English
Related papers

Related papers: Is the OWASP Top 10 list comprehensive enough for …

200 papers

The number of newly published vulnerabilities is constantly increasing. Until now, the information available when a new vulnerability is published is manually assessed by experts using a Common Vulnerability Scoring System (CVSS) vector and…

Cryptography and Security · Computer Science 2022-10-06 Philipp Kuehn , David N. Relke , Christian Reuter

Obviously, the dynamism of software reliability research has speeded up significantly in the last period, and we can state the fact that its intensity is approaching, and in some cases is ahead of the information systems hardware…

Software Engineering · Computer Science 2020-03-06 Anton Petrov , Elena Popova , Alexander Petrov

Web browsers are integral parts of everyone's daily life. They are commonly used for security-critical and privacy sensitive tasks, like banking transactions and checking medical records. Unfortunately, modern web browsers are too complex…

Cryptography and Security · Computer Science 2022-01-03 Jungwon Lim , Yonghwi Jin , Mansour Alharthi , Xiaokuan Zhang , Jinho Jung , Rajat Gupta , Kuilin Li , Daehee Jang , Taesoo Kim

This paper presents a framework that selectively triggers security reviews for incoming source code changes. Functioning as a review bot within a code review service, the framework can automatically request additional security reviews at…

Cryptography and Security · Computer Science 2024-05-28 Keun Soo Yim

Passwords are still a mainstay of various security systems, as well as the cause of many usability issues. For end-users, many of these issues have been studied extensively, highlighting problems and informing design decisions for better…

Cryptography and Security · Computer Science 2017-08-31 Alena Naiakshina , Anastasia Danilova , Christian Tiefenau , Marco Herzog , Sergej Dechand , Matthew Smith

Static security analysis is a widely used technique for detecting software vulnerabilities across a wide range of weaknesses, application domains, and programming languages. While prior work surveyed static analyzes for specific weaknesses…

Cryptography and Security · Computer Science 2026-02-23 Kevin Hermann , Sven Peldszus , Thorsten Berger

Due to non-experts also developing security relevant applications it is necessary to support them too. Some improvements in the current research may not reach or impact these developers. Nonetheless these developers use security libraries.…

Cryptography and Security · Computer Science 2016-03-24 Kai Mindermann

AI coding assistants produce vulnerable code in 45\% of security-relevant scenarios~\cite{veracode2025}, yet no public training dataset teaches both traditional web security and AI/ML-specific defenses in a format suitable for instruction…

Cryptography and Security · Computer Science 2026-02-12 Scott Thornton

The security of the Internet rests on a small number of open-source cryptographic libraries: a vulnerability in any one of them threatens to compromise a significant percentage of web traffic. Despite this potential for security impact, the…

Cryptography and Security · Computer Science 2021-07-13 Jenny Blessing , Michael A. Specter , Daniel J. Weitzner

Software vulnerability detection is critical in software security because it identifies potential bugs in software systems, enabling immediate remediation and mitigation measures to be implemented before they may be exploited. Automatic…

Software Engineering · Computer Science 2023-06-21 Nima Shiri Harzevili , Alvine Boaye Belle , Junjie Wang , Song Wang , Zhen Ming , Jiang , Nachiappan Nagappan

Program obfuscation is a widely employed approach for software intellectual property protection. However, general obfuscation methods (e.g., lexical obfuscation, control obfuscation) implemented in mainstream obfuscation tools are heuristic…

Cryptography and Security · Computer Science 2017-10-04 Hui Xu , Yangfan Zhou , Yu Kang , Michael R. Lyu

This paper reports a large-scale study that aims to understand how mobile application (app) vulnerabilities are associated with software libraries. We analyze both free and paid apps. Studying paid apps was quite meaningful because it…

Cryptography and Security · Computer Science 2017-03-28 Takuya Watanabe , Mitsuaki Akiyama , Fumihiro Kanei , Eitaro Shioji , Yuta Takata , Bo Sun , Yuta Ishi , Toshiki Shibahara , Takeshi Yagi , Tatsuya Mori

Nowadays, data has become an invaluable asset to entities and companies, and keeping it secure represents a major challenge. Data centers are responsible for storing data provided by software applications. Nevertheless, the number of…

While providing economic and software development value, software supply chains are only as strong as their weakest link. Over the past several years, there has been an exponential increase in cyberattacks, specifically targeting vulnerable…

Cryptography and Security · Computer Science 2025-05-16 Imranur Rahman , Yasemin Acar , Michel Cukier , William Enck , Christian Kastner , Alexandros Kapravelos , Dominik Wermke , Laurie Williams

This paper presents the first empirical study of a vulnerability detection and fix tool with professional software developers on real projects that they own. We implemented DeepVulGuard, an IDE-integrated tool based on state-of-the-art…

We present a novel idea on adequacy testing called ``{vulnerability coverage}.'' The introduced coverage measure examines the underlying software for the presence of certain classes of vulnerabilities often found in the National…

Cryptography and Security · Computer Science 2020-06-17 Shuvalaxmi Dass , Akbar Siami Namin

Software applications integrate more and more open-source software (OSS) to benefit from code reuse. As a drawback, each vulnerability discovered in bundled OSS potentially affects the application. Upon the disclosure of every new…

Cryptography and Security · Computer Science 2025-03-18 Henrik Plate , Serena Elisa Ponta , Antonino Sabetta

To build a secure communications software, Vulnerability Prediction Models (VPMs) are used to predict vulnerable software modules in the software system before software security testing. At present many software security metrics have been…

Software Engineering · Computer Science 2019-02-14 Shengjun Wei , Hao Zhong , Chun Shan , Lin Ye , Xiaojiang Du , Mohsen Guizani

Software supply chain frameworks, such as the US NIST Secure Software Development Framework (SSDF), detail what tasks software development organizations are recommended or mandated to adopt to reduce security risk. However, to further…

Software Engineering · Computer Science 2025-07-24 Sivana Hamer , Jacob Bowen , Md Nazmul Haque , Robert Hines , Chris Madden , Laurie Williams

Cloud security is one of the biggest concerns for many companies. The growth in the number and size of websites increases the need for better securing those websites. Manual testing and detection of web vulnerabilities can be very time…

Cryptography and Security · Computer Science 2017-06-27 Emre Erturk , Angel Rajan