English
Related papers

Related papers: How Open Should Open Source Be?

200 papers

Software vulnerabilities are constantly being reported and exploited in software products, causing significant impacts on society. In recent years, the main approach to vulnerability detection, fuzzing, has been integrated into the…

Software Engineering · Computer Science 2025-10-21 Tatsuya Shirai , Olivier Nourry , Yutaro Kashiwa , Kenji Fujiwara , Yasutaka Kamei , Hajimu Iida

IPFS is a content-addressed decentralized peer-to-peer data network, using the Bitswap protocol for exchanging data. The data exchange leaks the information to all neighbors, compromising a user's privacy. This paper investigates the…

Cryptography and Security · Computer Science 2023-07-10 Erik Daniel , Marcel Ebert , Florian Tschorsch

Model developers implement safeguards in frontier models to prevent misuse, for example, by employing classifiers to filter dangerous outputs. In this work, we demonstrate that even robustly safeguarded models can be used to elicit harmful…

Cryptography and Security · Computer Science 2026-01-21 Jackson Kaunismaa , Avery Griffin , John Hughes , Christina Q. Knight , Mrinank Sharma , Erik Jones

Software companies spend over 45 percent of cost in dealing with software bugs. An inevitable step of fixing bugs is bug triage, which aims to correctly assign a developer to a new bug. To decrease the time cost in manual work, text…

Software Engineering · Computer Science 2017-04-18 Jifeng Xuan , He Jiang , Yan Hu , Zhilei Ren , Weiqin Zou , Zhongxuan Luo , Xindong Wu

Web browsers are integral parts of everyone's daily life. They are commonly used for security-critical and privacy sensitive tasks, like banking transactions and checking medical records. Unfortunately, modern web browsers are too complex…

Cryptography and Security · Computer Science 2022-01-03 Jungwon Lim , Yonghwi Jin , Mansour Alharthi , Xiaokuan Zhang , Jinho Jung , Rajat Gupta , Kuilin Li , Daehee Jang , Taesoo Kim

Open source software ecosystems consist of thousands of interdependent libraries, which users can combine to great effect. Recent work has pointed out two kinds of risks in these systems: that technical problems like bugs and…

Software Engineering · Computer Science 2022-05-11 William Schueller , Johannes Wachs

Advancing our understanding of software vulnerabilities, automating their identification, the analysis of their impact, and ultimately their mitigation is necessary to enable the development of software that is more secure. While operating…

Software Engineering · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta , Michele Bezzi , Cédric Dangremont

We examine the state of publicly available information about known exploitable vulnerabilities applicable to operational technology (OT) environments. Specifically, we analyze the Known Exploitable Vulnerabilities Catalog (KEVC) maintained…

Cryptography and Security · Computer Science 2025-10-09 Philip Huff , Nishka Gandu , Pavel Novák

Just-in-time defect prediction assigns a defect risk to each new change to a software repository in order to prioritize review and testing efforts. Over the last decades different approaches were proposed in literature to craft more…

Software Engineering · Computer Science 2022-09-29 Peter Bludau , Alexander Pretschner

No significant research has been conducted so far on Intrusion detection due to data availability since, network traffic within companies is private information and no available logs can be found on the Internet for independent research.…

Cryptography and Security · Computer Science 2021-07-28 Theodosis Mourouzis , Andreas Avgousti

Protecting source code against reverse engineering and theft is an important problem. The goal is to carry out computations using confidential algorithms on an untrusted party while ensuring confidentiality of algorithms. This problem has…

Cryptography and Security · Computer Science 2016-12-13 Johannes Schneider , Thomas Locher

System administrators, similar to end users, may delay or avoid software patches, also known as updates, despite the impact their timely application can have on system security. These admins are responsible for large, complex, amalgamated…

Human-Computer Interaction · Computer Science 2023-07-10 Adam Jenkins , Maria Wolters , Kami Vaniea

Software security is of utmost importance for most software systems. Developers must systematically select, plan, design, implement, and especially, maintain and evolve security features -- functionalities to mitigate attacks or protect…

Software Engineering · Computer Science 2025-09-30 Kevin Hermann , Sven Peldszus , Jan-Philipp Steghöfer , Thorsten Berger

Patch reviewing is critical for software development, especially in distributed open-source development, which highly depends on voluntary work, such as Linux. This paper studies the past 10 years of patch reviews of the Linux memory…

Software Engineering · Computer Science 2026-03-27 Chih-En Lin , Attreyee Mukherjee , Ajay Rawat , Ruqi Zhang , Pedro Fonseca

Agile and DevOps are widely adopted by the industry. Hence, integrating security activities with industrial practices, such as continuous integration (CI) pipelines, is necessary to detect security flaws and adhere to regulators' demands…

Software Engineering · Computer Science 2024-01-17 Florian Angermeir , Markus Voggenreiter , Fabiola Moyón , Daniel Mendez

The increasing popularity of certain programming languages has spurred the creation of ecosystem-specific package repositories and package managers. Such repositories (e.g., npm, PyPI) serve as public databases that users can query to…

Cryptography and Security · Computer Science 2023-10-09 Piergiorgio Ladisa , Merve Sahin , Serena Elisa Ponta , Marco Rosa , Matias Martinez , Olivier Barais

Web Application Firewalls (WAFs) have been introduced as essential and popular security gates that inspect incoming HTTP traffic to filter out malicious requests and provide defenses against a diverse array of web-based threats. Evading…

Cryptography and Security · Computer Science 2026-03-17 Seyed Ali Akhavani , Bahruz Jabiyev , Ben Kallus , Cem Topcuoglu , Sergey Bratus , Engin Kirda

Understanding how software defects manifest and evolve in production environments is critical for improving reliability. While previous research has largely focused on pre-release defects, the nature of residual faults, i.e., those escaping…

Software Engineering · Computer Science 2026-04-30 Domenico Cotroneo , Giuseppe De Rosa , Cristina Improta , Benedetta Gaia Varriale

Evaluating the effectiveness of software protection is crucial for selecting the most effective methods to safeguard assets within software applications. Obfuscation involves techniques that deliberately modify software to make it more…

Cryptography and Security · Computer Science 2025-11-27 Leonardo Regano , Daniele Canavese , Cataldo Basile , Marco Torchiano

Caveat emptor, or let the buyer beware, is commonly attributed to open source software (OSS)-the onus is on the OSS consumer to ensure that it is fit for use in the consumer's context. OSS has been compared to an open market bazaar where…

Software Engineering · Computer Science 2024-04-26 Nancy Mead , Carol Woody , Scott Hissam