English
Related papers

Related papers: Beyond Metadata: Code-centric and Usage-based Anal…

200 papers

Free/Open Source Software (FOSS) enables large-scale reuse of preexisting software components. The main drawback is increased complexity in software supply chain management. A common approach to tame such complexity is automated open source…

Software Engineering · Computer Science 2022-07-25 Daniele Serafini , Stefano Zacchiroli

Automated detection of software vulnerabilities remains a critical challenge in software security. Log4j is an industrial-grade Java logging framework listed as one of the top 100 critical open source projects. On Dec. 10, 2021 a severe…

Software Engineering · Computer Science 2026-01-05 Victor Wen , Zedong Peng

Usability is an increasing concern in open source software (OSS). Given the recent changes in the OSS landscape, it is imperative to examine the OSS contributors' current valued factors, practices, and challenges concerning usability. We…

Software Engineering · Computer Science 2020-07-15 Wenting Wang , Jinghui Cheng , Jin L. C. Guo

One of the most significant challenges in the field of software code auditing is the presence of vulnerabilities in software source code. Every year, more and more software flaws are discovered, either internally in proprietary code or…

Cryptography and Security · Computer Science 2023-06-16 Mst Shapna Akter , Hossain Shahriar , Juan Rodriguez Cardenas , Sheikh Iqbal Ahamed , Alfredo Cuzzocrea

Open-source software (OSS) has become increasingly more popular across different domains. However, this rapid development and widespread adoption come with a security cost. The growing complexity and openness of OSS ecosystems have led to…

Cryptography and Security · Computer Science 2025-06-17 Seyed Ali Akhavani , Behzad Ousat , Amin Kharraz

Third-party libraries are a central building block to develop software systems. However, outdated third-party libraries are commonly used, and developers are usually less aware of the potential risks. Therefore, a quantitative and holistic…

Software Engineering · Computer Science 2020-02-26 Ying Wang , Bihuan Chen , Kaifeng Huang , Bowen Shi , Congying Xu , Xin Peng , Yang Liu , Yijian Wu

Open-Source Software (OSS) vulnerabilities bring great challenges to the software security and pose potential risks to our society. Enormous efforts have been devoted into automated vulnerability detection, among which deep learning…

Cryptography and Security · Computer Science 2024-02-09 Xinchen Wang , Ruida Hu , Cuiyun Gao , Xin-Cheng Wen , Yujia Chen , Qing Liao

Open source software (OSS) is essential for modern society and, while substantial research has been done on individual (typically central) projects, only a limited understanding of the periphery of the entire OSS ecosystem exists. For…

Software Engineering · Computer Science 2020-11-02 Yuxing Ma , Tapajit Dey , Chris Bogart , Sadika Amreen , Marat Valiev , Adam Tutko , David Kennard , Russell Zaretzki , Audris Mockus

Existing innovation metrics inadequately capture software innovation, creating blind spots for researchers and policymakers seeking to understand and foster technological innovation in an increasingly software-defined economy. This paper…

Software Engineering · Computer Science 2025-07-01 Eva Maxfield Brown , Cailean Osborne , Peter Cihon , Moritz Böhmecke-Schwafert , Kevin Xu , Mirko Boehm , Knut Blind

In Open Source Software, the source code and any other resources available in a project can be viewed or reused by anyone subject to often permissive licensing restrictions. In contrast to some studies of dependency-based reuse supported…

Software Engineering · Computer Science 2024-02-12 Mahmoud Jahanshahi , Audris Mockus

In software development, developers extensively utilize third-party libraries to avoid implementing existing functionalities. When a new third-party library vulnerability is disclosed, project maintainers need to determine whether their…

Software Engineering · Computer Science 2023-12-18 Zirui Chen , Xing Hu , Xin Xia , Yi Gao , Tongtong Xu , David Lo , Xiaohu Yang

Open source software (OSS) vulnerabilities threaten the security of software systems that use OSS. Vulnerability databases provide valuable information (e.g., vulnerable version and patch) to mitigate OSS vulnerabilities. There arises a…

Software Engineering · Computer Science 2023-10-03 Congying Xu , Bihuan Chen , Chenhao Lu , Kaifeng Huang , Xin Peng , Yang Liu

Testing is the most widely employed method to find vulnerabilities in real-world software programs. Compositional analysis, based on symbolic execution, is an automated testing method to find vulnerabilities in medium- to large-scale…

Software Engineering · Computer Science 2018-07-25 Saahil Ognawala , Ricardo Nales Amato , Alexander Pretschner , Pooja Kulkarni

The identification of vulnerabilities is an important element in the software development life cycle to ensure the security of software. While vulnerability identification based on the source code is a well studied field, the identification…

Cryptography and Security · Computer Science 2022-12-05 Andreas Schaad , Dominik Binder

This paper explores the application of functional data analysis (FDA) as a means to study the dynamics of software evolution in the open source context. Several challenges in analyzing the data from software projects are discussed, an…

Statistics Theory · Mathematics 2007-06-13 Katherine J. Stewart , David P. Darcy , Sherae L. Daniel

Automated vulnerability detection tools are widely used to identify security vulnerabilities in software dependencies. However, the evaluation of such tools remains challenging due to the heterogeneous structure of vulnerability data…

Software Engineering · Computer Science 2026-04-24 Peter Mandl , Paul Mandl , Martin Häusl , Maximilian Auch

The increasing complexity of modern software systems has led to a rise in vulnerabilities that malicious actors can exploit. Traditional methods of vulnerability detection, such as static and dynamic analysis, have limitations in…

Software Engineering · Computer Science 2025-04-01 Amanpreet Singh Saimbhi

The Web is replete with tutorial-style content on how to accomplish programming tasks. Unfortunately, even top-ranked tutorials suffer from severe security vulnerabilities, such as cross-site scripting (XSS), and SQL injection (SQLi).…

Cryptography and Security · Computer Science 2017-04-11 Tommi Unruh , Bhargava Shastry , Malte Skoruppa , Federico Maggi , Konrad Rieck , Jean-Pierre Seifert , Fabian Yamaguchi

Code obfuscation is widely adopted in modern software development to protect intellectual property and hinder reverse engineering, but it also provides attackers with a powerful means to conceal malicious logic inside otherwise legitimate…

Cryptography and Security · Computer Science 2026-04-02 Francesco Pagano , Lorenzo Pisu , Leonardo Regano , Davide Maiorca , Alessio Merlo , Giorgio Giacinto

Open-source third-party libraries are widely used in software development. These libraries offer substantial advantages in terms of time and resource savings. However, a significant concern arises due to the publicly disclosed…

Software Engineering · Computer Science 2025-02-12 Yi Gao , Xing Hu , Zirui Chen , Xiaohu Yang