English
Related papers

Related papers: The Dynamics of Software Composition Analysis

200 papers

Software Bills of Material (SBOMs) have emerged as an important technology for vulnerability management amid rising supply-chain attacks. They represent component relationships within a software product and support software composition…

Software Engineering · Computer Science 2026-04-24 Shawn Rasheed , Max McPhee , Lisa Patterson , Stephen MacDonell , Jens Dietrich

While third-party libraries are extensively reused to enhance productivity during software development, they can also introduce potential security risks such as vulnerability propagation. Software composition analysis, proposed to identify…

Software Engineering · Computer Science 2024-08-27 Ling Jiang , Junwen An , Huihui Huang , Qiyi Tang , Sen Nie , Shi Wu , Yuqun Zhang

Designing a static analysis is generally a substantial undertaking, requiring significant expertise in both program analysis and the domain of the program analysis, and significant development resources. As a result, most program analyses…

Programming Languages · Computer Science 2018-10-17 Colin S. Gordon

In this paper, we present a novel marriage of static and dynamic analysis. Given a large code base with many functions and a mature test suite, we propose using static analysis to find functions 1) with assertions or other evident…

Software Engineering · Computer Science 2016-09-22 Mohammad Amin Alipour , Alex Groce , Chaoqiang Zhang , Anahita Sanadaji , Gokul Caushik

It is quite common for security testing to be delayed until after the software has been developed, but vulnerabilities may get noticed throughout the implementation phase and the earlier they are discovered, the easier and cheaper it will…

Software Engineering · Computer Science 2018-05-25 Rahma Mahmood , Qusay H. Mahmoud

Web applications continue to be a favorite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high impact vulnerabilities. Static analysis tools are important to…

Cryptography and Security · Computer Science 2022-01-19 Ibéria Medeiros , Nuno Neves , Miguel Correia

The sources of reliable, code-level information about vulnerabilities that affect open-source software (OSS) are scarce, which hinders a broad adoption of advanced tools that provide code-level detection and assessment of vulnerable OSS…

Software Engineering · Computer Science 2021-05-10 Therese Fehrer , Rocío Cabrera Lozoya , Antonino Sabetta , Dario Di Nucci , Damian A. Tamburri

Instruction-level error injection analyses aim to find instructions where errors often lead to unacceptable outcomes like Silent Data Corruptions (SDCs). These analyses require significant time, which is especially problematic if developers…

Software Engineering · Computer Science 2024-03-27 Keyur Joshi , Rahul Singh , Tommaso Bassetto , Sarita Adve , Darko Marinov , Sasa Misailovic

As software systems have grown in scale and complexity the test suites built alongside those systems have also become increasingly complex. Understanding key aspects of test suites, such as their coverage of production code, is important…

Software Engineering · Computer Science 2021-03-15 Amjed Tahir , Stephen G. MacDonell

Static code analysis tools are designed to aid software developers to build better quality software in less time, by detecting defects early in the software development life cycle. Even the most experienced developer regularly introduces…

Distributed, Parallel, and Cluster Computing · Computer Science 2021-02-05 Manuel Arenaz , Xavier Martorell

The development of programming languages involves complex theoretical and practical challenges, particularly when addressing modularity and reusability through language extensions. While language workbenches aim to enable modular…

Programming Languages · Computer Science 2026-02-04 Federico Bruzzone , Walter Cazzola , Luca Favalli

Static analysis plays a key role in finding bugs, including security issues. A critical step in static analysis is building accurate call graphs that model function calls in a program. However, due to hard-to-analyze language features,…

Software Engineering · Computer Science 2025-06-24 Masudul Hasan Masud Bhuiyan , Gianluca De Stefano , Giancarlo Pellegrino , Cristian-Alexandru Staicu

Knowledge-based systems reason over some knowledge base. Hence, an important issue for such systems is how to acquire the knowledge needed for their inference. This paper assesses active learning methods for acquiring knowledge for "static…

Software Engineering · Computer Science 2020-10-23 Xueqi Yang , Zhe Yu , Junjie Wang , Tim Menzies

Users around the world rely on software-intensive systems in their day-to-day activities. These systems regularly contain bugs and security vulnerabilities. To facilitate bug fixing, data-driven models of automatic program repair use pairs…

Software Engineering · Computer Science 2022-02-08 Anastasiia Grishina

Static analysis tools come in many forms andconfigurations, allowing them to handle various tasks in a (secure) development process: code style linting, bug/vulnerability detection, verification, etc., and adapt to the specific requirements…

One major problem in maintaining a software system is to understand how many functional features in the system and how these features are implemented. In this paper a novel approach for locating features in code by semantic and dynamic…

Software Engineering · Computer Science 2015-12-15 Ren Wu

Content composition vulnerabilities remain among the most prevalent and persistent classes of security weakness in deployed software. Prior mitigations, including developer training, static analysis tools, and domain-specific template…

Programming Languages · Computer Science 2026-05-19 Mike Samuel , Tom Palmer , Shaw Summa , Robert Grayson

We recommend a programming construct - availability check - for programs that need to automatically adjust to presence or absence of segments of code. The idea is to check the existence of a valid definition before a function call is…

Programming Languages · Computer Science 2007-05-23 Joy Mukherjee , Srinidhi Varadarajan

With the increasing reliance on Open Source Software, users are exposed to third-party library vulnerabilities. Software Composition Analysis (SCA) tools have been created to alert users of such vulnerabilities. SCA requires the…

Modern automotive software is highly complex and consists of millions lines of code. For safety-relevant automotive software, it is recommended to use sound static program analysis to prove the absence of runtime errors. However, the…

Software Engineering · Computer Science 2023-10-26 Jesko Hecking-Harbusch , Jochen Quante , Maximilian Schlund