English
Related papers

Related papers: Enforcing Secure Object Initialization in Java

200 papers

This study investigates vulnerabilities in dependencies of sampled open-source software (OSS) projects, the relationship between these and overall project security, and how developers' behaviors and practices influence their mitigation.…

Cryptography and Security · Computer Science 2024-08-27 Janislley Oliveira de Sousa , Bruno Carvalho de Farias , Eddie Batista de Lima Filho , Lucas Carvalho Cordeiro

Default configuration of various software applications often neglects security objectives. We tested the default configuration of TLS in dozen web and application servers. The results show that "secure by default" principle should be…

Cryptography and Security · Computer Science 2017-08-28 Martin Stanek

Many Java applications instantiate objects within the Java heap that are persistent but seldom if ever referenced by the application. Examples include strings, such as error messages, and collections of value objects that are preloaded for…

Programming Languages · Computer Science 2015-08-20 Kim T. Briggs , Baoguo Zhou , Gerhard W. Dueck

Compartmentalization is good security-engineering practice. By breaking a large software system into mutually distrustful components that run with minimal privileges, restricting their interactions to conform to well-defined interfaces, we…

Cryptography and Security · Computer Science 2017-04-18 Yannis Juglaret , Catalin Hritcu , Arthur Azevedo de Amorim , Boris Eng , Benjamin C. Pierce

We present a comprehensive dataset of Java vulnerability-fixing commits (VFCs) to advance research in Java vulnerability analysis. Our dataset, derived from thousands of open-source Java projects on GitHub, comprises two variants: JavaVFC…

Software Engineering · Computer Science 2024-09-10 Tan Bui , Yan Naing Tun , Yiran Cheng , Ivana Clairine Irsan , Ting Zhang , Hong Jin Kang

In its Vision and Strategy for Software for Science, Engineering, and Education the NSF states that it will invest in activities that: "Recognize that software strategies must include the secure and reliable deployment and operation of…

Cryptography and Security · Computer Science 2013-09-09 Randy Heiland , Betsy Thomas , Von Welch , Craig Jackson

In object-oriented programming languages, a belief exists that classes with -Er/-Or and -Utils suffixes are "code smells" because they take over a lot of functional responsibility, turning out to be bulky and complicated, and therefore…

Programming Languages · Computer Science 2024-03-27 Anna Sukhova , Alexey Akhundov , Efim Verzakov , Yegor Bugayenko

Background. Developers spend more time fixing bugs and refactoring the code to increase the maintainability than developing new features. Researchers investigated the code quality impact on fault-proneness focusing on code smells and code…

Software Engineering · Computer Science 2021-03-23 Francesco Lomio , Sergio Moreschini , Valentina Lenarduzzi

Untrusted deserialization exploits, where a serialised object graph is used to achieve denial-of-service or arbitrary code execution, have become so prominent that they were introduced in the 2017 OWASP Top 10. In this paper, we present a…

Cryptography and Security · Computer Science 2022-04-21 Francois Gauthier , Sora Bae

Up to 10% of memory-safety vulnerabilities in languages like C and C++ stem from uninitialized variables. This work addresses the prevalence and lack of adequate software mitigations for uninitialized memory issues, proposing architectural…

Cryptography and Security · Computer Science 2025-10-14 Merve Gülmez , Håkan Englund , Jan Tobias Mühlberg , Thomas Nyman

Context: Static Application Security Testing Tools (SASTTs) identify software vulnerabilities to support the security and reliability of software applications. Interestingly, several studies have suggested that alternative solutions may be…

Software Engineering · Computer Science 2024-03-15 Matteo Esposito , Valentina Falaschi , Davide Falessi

Many important security properties can be formulated in terms of flows of tainted data, and improved taint analysis tools to prevent such flows are of critical need. Most existing taint analyses use whole-program static analysis, leading to…

Programming Languages · Computer Science 2025-05-02 Nima Karimipour , Kanak Das , Manu Sridharan , Behnaz Hassanshahi

It is challenging to verify that the planned security mechanisms are actually implemented in the software. In the context of model-based development, the implemented security mechanisms must capture all intended security properties that…

Software Engineering · Computer Science 2022-03-21 Katja Tuma , Sven Peldszus , Daniel Strüber , Riccardo Scandariato , Jan Jürjens

The mathematical modeling of generics in Java and other similar nominally-typed object-oriented programming languages is a challenge. In this short paper we present the outline of a novel order-theoretic approach to modeling generics, in…

Programming Languages · Computer Science 2019-06-27 Moez A. AbdelGawad

With the expansion of the Internet of Things (IoT), the number of security incidents due to insecure and misconfigured IoT devices is increasing. Especially on the consumer market, manufacturers focus on new features and early releases at…

Cryptography and Security · Computer Science 2019-06-27 Philipp Morgner , Christoph Mai , Nicole Koschate-Fischer , Felix Freiling , Zinaida Benenson

We describe a new concrete approach to giving predictable error locations for sequential (flow-sensitive) effect systems. Prior implementations of sequential effect systems rely on either computing a bottom-up effect and comparing it to a…

Programming Languages · Computer Science 2023-08-01 Colin S. Gordon , Chaewon Yun

Background. Test resources are usually limited and therefore it is often not possible to completely test an application before a release. To cope with the problem of scarce resources, development teams can apply defect prediction to…

Software Engineering · Computer Science 2019-04-17 Rainer Niedermayr , Tobias Röhm , Stefan Wagner

In this paper we consider the problem of certified static checking of module-like constructs of programming languages. We argue that there are algorithms and properties related to modules that can be defined and proven in an abstract way.…

Programming Languages · Computer Science 2017-06-20 Julia Belyakova

The validation of requirements is a fundamental step in the development process of safety-critical systems. In safety critical applications such as aerospace, avionics and railways, the use of formal methods is of paramount importance both…

Software Engineering · Computer Science 2012-06-28 Alessandro Cimatti , Marco Roveri , Angelo Susi , Stefano Tonetta

Automation of test oracles is one of the most challenging facets of software testing, but remains comparatively less addressed compared to automated test input generation. Test oracles rely on a ground-truth that can distinguish between the…

Software Engineering · Computer Science 2023-04-07 Ali Reza Ibrahimzada , Yigit Varli , Dilara Tekinoglu , Reyhaneh Jabbarvand
‹ Prev 1 8 9 10 Next ›