English
Related papers

Related papers: Software Security analysis, static and dynamic tes…

200 papers

Security vulnerabilities present in a code that has been written in diverse programming languages are among the most critical yet complicated aspects of source code to detect. Static analysis tools based on rule-based patterns usually do…

Cryptography and Security · Computer Science 2025-08-19 Hael Abdulhakim Ali Humran , Ferdi Sonmez

Early identification of security issues in software development is vital to minimize their unanticipated impacts. Code review is a widely used manual analysis method that aims to uncover security issues along with other coding issues in…

Software Engineering · Computer Science 2024-07-18 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Static code analysis is a powerful approach to detect quality deficiencies such as performance bottlenecks, safety violations or security vulnerabilities already during a software system's implementation. Yet, as current software systems…

Software Engineering · Computer Science 2017-10-23 Eric Bodden

Software vulnerabilities remain a significant risk factor in achieving security objectives within software development organizations. This is especially true where either proprietary or open-source software (OSS) is included in the…

Software Engineering · Computer Science 2025-09-23 James J. Cusick

In this report, we examine Jif, a Java extension which augments the language with features related to security. Jif adds support for security labels to Java's type system such that the developer can specify confidentiality and integrity…

Programming Languages · Computer Science 2014-12-31 Kyle Pullicino

The increasing development speed via Agile may introduce overlooked security steps in the process, with an example being the Iowa Caucus application. Verifying the protection of confidential information such as social security numbers…

Cryptography and Security · Computer Science 2022-01-20 Miles Frantz

The use of open-source software (OSS) is ever-increasing, and so is the number of open-source vulnerabilities being discovered and publicly disclosed. The gains obtained from the reuse of community-developed libraries may be offset by the…

Cryptography and Security · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta

Enterprise environment often screens large-scale (millions of lines of code) codebases with static analysis tools to find bugs and vulnerabilities. Parfait is a static code analysis tool used in Oracle to find security vulnerabilities in…

Software Engineering · Computer Science 2022-01-04 Ya Xiao , Yang Zhao , Nicholas Allen , Nathan Keynes , Danfeng , Yao , Cristina Cifuentes

Despite various approaches being employed to detect vulnerabilities, the number of reported vulnerabilities shows an upward trend over the years. This suggests the problems are not caught before the code is released, which could be caused…

Cryptography and Security · Computer Science 2025-02-14 Karl Tamberg , Hayretdin Bahsi

Understanding how software defects manifest and evolve in production environments is critical for improving reliability. While previous research has largely focused on pre-release defects, the nature of residual faults, i.e., those escaping…

Software Engineering · Computer Science 2026-04-30 Domenico Cotroneo , Giuseppe De Rosa , Cristina Improta , Benedetta Gaia Varriale

Integer overflows in commodity software are a main source for software bugs, which can result in exploitable memory corruption vulnerabilities and may eventually contribute to powerful software based exploits, i.e., code reuse attacks…

Cryptography and Security · Computer Science 2017-11-06 Paul Muntean , Jens Grossklags , Claudia Eckert

Modern programming languages, such as Java and C#, typically provide features that handle exceptions. These features separate error-handling code from regular source code and aim to assist in the practice of software comprehension and…

Software Engineering · Computer Science 2017-08-03 Guilherme B. de Pádua , Weiyi Shang

Programming languages often demarcate the internal sandbox, consisting of entities such as objects and variables, from the outside world, e.g., files or network. Although communication with the external world poses fundamental challenges…

Software Engineering · Computer Science 2023-06-22 Matúš Sulír , Sergej Chodarev , Milan Nosáľ

Java reflection has been increasingly used in a wide range of software. It allows a software system to inspect and/or modify the behaviour of its classes, interfaces, methods and fields at runtime, enabling the software to adapt to…

Programming Languages · Computer Science 2017-06-15 Yue Li , Tian Tan , Jingling Xue

Static analysis tools are commonly used to detect defects before the code is released. Previous research has focused on their overall effectiveness and their ability to detect defects. However, little is known about the usage patterns of…

Software Engineering · Computer Science 2023-11-14 Georgios Liargkovas , Evangelia Panourgia , Diomidis Spinellis

Many performance inefficiencies such as inappropriate choice of algorithms or data structures, developers' inattention to performance, and missed compiler optimizations show up as wasteful memory operations. Wasteful memory operations are…

Performance · Computer Science 2019-07-01 Pengfei Su , Qingsen Wang , Milind Chabbi , Xu Liu

Identifying dependency call graphs of multilanguage software systems using static code analysis is challenging. The different languages used in developing today's systems often have different lexical, syntactical, and semantic rules that…

With an increasing number of value-flow properties to check, existing static program analysis still tends to have scalability issues when high precision is required. We observe that the key design flaw behind the scalability problem is that…

Software Engineering · Computer Science 2019-12-17 Qingkai Shi , Rongxin Wu , Gang Fan , Charles Zhang

Vulnerability detection is crucial for maintaining software security, and recent research has explored the use of Language Models (LMs) for this task. While LMs have shown promising results, their performance has been inconsistent across…

Cryptography and Security · Computer Science 2024-12-24 Syafiq Al Atiiq , Christian Gehrmann , Kevin Dahlén

Memory spatial errors, i.e., buffer overflow vulnerabilities, have been a well-known issue in computer security for a long time and remain one of the root causes of exploitable vulnerabilities. Most of the existing mitigation tools adopt a…

Cryptography and Security · Computer Science 2020-04-07 Dongwei Chen , Daliang Xu , Dong Tong , Kang Sun , Xuetao Guan , Chun Yang , Xu Cheng