English
Related papers

Related papers: A Quantitative Study of Security Bug Fixes of GitH…

200 papers

Security issue reports are the primary means of informing development teams of security risks in projects, but little is known about current practices. We aim to understand the characteristics of these reports in open-source projects and…

Cryptography and Security · Computer Science 2021-12-21 Noah Bühlmann , Mohammad Ghafari

We study 10 C/C++ projects that have been using a static analysis security testing tool. We analyze the historical scan reports generated by the tool and study how frequently memory-related alerts appeared. We also studied the subsequent…

Software Engineering · Computer Science 2021-04-12 Nasif Imtiaz , Laurie Williams

Vulnerability identifiers such as CVE, CWE, and GHSA are standardised references to known software security issues, yet their use in practice is not well understood. This paper compares vulnerability ID use in GitHub pull requests authored…

Software Engineering · Computer Science 2026-01-28 Pien Rooijendijk , Christoph Treude , Mairieli Wessel

In the world of open-source software (OSS), the number of known vulnerabilities has tremendously increased. The GitHub Advisory Database contains advisories for security risks in GitHub-hosted OSS projects. As of 09/25/2023, there are…

Cryptography and Security · Computer Science 2025-01-30 Jessy Ayala , Yu-Jye Tung , Joshua Garcia

GitHub recommends that projects adopt a security file that outlines vulnerability reporting procedures. However, the effectiveness and operational challenges of such files are not yet fully understood. This study aims to clarify the…

Software Engineering · Computer Science 2025-10-17 Rintaro Kanaji , Brittany Reid , Yutaro Kashiwa , Raula Gaikovina Kula , Hajimu Iida

Context: Coordination is a fundamental tenet of software engineering. Coordination is required also for identifying discovered and disclosed software vulnerabilities with Common Vulnerabilities and Exposures (CVEs). Motivated by recent…

Software Engineering · Computer Science 2020-07-27 Jukka Ruohonen , Sampsa Rauti , Sami Hyrynsalmi , Ville Leppänen

In this paper, we analyze the Common Platform Enumeration (CPE) dictionary and the Common Vulnerabilities and Exposures (CVE) feeds. These repositories are widely used in Vulnerability Management Systems (VMSs) to check for known…

Cryptography and Security · Computer Science 2017-05-16 Luis Alberto Benthin Sanguino , Rafael Uetz

BACKGROUND: Software engineers must be vigilant in preventing and correcting vulnerabilities and other critical bugs. In servicing this need, numerous tools and techniques have been developed to assist developers. Fuzzers, by autonomously…

Software Engineering · Computer Science 2023-05-22 Brandon Keller , Andrew Meneely , Benjamin Meyers

Data-driven research on the automated discovery and repair of security vulnerabilities in source code requires comprehensive datasets of real-life vulnerable code and their fixes. To assist in such research, we propose a method to…

Software Engineering · Computer Science 2022-02-08 Guru Prasad Bhandari , Amara Naseer , Leon Moonen

This empirical paper examines the time delays that occur between the publication of Common Vulnerabilities and Exposures (CVEs) in the National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS) information…

Cryptography and Security · Computer Science 2018-01-12 Jukka Ruohonen

Modern version control systems such as Git or SVN include bug tracking mechanisms, through which developers can highlight the presence of bugs through bug reports, i.e., textual descriptions reporting the problem and what are the steps that…

Software Engineering · Computer Science 2019-07-26 Gemma Catolino , Fabio Palomba , Andy Zaidman , Filomena Ferrucci

Software ecosystems rely on centralized package registries, such as Maven, to enable code reuse and collaboration. However, the interconnected nature of these ecosystems amplifies the risks posed by security vulnerabilities in direct and…

Software Engineering · Computer Science 2025-02-18 Corey Yang-Smith , Ahmad Abdellatif

This paper presents a large-scale study that investigates the bug resolution characteristics among popular Github projects written in different programming languages. We explore correlations but, of course, we cannot infer causation.…

Software Engineering · Computer Science 2020-01-07 Jie M. Zhang , Feng Li , Dan Hao , Meng Wang , Hao Tang , Lu Zhang , Mark Harman

The absolute majority of software today is developed collaboratively using collaborative version control tools such as Git. It is a common practice that once a vulnerability is detected and fixed, the developers behind the software issue a…

Cryptography and Security · Computer Science 2023-02-07 Nitzan Farhi , Noam Koenigstein , Yuval Shavitt

Vulnerabilities in open-source software can cause cascading effects in the modern digital ecosystem. It is especially worrying if these vulnerabilities repeat across many projects, as once the adversaries find one of them, they can scale up…

Cryptography and Security · Computer Science 2025-05-27 Jafar Akhoundali , Hamidreza Hamidi , Kristian Rietveld , Olga Gadyatskaya

The Apache Software Foundation (ASF) ecosystem underpins a vast portion of modern software infrastructure, powering widely used components such as Log4j, Tomcat, and Struts. However, the ubiquity of these libraries has made them prime…

Cryptography and Security · Computer Science 2025-12-03 Derek Garcia , Briana Lee , Ibrahim Matar , David Rickards , Andrew Zilnicki

The software build process transforms source code into deployable artifacts, representing a critical yet vulnerable stage in software development. Build infrastructure security poses unique challenges: the complexity of multi-component…

Open-source software (OSS) vulnerabilities are increasingly prevalent, emphasizing the importance of security patches. However, in widely used security platforms like NVD, a substantial number of CVE records still lack trace links to…

Software Engineering · Computer Science 2024-07-25 Kaixuan Li , Jian Zhang , Sen Chen , Han Liu , Yang Liu , Yixiang Chen

The Common Vulnerabilities and Exposures (CVEs) system is a reference method for documenting publicly known information security weaknesses and exposures. This paper presents a study of the lifetime of CVEs in software projects and the risk…

Cryptography and Security · Computer Science 2025-04-08 Piotr Przymus , Mikołaj Fejzer , Jakub Narębski , Krzysztof Stencel

Vulnerabilities in software libraries and reusable components cause major security challenges, particularly in dependency-heavy ecosystems such as Maven. This paper presents a large-scale analysis of vulnerabilities in the Maven ecosystem…

Software Engineering · Computer Science 2025-03-31 Md Fazle Rabbi , Rajshakhar Paul , Arifa Islam Champa , Minhaz F. Zibran
‹ Prev 1 2 3 10 Next ›