English
Related papers

Related papers: How Open Should Open Source Be?

200 papers

Hosting over 10 million of software projects, GitHub is one of the most important data sources to study behavior of developers and software projects. However, with the increase of the size of open source datasets, the potential threats to…

Software Engineering · Computer Science 2018-05-09 Can Cheng , Bing Li , Zengyang Li , Peng Liang

Vulnerability fixes in open source software (OSS) usually follow the coordinated vulnerability disclosure model and are silently fixed. This delay can expose OSS users to risks as malicious parties might exploit the software before fixes…

Software Engineering · Computer Science 2024-09-26 Xu Yang , Shaowei Wang , Jiayuan Zhou , Xing Hu

High-quality datasets of real-world vulnerabilities are enormously valuable for downstream research in software security, but existing datasets are typically small, require extensive manual effort to update, and are missing crucial features…

The Tor network provides users with strong anonymity by routing their internet traffic through multiple relays. While Tor encrypts traffic and hides IP addresses, it remains vulnerable to traffic analysis attacks such as the website…

Cryptography and Security · Computer Science 2026-01-06 Yuwen Cui , Guangjing Wang , Khanh Vu , Kai Wei , Kehan Shen , Zhengyuan Jiang , Xiao Han , Ning Wang , Zhuo Lu , Yao Liu

Since Bitcoin appeared in 2009, over 6,000 different cryptocurrency projects have followed. The cryptocurrency world may be the only technology where a massive number of competitors offer similar services yet claim unique benefits,…

Cryptography and Security · Computer Science 2022-01-24 Jusop Choi , Wonseok Choi , William Aiken , Hyoungshick Kim , Jun Ho Huh , Taesoo Kim , Yongdae Kim , Ross Anderson

Over the past 6 years, Syzbot has fuzzed the Linux kernel day and night to report over 5570 bugs, of which 4604 have been patched [11]. While this is impressive, we have found the average time to find a bug is over 405 days. Moreover, we…

Software Engineering · Computer Science 2024-01-23 Joseph Bursey , Ardalan Amiri Sani , Zhiyun Qian

Timely resolution and disclosure of vulnerabilities are essential for maintaining the security of open-source software. However, many vulnerabilities remain unreported, unpatched, or undisclosed for extended periods, exposing users to…

Cryptography and Security · Computer Science 2026-03-31 Arjun Sridharkumar , Sara Al Hajj Ibrahim , Jiayuan Zhou , Yuliang Wang , Safwat Hassan , Ahmed E. Hassan , Shurui Zhou

Throughout computer history, it has been repeatedly demonstrated that critical software vulnerabilities can significantly affect the components involved. In the Free/Libre and Open Source Software (FLOSS) ecosystem, most software is…

Software Engineering · Computer Science 2025-02-13 Stefan Tatschner , Michael P. Heinl , Nicole Pappler , Tobias Specht , Sven Plaga , Thomas Newe

Bug bounties have become increasingly popular in recent years. This paper discusses bug bounties by framing these theoretically against so-called platform economy. Empirically the interest is on the disclosure of web vulnerabilities through…

Cryptography and Security · Computer Science 2018-05-28 Jukka Ruohonen , Luca Allodi

Background: Despite the widespread use of automated security defect detection tools, software projects still contain many security defects that could result in serious damage. Such tools are largely context-insensitive and may not cover all…

Software Engineering · Computer Science 2023-07-06 Jiaxin Yu , Liming Fu , Peng Liang , Amjed Tahir , Mojtaba Shahin

Bug tracking tools are vital for managing bugs in any open source as well as proprietary commercial projects. Considering the significance of using an appropriate bug tracking tool, we assess the features offered by 31 open source bug…

Software Engineering · Computer Science 2017-06-22 Sai Anirudh Karre , Anveshi Shukla , Y. Raghu Reddy

Improved test case prioritization means that software developers can detect and fix more software faults sooner than usual. But is there one "best" prioritization algorithm? Or do different kinds of projects deserve special kinds of…

Software Engineering · Computer Science 2021-02-23 Xiao Ling , Rishabh Agrawal , Tim Menzies

Agile teams juggle multiple tasks so professionals are often assigned to multiple projects, especially in service organizations that monitor and maintain a large suite of software for a large user base. If we could predict changes in…

Software Engineering · Computer Science 2018-09-07 Rahul Krishna , Amritanshu Agrawal , Akond Rahman , Alexander Sobran , Tim Menzies

Browser extensions are additional tools developed by third parties that integrate with web browsers to extend their functionality beyond standard capabilities. However, the browser extension platform is increasingly being exploited by…

Cryptography and Security · Computer Science 2025-10-08 Shreya Singh , Gaurav Varshney , Tarun Kumar Singh , Vidhi Mishra , Khushi Verma

The FIDO2 protocol aims to strengthen or replace password authentication using public-key cryptography. FIDO2 has primarily focused on defending against attacks from afar by remote attackers that compromise a password or attempt to phish…

Cryptography and Security · Computer Science 2023-08-08 Tarun Kumar Yadav , Kent Seamons

Java platform and third-party libraries provide various security features to facilitate secure coding. However, misusing these features can cost tremendous time and effort of developers or cause security vulnerabilities in software. Prior…

Cryptography and Security · Computer Science 2017-09-29 Na Meng , Stefan Nagy , Daphne Yao , Wenjie Zhuang , Gustavo Arango Argoty

We present Tracking Protection in the Mozilla Firefox web browser. Tracking Protection is a new privacy technology to mitigate invasive tracking of users' online activity by blocking requests to tracking domains. We evaluate our approach…

Cryptography and Security · Computer Science 2015-06-15 Georgios Kontaxis , Monica Chew

New hardware primitives such as Intel SGX secure a user-level process in presence of an untrusted or compromised OS. Such "enclaved execution" systems are vulnerable to several side-channels, one of which is the page fault channel. In this…

Cryptography and Security · Computer Science 2016-01-13 Shweta Shinde , Zheng Leong Chua , Viswesh Narayanan , Prateek Saxena

Refactoring is a common practice in software development, aimed at improving the internal code structure in order to make it easier to understand and modify. Consequently, it is often assumed that refactoring makes the code less prone to…

Software Engineering · Computer Science 2025-05-14 Isabella Ferreira , Lawrence Arkoh , Anderson Uchôa , Ana Carla Bibiano , Alessandro Garcia , Wesley K. G. Assunção

Computer-based systems have solved several domain problems, including industrial, military, education, and wearable. Nevertheless, such arrangements need high-quality software to guarantee security and safety as both are mandatory for…