English
Related papers

Related papers: Exploring the Security Awareness of the Python and…

200 papers

This paper is an introductory discussion on the cause of open source software vulnerabilities, their importance in the cybersecurity ecosystem, and a selection of detection methods. A recent application security report showed 44% of…

Cryptography and Security · Computer Science 2022-03-31 Stuart Millar

Background: With the proliferation of crowd-sourced developer forums, software developers are increasingly sharing more coding solutions to programming problems with others in forums. The decentralized nature of knowledge sharing on sites…

Software Engineering · Computer Science 2022-10-03 Madhu Selvaraj , Gias Uddin

Software is prone to bugs and failures. Security bugs are those that expose or share privileged information and access in violation of the software's requirements. Given the seriousness of security bugs, there are centralized mechanisms for…

Software Engineering · Computer Science 2020-12-16 Daito Nakano , Mingyang Yin , Ryosuke Sato , Abram Hindle , Yasutaka Kamei , Naoyasu Ubayashi

A fundamental unit of work in programming is the code contribution ("commit") that a developer makes to the code base of the project in work. An author's commit frequency describes how often that author commits. Knowing the distribution of…

Software Engineering · Computer Science 2014-08-22 Carsten Kolassa , Dirk Riehle , Michel A. Salim

Commit is an important operation of revision control for open-source software (OSS). Recent research has been pursued to explore the statistical laws of such an operation, but few of those papers conduct empirical investigations on commit…

Software Engineering · Computer Science 2013-11-26 Yutao Ma , Yang Wu , Youwei Xu

Background: Previous studies have shown that up to 99.59 % of the Java apps using crypto APIs misuse the API at least once. However, these studies have been conducted on Java and C, while empirical studies for other languages are missing.…

Software Engineering · Computer Science 2021-09-03 Anna-Katharina Wickert , Lars Baumgärtner , Florian Breitfelder , Mira Mezini

Open-source libraries are widely used by software developers to speed up the development of products, however, they can introduce security vulnerabilities, leading to incidents like Log4Shell. With the expanding usage of open-source…

Vyper has been proposed as a new high-level language for Ethereum smart contract development due to numerous security vulnerabilities and attacks witnessed on contracts written in Solidity since the system's inception. Vyper aims to address…

Cryptography and Security · Computer Science 2020-06-16 Mudabbir Kaleem , Anastasia Mavridou , Aron Laszka

Language-based ecosystems (LBE), i.e., software ecosystems based on a single programming language, are very common. Examples include the npm ecosystem for JavaScript, and PyPI for Python. These environments encourage code reuse between…

Cryptography and Security · Computer Science 2021-12-01 Ruturaj K. Vaidya , Lorenzo De Carli , Drew Davidson , Vaibhav Rastogi

In this digital era, our privacy is under constant threat as our personal data and traceable online/offline activities are frequently collected, processed and transferred by many software applications. Privacy attacks are often formed by…

Software Engineering · Computer Science 2023-02-13 Pattaraporn Sangaroonsilp , Hoa Khanh Dam , Aditya Ghose

GitHub is one of the most widely used public code development platform. However, the code hosted publicly on the platform is vulnerable to commit spoofing that allows an adversary to introduce malicious code or commits into the repository…

Software Engineering · Computer Science 2025-04-29 Anupam Sharma , Sreyashi Karmakar , Gayatri Priyadarsini Kancherla , Abhishek Bichhawat

Commit signing is a principal mechanism for verifying the origin of code in software supply chains. Security frameworks treat it as a core trust signal, assuming developers sign their commits consistently with keys they control and keep…

Software Engineering · Computer Science 2026-05-01 Abubakar Sadiq Shittu , John Sadik , Farzin Gholamrezae , Scott Ruoti

In this work, we provide a metric to calculate the most significant software security weaknesses as defined by an aggregate metric of the frequency, exploitability, and impact of related vulnerabilities. The Common Weakness Enumeration…

Cryptography and Security · Computer Science 2021-04-13 Carlos Cardoso Galhardo , Peter Mell , Irena Bojanova , Assane Gueye

Current software supply chains heavily rely on open-source packages hosted in public repositories. Given the popularity of ecosystems like npm and PyPI, malicious users started to spread malware by publishing open-source packages containing…

Cryptography and Security · Computer Science 2023-10-17 Piergiorgio Ladisa , Serena Elisa Ponta , Nicola Ronzoni , Matias Martinez , Olivier Barais

With the increasing reliance on software and automation nowadays, tight deadlines, limited resources, and prioritization of functionality over security can lead to insecure coding practices. When not handled properly, these constraints…

Software Engineering · Computer Science 2025-07-16 Chaima Boufaied , Taher Ghaleb , Zainab Masood

In this paper, we investigate the strategies adopted by Solidity developers to fix security vulnerabilities in smart contracts. Vulnerabilities are categorized using the DASP TOP 10 taxonomy, and fixing strategies are extracted from GitHub…

Context: Coordination is a fundamental tenet of software engineering. Coordination is required also for identifying discovered and disclosed software vulnerabilities with Common Vulnerabilities and Exposures (CVEs). Motivated by recent…

Software Engineering · Computer Science 2020-07-27 Jukka Ruohonen , Sampsa Rauti , Sami Hyrynsalmi , Ville Leppänen

To avoid software vulnerabilities, organizations are shifting security to earlier stages of the software development, such as at code review time. In this paper, we aim to understand the developers' perspective on assessing software…

Software Engineering · Computer Science 2022-08-09 Larissa Braz , Alberto Bacchelli

Smart contract vulnerabilities have caused billions in financial losses, raising questions about whether programming language paradigms can reduce security overhead. While imperative languages like Solidity require developers to manually…

Software Engineering · Computer Science 2026-05-22 Matteo Vaccargiu , Andrea Pinna , Maria Ilaria Lunesu , Giuseppe Destefanis

Each year, thousands of software vulnerabilities are discovered and reported to the public. Unpatched known vulnerabilities are a significant security risk. It is imperative that software vendors quickly provide patches once vulnerabilities…

Cryptography and Security · Computer Science 2017-07-26 Benjamin L. Bullough , Anna K. Yanchenko , Christopher L. Smith , Joseph R. Zipkin