English
Related papers

Related papers: A Large-scale Study of Security Vulnerability Supp…

200 papers

Security issue reports are the primary means of informing development teams of security risks in projects, but little is known about current practices. We aim to understand the characteristics of these reports in open-source projects and…

Cryptography and Security · Computer Science 2021-12-21 Noah Bühlmann , Mohammad Ghafari

The pervasive nature of software vulnerabilities has emerged as a primary factor for the surge in cyberattacks. Traditional vulnerability detection methods, including rule-based, signature-based, manual review, static, and dynamic analysis,…

Software Engineering · Computer Science 2025-03-07 Md Nizam Uddin , Yihe Zhang , Xiali Hei

Software Vulnerability (SV) assessment is a crucial process of determining different aspects of SVs (e.g., attack vectors and scope) for developers to effectively prioritize efforts in vulnerability mitigation. It presents a challenging and…

Software Engineering · Computer Science 2025-01-28 Xin-Cheng Wen , Jiaxin Ye , Cuiyun Gao , Lianwei Wu , Qing Liao

Large Language Models (LLMs) have shown promise in tasks like code translation, prompting interest in their potential for automating software vulnerability detection (SVD) and patching (SVP). To further research in this area, establishing a…

Software Engineering · Computer Science 2024-09-18 Arastoo Zibaeirad , Marco Vieira

Security engineering, from security requirements engineering to the implementation of cryptographic protocols, is often supported by domain-specific languages (DSLs). Unfortunately, a lack of knowledge about these DSLs, such as which…

Cryptography and Security · Computer Science 2026-04-15 Markus Krausz , Sven Peldszus , Francesco Regazzoni , Thorsten Berger , Tim Güneysu

Implementing software security practices is a critical concern in modern software development. Industry practitioners, security tool providers, and researchers have provided standard security guidelines and sophisticated security…

Software Engineering · Computer Science 2022-05-26 Enrique Larios-Vargas , Omar Elazhary , Soroush Yousefi , Derek Lowlind , Michael L. W. Vliek , Margaret-Anne Storey

Social Coding Platforms (SCPs) like GitHub have become central to modern software engineering thanks to their collaborative and version-control features. Like in mainstream Online Social Networks (OSNs) such as Facebook, users of SCPs are…

Software Engineering · Computer Science 2023-03-06 Nicolás E. Díaz Ferreyra , Abdessamad Imine , Melina Vidoni , Riccardo Scandariato

The number of people accessing online services is increasing day by day, and with new users, comes a greater need for effective and responsive cyber-security. Our goal in this study was to find out if there are common patterns within the…

Cryptography and Security · Computer Science 2024-05-15 Gábor Antal , Balázs Mosolygó , Norbert Vándor , Péter Hegedüs

Mocking is a common unit testing technique that is used to simplify tests, reduce flakiness, and improve coverage by replacing real dependencies with simplified implementations. Despite its widespread use in Open Source Software projects,…

Software Engineering · Computer Science 2025-07-01 Mumtahina Ahmed , Md Nahidul Islam Opu , Chanchal Roy , Sujana Islam Suhi , Shaiful Chowdhury

In the world of open-source software (OSS), the number of known vulnerabilities has tremendously increased. The GitHub Advisory Database contains advisories for security risks in GitHub-hosted OSS projects. As of 09/25/2023, there are…

Cryptography and Security · Computer Science 2025-01-30 Jessy Ayala , Yu-Jye Tung , Joshua Garcia

Background: Construct validity concerns the use of indicators to measure a concept that is not directly measurable. Aim: This study intends to identify, categorize, assess and quantify discussions of threats to construct validity in…

Software Engineering · Computer Science 2023-06-09 Dag I. K. Sjøberg , Gunnar R. Bergersen

Software security incidents occur everyday and thousands of software security reports are announced each month. Thus, it is difficult for software security researchers, engineers, and other stakeholders to follow software security topics of…

Software Engineering · Computer Science 2024-09-30 Phong Minh Vu , Tung Thanh Nguyen

Modern software systems are developed in diverse programming languages and often harbor critical vulnerabilities that attackers can exploit to compromise security. These vulnerabilities have been actively targeted in real-world attacks,…

Cryptography and Security · Computer Science 2025-03-27 Zhuoyun Qian , Fangtian Zhong , Qin Hu , Yili Jiang , Jiaqi Huang , Mengfei Ren , Jiguo Yu

Internet of Things (IoT) is defined as the connection between places and physical objects (i.e., things) over the internet/network via smart computing devices. We observed that IoT software developers share solutions to programming…

Cryptography and Security · Computer Science 2023-08-28 Madhu Selvaraj , Gias Uddin

Many studies have developed Machine Learning (ML) approaches to detect Software Vulnerabilities (SVs) in functions and fine-grained code statements that cause such SVs. However, there is little work on leveraging such detection outputs for…

Software Engineering · Computer Science 2022-03-17 Triet H. M. Le , M. Ali Babar

Large Language Models (LLMs) are widely used for automated code generation. Their reliance on infrequently updated pretraining data leaves them unaware of newly discovered vulnerabilities and evolving security standards, making them prone…

Software Engineering · Computer Science 2026-03-03 Manisha Mukherjee , Vincent J. Hellendoorn

The significant advancements in Large Language Models (LLMs) have resulted in their widespread adoption across various tasks within Software Engineering (SE), including vulnerability detection and repair. Numerous studies have investigated…

Software Engineering · Computer Science 2024-10-08 Xin Zhou , Sicong Cao , Xiaobing Sun , David Lo

Software Vulnerability (SV) severity assessment is a vital task for informing SV remediation and triage. Ranking of SV severity scores is often used to advise prioritization of patching efforts. However, severity assessment is a difficult…

Software Engineering · Computer Science 2022-01-19 Roland Croft , M. Ali Babar , Li Li

With the increasing reliance on software and automation nowadays, tight deadlines, limited resources, and prioritization of functionality over security can lead to insecure coding practices. When not handled properly, these constraints…

Software Engineering · Computer Science 2025-07-16 Chaima Boufaied , Taher Ghaleb , Zainab Masood

Software security is becoming a high priority for both large companies and start-ups alike due to the increasing potential for harm that vulnerabilities and breaches carry with them. However, attaining robust security assurance while…

Software Engineering · Computer Science 2019-08-06 David N. Palacio , Daniel McCrystal , Kevin Moran , Carlos Bernal-Cárdenas , Denys Poshyvanyk , Chris Shenefiel