English
Related papers

Related papers: Build It, Break It, Fix It: Contesting Secure Deve…

200 papers

Given programming languages can provide different types and levels of security support, it is critically important to consider security aspects while selecting programming languages for developing software systems. Inadequate consideration…

Software Engineering · Computer Science 2021-11-29 Roland Croft , Yongzheng Xie , Mansooreh Zahedi , M. Ali Babar , Christoph Treude

C programs can use compiler builtins to provide functionality that the C language lacks. On Linux, GCC provides several thousands of builtins that are also supported by other mature compilers, such as Clang and ICC. Maintainers of other…

Programming Languages · Computer Science 2019-07-02 Manuel Rigger , Stefan Marr , Bram Adams , Hanspeter Mössenböck

GitHub Copilot is an artificially intelligent programming assistant used by many developers. While a few studies have evaluated the security risks of using Copilot, there has not been any study to show if it aids developers in producing…

Software Engineering · Computer Science 2024-12-13 Daniel Erhabor , Sreeharsha Udayashankar , Meiyappan Nagappan , Samer Al-Kiswany

Continuous Integration (CI) is widely used to provide rapid feedback on code changes; however, CI build outcomes are not always reliable. Builds may fail intermittently due to non-deterministic factors, leading to flaky builds that…

Software Engineering · Computer Science 2026-02-03 Wenhao Ge , Chen Zhang

As software development practices increasingly adopt AI-powered tools, ensuring that such tools can support secure coding has become critical. This study evaluates the effectiveness of GitHub Copilot's recently introduced code review…

Software Engineering · Computer Science 2025-09-18 Amena Amro , Manar H. Alalfi

The automated program repair field has attracted substantial interest over the years, but despite significant research efforts, creating a system that works well for complex semantic bugs such as security vulnerabilities has proven…

Cryptography and Security · Computer Science 2024-02-26 Berkay Berabi , Alexey Gronskiy , Veselin Raychev , Gishor Sivanrupan , Victor Chibotaru , Martin Vechev

In the last three decades, memory safety issues in system programming languages such as C or C++ have been one of the significant sources of security vulnerabilities. However, there exist only a few attempts with limited success to cope…

Software Engineering · Computer Science 2021-07-05 Felipe R. Monteiro , Mikhail R. Gadelha , Lucas C. Cordeiro

Background. During collaborative software development, developers often use branches to add features or fix bugs. When merging changes from two branches, conflicts may occur if the changes are inconsistent. Developers need to resolve these…

Software Engineering · Computer Science 2019-07-16 Moein Owhadi-Kareshk , Sarah Nadi , Julia Rubin

Many tools and libraries are readily available to build and operate distributed Web applications. While the setup of operational environments is comparatively easy, practice shows that their continuous secure operation is more difficult to…

Cryptography and Security · Computer Science 2012-07-13 Matteo Maria Casalino , Michele Mangili , Henrik Plate , Serena Elisa Ponta

Large language model-powered code agents are rapidly transforming software engineering, yet the security risks of their generated code have become a critical concern. Existing benchmarks have provided valuable insights, but they fail to…

Software Engineering · Computer Science 2026-04-27 Junkai Chen , Huihui Huang , Yunbo Lyu , Junwen An , Jieke Shi , Chengran Yang , Ting Zhang , Haoye Tian , Yikun Li , Zhenhao Li , Xin Zhou , Xing Hu , David Lo

Continuous integration (CI) is widely used by developers to ensure the quality and reliability of their software projects. However, diagnosing a CI regression is a tedious process that involves the manual analysis of lengthy build logs. In…

Software Engineering · Computer Science 2025-04-28 Nicolas Hubner , Jean-Rémy Falleri , Raluca Uricaru , Thomas Degueule , Thomas Durieux

Systems and blockchains often have security vulnerabilities and can be attacked by adversaries, with potentially significant negative consequences. Therefore, infrastructure providers increasingly rely on bug bounty programs, where external…

Theoretical Economics · Economics 2023-09-06 Hans Gersbach , Akaki Mamageishvili , Fikri Pitsuwan

Automated builds are integral to the Continuous Integration (CI) software development practice. In CI, developers are encouraged to integrate early and often. However, long build times can be an issue when integrations are frequent. This…

Software Engineering · Computer Science 2017-12-20 Ekaba Bisong , Eric Tran , Olga Baysal

Fuzzing has become a popular technique for automatically detecting vulnerabilities and bugs by generating unexpected inputs. In recent years, the fuzzing process has been integrated into continuous integration workflows (i.e., continuous…

Software Engineering · Computer Science 2026-02-06 Tatsuya Shirai , Olivier Nourry , Yutaro Kashiwa , Kenji Fujiwara , Hajimu Iida

Compiler-based Control-Flow Integrity (CFI) offers strong forward-edge protection but remains challenging to deploy in large C/C++ software due to visibility mismatches, type inconsistencies, and unintended behavioral failures. We present…

Software Engineering · Computer Science 2025-12-30 Sabine Houy , Bruno Kreyssig , Alexandre Bartel

AI coding assistants are now used to generate production code in security-sensitive domains, yet the exploitability of their outputs remains unquantified. We address this gap with Broken by Default: a formal verification study of 3,500 code…

Cryptography and Security · Computer Science 2026-04-09 Dominik Blain , Maxime Noiseux

Debugging, finding and fixing bugs in code, is a heterogeneous process that shapes novice learners' self-beliefs and motivation in computing. Our Debugging by Design intervention (DbD) provocatively puts students in control over bugs by…

Computers and Society · Computer Science 2023-05-05 Luis Morales-Navarro , Deborah A. Fields , Michael Giang , Yasmin B Kafai

Flaky tests are software tests that exhibit a seemingly random outcome (pass or fail) when run against the same, identical code. Previous work has examined fixes to flaky tests and has proposed automated solutions to locate as well as fix…

Software Engineering · Computer Science 2019-07-03 Moritz Eck , Fabio Palomba , Marco Castelluccio , Alberto Bacchelli

Testing is one of the most indispensable tasks in software engineering. The role of testing in software development has grown significantly because testing is able to reveal defects in the code in an early stage of development. Many unit…

Software Engineering · Computer Science 2010-12-07 Norbert Pataki

Current benchmarks for coding evaluate language models (LMs) on concrete, well-specified tasks such as fixing specific bugs or writing targeted tests. However, human programmers do not spend all day incessantly addressing isolated tasks.…

Software Engineering · Computer Science 2026-05-14 John Yang , Kilian Lieret , Joyce Yang , Carlos E. Jimenez , Muhtasham Oblokulov , Aryan Siddiqui , Ofir Press , Ludwig Schmidt , Diyi Yang