English
Related papers

Related papers: SpellBound: Defending Against Package Typosquattin…

200 papers

Due to the ever-increasing security breaches, practitioners are motivated to produce more secure software. In the United States, the White House Office released a memorandum on Executive Order (EO) 14028 that mandates organizations provide…

Cryptography and Security · Computer Science 2023-06-16 Nusrat Zahan , Shohanuzzaman Shohan , Dan Harris , Laurie Williams

In software development, the prevalence of unsafe languages such as C and C++ introduces potential vulnerabilities, especially within the heap, a pivotal component for dynamic memory allocation. Despite its significance, heap management…

Cryptography and Security · Computer Science 2024-09-24 Zheng Yu , Ganxiang Yang , Xinyu Xing

Malicious Python packages make software supply chains vulnerable by exploiting trust in open-source repositories like Python Package Index (PyPI). Lack of real-time behavioral monitoring makes metadata inspection and static code analysis…

Cryptography and Security · Computer Science 2025-03-04 Sk Tanzir Mehedi , Chadni Islam , Gowri Ramachandran , Raja Jurdak

A polyglot is a file that is valid in two or more formats. Polyglot files pose a problem for malware detection systems that route files to format-specific detectors/signatures, as well as file upload and sanitization tools. In this work we…

Malicious software packages in open-source ecosystems, such as PyPI, pose growing security risks. Unlike traditional vulnerabilities, these packages are intentionally designed to deceive users, making detection challenging due to evolving…

Software Engineering · Computer Science 2025-04-21 Motunrayo Ibiyo , Thinakone Louangdy , Phuong T. Nguyen , Claudio Di Sipio , Davide Di Ruscio

Meeting the rise of industry demand to incorporate machine learning (ML) components into software systems requires interdisciplinary teams contributing to a shared code base. To maintain consistency, reduce defects and ensure…

Software Engineering · Computer Science 2022-05-10 Jai Kannan , Scott Barnett , Luís Cruz , Anj Simmons , Akash Agarwal

Reusable software components, typically distributed as packages, are a central paradigm of modern software development. The JavaScript ecosystem serves as a prime example, offering millions of packages with their use being promoted as…

Software Engineering · Computer Science 2026-01-26 Ben Swierzy , Marc Ohm , Michael Meier

Developers usually use TPLs to facilitate the development of the projects to avoid reinventing the wheels, however, the vulnerable TPLs indeed cause severe security threats. The majority of existing research only considered whether projects…

Software Engineering · Computer Science 2024-09-05 Fangyuan Zhang , Lingling Fan , Sen Chen , Miaoying Cai , Sihan Xu , Lida Zhao

Large Language Models for code (LLMs4Code) are increasingly used to generate software artifacts, including library and package recommendations in languages such as Go. However, recent evidence shows that LLMs frequently hallucinate package…

Software Engineering · Computer Science 2025-12-10 Md Nazmul Haque , Elizabeth Lin , Lawrence Arkoh , Biruk Tadesse , Bowen Xu

SourceRank is a scoring system made of 18 metrics that assess the popularity and quality of open-source packages. Despite being used in several recent studies, none has thoroughly analyzed its reliability against evasion attacks aimed at…

Cryptography and Security · Computer Science 2026-01-01 Biagio Montaruli , Serena Elisa Ponta , Luca Compagna , Davide Balzarotti

Security vulnerability in third-party dependencies is a growing concern not only for developers of the affected software, but for the risks it poses to an entire software ecosystem, e.g., Heartbleed vulnerability. Recent studies show that…

Software Engineering · Computer Science 2021-06-24 Bodin Chinthanet , Raula Gaikovina Kula , Shane McIntosh , Takashi Ishio , Akinori Ihara , Kenichi Matsumoto

Context: It is common for programming languages that their reference implementation is implemented in the language itself. This requires a "bootstrap": a copy of a previous version of the implementation is provided along with the sources,…

Programming Languages · Computer Science 2022-02-21 Nathanaëlle Courant , Julien Lepiller , Gabriel Scherer

Python has become one of the most popular programming languages for software development due to its simplicity, readability, and versatility. As the Python ecosystem grows, developers face increasing challenges in avoiding module conflicts,…

Software Engineering · Computer Science 2024-01-05 Ruofan Zhu , Xingyu Wang , Chengwei Liu , Zhengzi Xu , Wenbo Shen , Rui Chang , Yang Liu

As large language models (LLMs) become ubiquitous, parameter-efficient fine-tuning methods and safety-first defenses have proliferated rapidly. However, the number of approaches and their recent increase have resulted in diverse…

Machine Learning · Computer Science 2025-06-03 Saad Hossain , Samanvay Vajpayee , Sirisha Rambhatla

The reliance of popular programming languages such as Python and JavaScript on centralized package repositories and open-source software, combined with the emergence of code-generating Large Language Models (LLMs), has created a new type of…

Software Engineering · Computer Science 2025-03-04 Joseph Spracklen , Raveen Wijewickrama , A H M Nazmus Sakib , Anindya Maiti , Bimal Viswanath , Murtuza Jadliwala

Architectural code smells erode software maintainability and are costly to repair manually, yet unlike localized bugs, they require cross-module reasoning about design intent that challenges both developers and automated tools. While large…

Software Engineering · Computer Science 2026-05-13 Ion George Dinu , Marian Cristian Mihăescu , Traian Rebedea

While attackers often distribute malware to victims via open-source, community-driven package repositories, these repositories do not currently run automated malware detection systems. In this work, we explore the security goals of the…

Cryptography and Security · Computer Science 2023-09-19 Duc-Ly Vu , Zachary Newman , John Speed Meyers

Software connected to the Internet is an attractive target for attackers: as soon as a security flaw is known, services may be taken under attack. In contrast, software developers release updates to add further features and fix flaws in…

Cryptography and Security · Computer Science 2019-12-23 Christian A. Gorke , Frederik Armknecht

Recent studies have revealed a security threat to natural language processing (NLP) models, called the Backdoor Attack. Victim models can maintain competitive performance on clean samples while behaving abnormally on samples with a specific…

Computation and Language · Computer Science 2021-03-30 Wenkai Yang , Lei Li , Zhiyuan Zhang , Xuancheng Ren , Xu Sun , Bin He

Domain squatting poses a significant threat to Internet security, with attackers employing increasingly sophisticated techniques. This study introduces DomainLynx, an innovative compound AI system leveraging Large Language Models (LLMs) for…

Cryptography and Security · Computer Science 2025-02-17 Daiki Chiba , Hiroki Nakano , Takashi Koide