability detection tools are widely used to identify security vulnerabilities in software dependencies. However, the evaluation of such tools remains challenging due to the heterogeneous structure of vulnerability data…

Software Engineering · Computer Science 2026-04-24 Peter Mandl , Paul Mandl , Martin Häusl , Maximilian Auch

Developers create modern software applications (Apps) on top of third-party libraries (Libs). When library vulnerabilities are reachable through application code, the applications can be vulnerable to software supply chain attacks. Prior…

Cryptography and Security · Computer Science 2026-05-06 Shravya Kanchi , Xiaoyan Zang , Ying Zhang , Danfeng Yao , Na Meng

Vulnerabilities in open-source operating systems (OSs) pose substantial security risks to software systems, making their detection crucial. While fuzzing has been an effective vulnerability detection technique in various domains, OS fuzzing…

Operating Systems · Computer Science 2026-01-21 Kun Hu , Qicai Chen , Wenzhuo Zhang , Zilong Lu , Bihuan Chen , You Lu , Haowen Jiang , Bingkun Sun , Xin Peng , Wenyun Zhao

The lack of reliable sources of detailed information on the vulnerabilities of open-source software (OSS) components is a major obstacle to maintaining a secure software supply chain and an effective vulnerability management process.…

Cryptography and Security · Computer Science 2025-03-18 Antonino Sabetta , Michele Bezzi

Open-source software (OSS) greatly facilitates program development for developers. However, the high number of vulnerabilities in open-source software is a major concern, including in Golang, a relatively new programming language. In…

Software Engineering · Computer Science 2024-01-18 Jinchang Hu , Lyuye Zhang , Chengwei Liu , Sen Yang , Song Huang , Yang Liu

The Java programming language contains many features that aid component-based software development (CBSD), such as interfaces, visibility levels, and strong support for encapsulation. However, component evolution often causes so-called…

Programming Languages · Computer Science 2011-06-10 Johan Nyström-Persson , Shinichi Honiden

This paper is an introductory discussion on the cause of open source software vulnerabilities, their importance in the cybersecurity ecosystem, and a selection of detection methods. A recent application security report showed 44% of…

Cryptography and Security · Computer Science 2022-03-31 Stuart Millar

Software vulnerabilities remain a significant risk factor in achieving security objectives within software development organizations. This is especially true where either proprietary or open-source software (OSS) is included in the…

Software Engineering · Computer Science 2025-09-23 James J. Cusick

The sources of reliable, code-level information about vulnerabilities that affect open-source software (OSS) are scarce, which hinders a broad adoption of advanced tools that provide code-level detection and assessment of vulnerable OSS…

Software Engineering · Computer Science 2021-05-10 Therese Fehrer , Rocío Cabrera Lozoya , Antonino Sabetta , Dario Di Nucci , Damian A. Tamburri

Web applications are becoming more ubiquitous. All manner of physical devices are now connected and often have a variety of web applications and web-interfaces. This proliferation of web applications has been accompanied by an increase in…

Cryptography and Security · Computer Science 2022-09-19 Onyeka Ezenwoye , Yi Liu

Context: Dependency Injection (DI) is a commonly applied mechanism to decouple classes from their dependencies in order to provide higher modularization. However, bad DI practices often lead to negative consequences, such as increasing…

Software Engineering · Computer Science 2021-10-19 Rodrigo Laigner , Diogo Mendonça , Alessandro Garcia , Marcos Kalinowski

Paisley is an extensible lightweight embedded domain-specific language for nondeterministic pattern matching in Java. Using simple APIs and programming idioms, it brings the power of functional-logic processing of arbitrary data objects to…

Programming Languages · Computer Science 2017-01-04 Baltasar Trancón y Widemann , Markus Lepper

Modern software systems are developed in diverse programming languages and often harbor critical vulnerabilities that attackers can exploit to compromise security. These vulnerabilities have been actively targeted in real-world attacks,…

Cryptography and Security · Computer Science 2025-03-27 Zhuoyun Qian , Fangtian Zhong , Qin Hu , Yili Jiang , Jiaqi Huang , Mengfei Ren , Jiguo Yu

Eliminating vulnerabilities from low-level code is vital for securing software. Static analysis is a promising approach for discovering vulnerabilities since it can provide developers early feedback on the code they write. But, it presents…

Cryptography and Security · Computer Science 2016-04-07 Bhargava Shastry , Fabian Yamaguchi , Konrad Rieck , Jean-Pierre Seifert

Embodied AI systems, including robots and autonomous vehicles, are increasingly integrated into real-world applications, where they encounter a range of vulnerabilities stemming from both environmental and system-level factors. These…

Cryptography and Security · Computer Science 2025-02-26 Wenpeng Xing , Minghao Li , Mohan Li , Meng Han

In this paper we focus on exploiting a specification and the structures that satisfy it, to obtain a means of comparing implemented and expected behaviours and find the origin of faults in implementations. We present an approach to the…

Software Engineering · Computer Science 2013-03-06 Isabel Nunes , Filipe Luís

Automated detection of software vulnerabilities remains a critical challenge in software security. Log4j is an industrial-grade Java logging framework listed as one of the top 100 critical open source projects. On Dec. 10, 2021 a severe…

Software Engineering · Computer Science 2026-01-05 Victor Wen , Zedong Peng