English
Related papers

Related papers: A Quantitative Study of Security Bug Fixes of GitH…

200 papers

Modern code generation tools utilizing AI models like Large Language Models (LLMs) have gained increased popularity due to their ability to produce functional code. However, their usage presents security challenges, often resulting in…

Software Engineering · Computer Science 2025-02-07 Yujia Fu , Peng Liang , Amjed Tahir , Zengyang Li , Mojtaba Shahin , Jiaxin Yu , Jinfu Chen

Version control systems are integral to software development, with GitHub emerging as a popular online platform due to its comprehensive project management tools, including issue tracking and pull requests. However, GitHub lacks a direct…

Software Engineering · Computer Science 2024-07-31 Rifat Ara Proma , Paul Rosen

Public development processes are a key characteristic of open source projects. However, fixes for vulnerabilities are usually discussed privately among a small group of trusted maintainers, and integrated without prior public involvement.…

Software Engineering · Computer Science 2020-09-08 Ralf Ramsauer , Lukas Bulwahn , Daniel Lohmann , Wolfgang Mauerer

Mapping National Vulnerability Database (NVD) records to vulnerability-fixing commits (VFCs) is crucial for vulnerability analysis but challenging due to sparse explicit links in NVD references. This study explores this mapping's…

Benchmarks of bugs are essential to empirically evaluate automatic program repair tools. In this paper, we present Bears, a project for collecting and storing bugs into an extensible bug benchmark for automatic repair studies in Java. The…

Software Engineering · Computer Science 2019-04-04 Fernanda Madeiral , Simon Urli , Marcelo Maia , Martin Monperrus

As software development practices increasingly adopt AI-powered tools, ensuring that such tools can support secure coding has become critical. This study evaluates the effectiveness of GitHub Copilot's recently introduced code review…

Software Engineering · Computer Science 2025-09-18 Amena Amro , Manar H. Alalfi

Prior research has extensively studied flaky tests in various domains, such as web applications, mobile applications, and other open-source projects in a range of multiple programing languages, including Java, Javascript, Python, Ruby, and…

Software Engineering · Computer Science 2025-02-06 Tom Schroeder , Minh Phan , Yang Chen

GitHub is the most widely used platform for software maintenance in the open-source community. Developers report issues on GitHub from time to time while facing difficulties. Having labels on those issues can help developers easily address…

Software Engineering · Computer Science 2025-07-28 Amir Hossain Raaj , Fairuz Nawer Meem , Sadia Afrin Mim

A software release note is one of the essential documents in the software development life cycle. The software release contains a set of information, e.g., bug fixes and security fixes. Release notes are used in different phases, e.g.,…

Software Engineering · Computer Science 2022-04-13 Sristy Sumana Nath , Banani Roy

In pull-based development systems, code reviews and pull request comments play important roles in improving code quality. In such systems, reviewers attempt to carefully check a piece of code by different unit tests. Unfortunately,…

Software Engineering · Computer Science 2022-05-20 F. Khoshnoud , A. Rezaei Nasab , Z. Toudeji , A. Sami

The Log4j-Core vulnerability, known as Log4Shell, exposed significant challenges to dependency management in software ecosystems. When a critical vulnerability is disclosed, it is imperative that dependent packages quickly adopt patched…

GitHub is one of the most widely used public code development platform. However, the code hosted publicly on the platform is vulnerable to commit spoofing that allows an adversary to introduce malicious code or commits into the repository…

Software Engineering · Computer Science 2025-04-29 Anupam Sharma , Sreyashi Karmakar , Gayatri Priyadarsini Kancherla , Abhishek Bichhawat

With an ever-increasing amount of open source software, the popularity of services like GitHub that facilitate code reuse, and common misconceptions about the licensing of open source software, the problem of license violations in the code…

Software Engineering · Computer Science 2020-07-07 Yaroslav Golubev , Maria Eliseeva , Nikita Povarov , Timofey Bryksin

Software source code often harbours "hotspots": small portions of the code that change far more often than the rest of the project and thus concentrate maintenance activity. We mine the complete version histories of 91 evolving, actively…

Software Engineering · Computer Science 2026-02-16 Saleha Muzammil , Mughees Ur Rehman , Zoe Kotti , Diomidis Spinellis

Bug-fix benchmarks are essential for evaluating methodologies in automatic program repair (APR) and fault localization (FL). However, existing benchmarks, exemplified by Defects4J, need to evolve to incorporate recent bug-fixes aligned with…

Software Engineering · Computer Science 2024-11-04 André Silva , Nuno Saavedra , Martin Monperrus

Refactoring is a critical process in software development, aiming at improving the internal structure of code while preserving its external behavior. Refactoring engines are integral components of modern Integrated Development Environments…

Software Engineering · Computer Science 2024-09-24 Haibo Wang , Zhuolin Xu , Huaien Zhang , Nikolaos Tsantalis , Shin Hwei Tan

Hardware security is an important concern of system security as vulnerabilities can arise from design errors introduced throughout the development lifecycle. Recent works have proposed techniques to detect hardware security bugs, such as…

Cryptography and Security · Computer Science 2024-02-02 Joey Ah-kiow , Benjamin Tan

GitHub plays a critical role in modern software supply chains, making its security an important research concern. Existing studies have primarily focused on CI/CD automation, collaboration patterns, and community management, while abuse…

Software Engineering · Computer Science 2026-04-21 Yuli Cheng , Xiaoyu Zhang , Jiongchi Yu , Shiqing Ma , Chao Shen , Yang Liu

The assessment of new vulnerabilities is an activity that accounts for information from several data sources and produces a `severity' score for the vulnerability. The Common Vulnerability Scoring System (\CVSS) is the reference standard…

Cryptography and Security · Computer Science 2018-03-22 Luca Allodi , Sebastian Banescu , Henning Femmer , Kristian Beckers

Open-source software (OSS) pipelines rely on automated static analysis tools to prevent the introduction of vulnerabilities in code. However, there is limited understanding of the efficacy of these tools across the OSS ecosystem over time.…

Cryptography and Security · Computer Science 2026-05-11 Jean-Charles Noirot Ferrand , Kyle Domico , Yohan Beugin , Patrick McDaniel