English
Related papers

Related papers: Leveraging Flawed Tutorials for Seeding Large-Scal…

200 papers

Open-source projects are essential to software development, but publicly disclosing vulnerabilities without fixes increases the risk of exploitation. The Open Source Security Foundation (OpenSSF) addresses this issue by promoting robust…

The art of finding software vulnerabilities has been covered extensively in the literature and there is a huge body of work on this topic. In contrast, the intentional insertion of exploitable, security-critical bugs has received little…

Cryptography and Security · Computer Science 2020-07-07 Jannik Pewny , Thorsten Holz

Software vulnerabilities are constantly being reported and exploited in software products, causing significant impacts on society. In recent years, the main approach to vulnerability detection, fuzzing, has been integrated into the…

Software Engineering · Computer Science 2025-10-21 Tatsuya Shirai , Olivier Nourry , Yutaro Kashiwa , Kenji Fujiwara , Yasutaka Kamei , Hajimu Iida

Two key contributions presented in this paper are: i) A method for building a dataset containing source code features extracted from source files taken from Open Source Software (OSS) and associated bug reports, ii) A predictive model for…

Software Engineering · Computer Science 2018-09-13 Ritu Kapur , Balwinder Sodhi

In the world of open-source software (OSS), the number of known vulnerabilities has tremendously increased. The GitHub Advisory Database contains advisories for security risks in GitHub-hosted OSS projects. As of 09/25/2023, there are…

Cryptography and Security · Computer Science 2025-01-30 Jessy Ayala , Yu-Jye Tung , Joshua Garcia

This paper presents a comprehensive empirical analysis of security vulnerabilities in AI-generated code across public GitHub repositories. We collected and analyzed 7,703 files explicitly attributed to four major AI tools: ChatGPT…

Cryptography and Security · Computer Science 2025-10-31 Maximilian Schreiber , Pascal Tippe

This paper presents DeepTective, a deep learning approach to detect vulnerabilities in PHP source code. Our approach implements a novel hybrid technique that combines Gated Recurrent Units and Graph Convolutional Networks to detect SQLi,…

Cryptography and Security · Computer Science 2023-06-21 Rishi Rabheru , Hazim Hanif , Sergio Maffeis

Despite various approaches being employed to detect vulnerabilities, the number of reported vulnerabilities shows an upward trend over the years. This suggests the problems are not caught before the code is released, which could be caused…

Cryptography and Security · Computer Science 2025-02-14 Karl Tamberg , Hayretdin Bahsi

There has been a long-standing hypothesis that a software's popularity is related to its security or insecurity in both research and popular discourse. There are also a few empirical studies that have examined the hypothesis, either…

Software Engineering · Computer Science 2025-06-12 Jukka Ruohonen , Qusai Ramadan

The widespread adoption of web applications has made their security a critical concern and has increased the need for systematic ways to assess whether they can be considered trustworthy. However, "trust" assessment remains an open problem…

Cryptography and Security · Computer Science 2026-03-26 Oleksandr Yarotskyi , José D'Abruzzo Pereira , João R. Campos

The growing application of deep neural networks in safety-critical domains makes the analysis of faults that occur in such systems of enormous importance. In this paper we introduce a large taxonomy of faults in deep learning (DL) systems.…

Software Engineering · Computer Science 2019-11-11 Nargiz Humbatova , Gunel Jahangirova , Gabriele Bavota , Vincenzo Riccio , Andrea Stocco , Paolo Tonella

Deep learning (DL) models have become increasingly popular in identifying software vulnerabilities. Prior studies found that vulnerabilities across different vulnerable programs may exhibit similar vulnerable scopes, implicitly forming…

Cryptography and Security · Computer Science 2023-06-13 Michael Fu , Trung Le , Van Nguyen , Chakkrit Tantithamthavorn , Dinh Phung

Context: Security Vulnerabilities (SVs) pose many serious threats to software systems. Developers usually seek solutions to addressing these SVs on developer Question and Answer (Q&A) websites. However, there is still little known about…

Software Engineering · Computer Science 2021-09-10 Triet H. M. Le , Roland Croft , David Hin , M. Ali Babar

Deep learning achieves remarkable performance on pattern recognition, but can be vulnerable to defects of some important properties such as robustness and security. This tutorial is based on a stream of research conducted since the summer…

Software Engineering · Computer Science 2021-08-05 Nicolas Berthier , Youcheng Sun , Wei Huang , Yanghao Zhang , Wenjie Ruan , Xiaowei Huang

Microarchitectural side channels expose unprotected software to information leakage attacks where a software adversary is able to track runtime behavior of a benign process and steal secrets such as cryptographic keys. As suggested by…

Cryptography and Security · Computer Science 2023-04-25 Jan Wichelmann , Ahmad Moghimi , Thomas Eisenbarth , Berk Sunar

Code Pre-trained Models (CodePTMs) based vulnerability detection have achieved promising results over recent years. However, these models struggle to generalize as they typically learn superficial mapping from source code to labels instead…

Cryptography and Security · Computer Science 2024-06-07 Xiaohu Du , Ming Wen , Jiahao Zhu , Zifan Xie , Bin Ji , Huijun Liu , Xuanhua Shi , Hai Jin

The pervasive nature of software vulnerabilities has emerged as a primary factor for the surge in cyberattacks. Traditional vulnerability detection methods, including rule-based, signature-based, manual review, static, and dynamic analysis,…

Software Engineering · Computer Science 2025-03-07 Md Nizam Uddin , Yihe Zhang , Xiali Hei

The exploit or the Proof of Concept of the vulnerability plays an important role in developing superior vulnerability repair techniques, as it can be used as an oracle to verify the correctness of the patches generated by the tools.…

Code vulnerability detection (CVD) is essential for addressing and preventing system security issues, playing a crucial role in ensuring software security. Previous learning-based vulnerability detection methods rely on either fine-tuning…

Computation and Language · Computer Science 2025-01-07 Xuefeng Jiang , Lvhua Wu , Sheng Sun , Jia Li , Jingjing Xue , Yuwei Wang , Tingting Wu , Min Liu

Tracking vulnerabilities inherited from third-party open-source software is a well-known challenge, often addressed by tracing the threads of dependency information. However, vulnerabilities can also propagate through forking: a code…

Cryptography and Security · Computer Science 2026-01-29 Romain Lefeuvre , Charly Reux , Stefano Zacchiroli , Olivier Barais , Benoit Combemale