English
Related papers

Related papers: A Quantitative Study of Security Bug Fixes of GitH…

200 papers

We constructed a newly large-scale and comprehensive C/C++ vulnerability dataset named MegaVul by crawling the Common Vulnerabilities and Exposures (CVE) database and CVE-related open-source projects. Specifically, we collected all…

Cryptography and Security · Computer Science 2024-06-19 Chao Ni , Liyu Shen , Xiaohu Yang , Yan Zhu , Shaohua Wang

Large language models (LLMs) are increasingly embedded in open-source software (OSS) ecosystems, creating complex interactions among natural language prompts, probabilistic model outputs, and execution-capable components. However, it…

Cryptography and Security · Computer Science 2026-04-16 Fariha Tanjim Shifat , Hariswar Baburaj , Ce Zhou , Jaydeb Sarker , Mia Mohammad Imran

As collaborative coding environments make it easier to contribute to software projects, the number of developers involved in these projects keeps increasing. This increase makes it more difficult for code reviewers to deal with buggy…

Software Engineering · Computer Science 2020-04-08 Filipe Falcão , Caio Barbosa , Baldoino Fonseca , Alessandro Garcia , Márcio Ribeiro , Rohit Ghey

Software quality is an important problem for technology companies, since it substantially impacts the efficiency, usefulness, and maintainability of the final product; hence, code review is a must-do activity for software developers. During…

Social and Information Networks · Computer Science 2022-10-11 Abduljaleel Al-Rubaye , Gita Sukthankar

In open-source software (OSS), software vulnerabilities have significantly increased. Although researchers have investigated the perspectives of vulnerability reporters and OSS contributor security practices, understanding the perspectives…

Software Engineering · Computer Science 2025-02-04 Jessy Ayala , Yu-Jye Tung , Joshua Garcia

Security vulnerability in third-party dependencies is a growing concern not only for developers of the affected software, but for the risks it poses to an entire software ecosystem, e.g., Heartbleed vulnerability. Recent studies show that…

Software Engineering · Computer Science 2021-06-24 Bodin Chinthanet , Raula Gaikovina Kula , Shane McIntosh , Takashi Ishio , Akinori Ihara , Kenichi Matsumoto

Two key contributions presented in this paper are: i) A method for building a dataset containing source code features extracted from source files taken from Open Source Software (OSS) and associated bug reports, ii) A predictive model for…

Software Engineering · Computer Science 2018-09-13 Ritu Kapur , Balwinder Sodhi

Security is a requirement of utmost importance to produce high-quality software. However, there is still a considerable amount of vulnerabilities being discovered and fixed almost weekly. We hypothesize that developers affect the…

Software Engineering · Computer Science 2021-09-14 Sofia Reis , Rui Abreu , Luis Cruz

Rapid growth of applying Machine Learning (ML) in different domains, especially in safety-critical areas, increases the need for reliable ML components, i.e., a software component operating based on ML. Understanding the bugs…

Software Engineering · Computer Science 2023-07-28 Mohammad Mehdi Morovati , Amin Nikanjam , Florian Tambon , Foutse Khomh , Zhen Ming , Jiang

Critical vulnerabilities with Common Vulnerability Scoring System scores of 9.0 or higher pose severe risks to organisations' information systems. Timely detection and remediation are essential to minimise economic and reputational damage…

Cryptography and Security · Computer Science 2026-04-23 Lena Sinterhauf , Andreas Aßmuth , Roland Kaltefleiter

Least-privilege separation decomposes applications into compartments limited to accessing only what they need. When compartmentalizing existing software, many approaches neglect securing the new inter-compartment interfaces, although what…

Cryptography and Security · Computer Science 2023-01-06 Hugo Lefeuvre , Vlad-Andrei Bădoiu , Yi Chien , Felipe Huici , Nathan Dautenhahn , Pierre Olivier

Java applications include third-party dependencies as bytecode. To keep these applications secure, researchers have proposed tools to re-identify dependencies that contain known vulnerabilities. Yet, to allow such re-identification, one…

Software Engineering · Computer Science 2024-07-26 Stefan Schott , Wolfram Fischer , Serena Elisa Ponta , Jonas Klauke , Eric Bodden

Fixing bugs is an important phase in software development and maintenance. In practice, the process of bug fixing may conflict with the release schedule. Such confliction leads to a trade-off between software quality and release schedule,…

Software Engineering · Computer Science 2017-04-18 Jifeng Xuan , Yan Hu , He Jiang

Security advisories are the primary channel of communication for discovered vulnerabilities in open-source software, but they often lack crucial information. Specifically, 63% of vulnerability database reports are missing their patch links,…

Cryptography and Security · Computer Science 2023-11-06 Trevor Dunlap , Elizabeth Lin , William Enck , Bradley Reaves

Background: Machine Learning (ML) systems rely on data to make predictions, the systems have many added components compared to traditional software systems such as the data processing pipeline, serving pipeline, and model training. Existing…

Software Engineering · Computer Science 2022-09-22 Tuan Dung Lai , Anj Simmons , Scott Barnett , Jean-Guy Schneider , Rajesh Vasa

In this digital era, our privacy is under constant threat as our personal data and traceable online/offline activities are frequently collected, processed and transferred by many software applications. Privacy attacks are often formed by…

Software Engineering · Computer Science 2023-02-13 Pattaraporn Sangaroonsilp , Hoa Khanh Dam , Aditya Ghose

Background: Security regressions are vulnerabilities introduced in a previously unaffected software system. They often happen as a result of source code changes (e.g., a bug fix) and can have severe effects. Aims: To increase the…

Software Engineering · Computer Science 2022-07-06 Larissa Braz , Enrico Fregnan , Vivek Arora , Alberto Bacchelli

The increasing interest in open source software has led to the emergence of large language-specific package distributions of reusable software libraries, such as npm and RubyGems. These software packages can be subject to vulnerabilities…

Software Engineering · Computer Science 2022-03-29 Ahmed Zerouali , Tom Mens , Alexandre Decan , Coen De Roover

Researchers have investigated the bug bounty ecosystem from the lens of platforms, programs, and bug hunters. Understanding the perspectives of bug bounty report reviewers, especially those who historically lack a security background and…

Software Engineering · Computer Science 2025-02-04 Jessy Ayala , Steven Ngo , Joshua Garcia

The utilization of third-party open-source libraries is widespread in modern software development. Due to the dependency relationships, vulnerabilities within open-source libraries pose significant security threats to downstream software.…

Software Engineering · Computer Science 2026-05-07 Liyou Chen , Hailong Sun , Xiang Gao , Lin Shi , Yixin Yang , Yi Xu
‹ Prev 1 3 4 5 6 7 10 Next ›