English
Related papers

Related papers: Why Don't Developers Detect Improper Input Validat…

200 papers

Verification and Validation (V&V) is a series of activities, technical and managerial, which performed by system tester not the system developer in order to improve the system quality, system reliability and assure that product satisfies…

Software Engineering · Computer Science 2012-10-16 A. Al-Neaimi , S. Qatawneh , Nedhal Al Saiyd

AI code generation tools are transforming software development, especially for novice and non-software developers, by enabling them to write code and build applications faster and with little to no human intervention. Vibe coding is the…

Software Engineering · Computer Science 2025-10-02 Ahmed Fawzy , Amjed Tahir , Kelly Blincoe

Software testing is a critical element of software quality assurance and represents the ultimate review of specification, design and coding. Software testing is the process of testing the functionality and correctness of software by running…

Software Engineering · Computer Science 2010-01-26 S. S. Riaz Ahamed

Software vulnerability detection is critical in software security because it identifies potential bugs in software systems, enabling immediate remediation and mitigation measures to be implemented before they may be exploited. Automatic…

Software Engineering · Computer Science 2023-06-21 Nima Shiri Harzevili , Alvine Boaye Belle , Junjie Wang , Song Wang , Zhen Ming , Jiang , Nachiappan Nagappan

Code review is an essential process to ensure the quality of software that identifies potential software issues at an early stage of software development. Among all software issues, security issues are the most important to identify, as…

Software Engineering · Computer Science 2025-10-15 Yun Peng , Kisub Kim , Linghan Meng , Kui Liu

A precise vulnerability discovery model (VDM) will provide a useful insight to assess software security, and could be a good prediction instrument for both software vendors and users to understand security trends and plan ahead patching…

Cryptography and Security · Computer Science 2018-08-30 Viet Hung Nguyen , Fabio Massacci

The National Vulnerability Database (NVD) is a major vulnerability database that is free to use for everyone. It provides information about vulnerabilities and further useful resources such as linked advisories and patches. The NVD is often…

Cryptography and Security · Computer Science 2024-09-20 Julia Wunder , Alan Corona , Andreas Hammer , Zinaida Benenson

Defect Prevention is the most critical but most neglected component of the software quality assurance in any project. If applied at all stages of software development, it can reduce the time, cost and resources required to engineer a high…

Software Engineering · Computer Science 2016-09-08 Suma V. , T. R. Gopalakrishnan Nair

Virtual Reality (VR) has emerged as a transformative technology across industries, yet its security weaknesses, including vulnerabilities, are underinvestigated. This study investigates 334 VR projects hosted on GitHub, examining 1,681…

Cryptography and Security · Computer Science 2025-07-25 Yifan Xu , Jinfu Chen , Zhenyu Qi , Huashan Chen , Junyi Wang , Pengfei Hu , Feng Liu , Sen He

Software is prone to security vulnerabilities. Program analysis tools to detect them have limited effectiveness in practice due to their reliance on human labeled specifications. Large language models (or LLMs) have shown impressive code…

Cryptography and Security · Computer Science 2025-04-08 Ziyang Li , Saikat Dutta , Mayur Naik

The detection of software vulnerabilities (or vulnerabilities for short) is an important problem that has yet to be tackled, as manifested by the many vulnerabilities reported on a daily basis. This calls for machine learning methods for…

Machine Learning · Computer Science 2021-01-27 Zhen Li , Deqing Zou , Shouhuai Xu , Hai Jin , Yawei Zhu , Zhaoxuan Chen

Despite the successes of machine learning (ML) and deep learning (DL) based vulnerability detectors (VD), they are limited to providing only the decision on whether a given code is vulnerable or not, without details on what part of the code…

Cryptography and Security · Computer Science 2021-06-22 Yi Li , Shaohua Wang , Tien N. Nguyen

Software Bill of Materials (SBOM) provides new opportunities for automated vulnerability identification in software products. While the industry is adopting SBOM-based Vulnerability Scanning (SVS) to identify vulnerabilities, we…

Software Engineering · Computer Science 2025-12-22 Martin Rosso , Muhammad Asad Jahangir Jaffar , Alessandro Brighente , Mauro Conti

Java platform and third-party libraries provide various security features to facilitate secure coding. However, misusing these features can cost tremendous time and effort of developers or cause security vulnerabilities in software. Prior…

Cryptography and Security · Computer Science 2017-09-29 Na Meng , Stefan Nagy , Daphne Yao , Wenjie Zhuang , Gustavo Arango Argoty

Software security requirements have been traditionally considered as a non-functional attribute of the software. However, as more software started to provide services online, existing mechanisms of using firewalls and other hardware to…

Software Engineering · Computer Science 2023-10-24 Asif Imran

Context: AI code generators are revolutionizing code writing and software development, but their training on large datasets, including potentially untrusted source code, raises security concerns. Furthermore, these generators can produce…

Software Engineering · Computer Science 2024-09-04 Domenico Cotroneo , Roberta De Luca , Pietro Liguori

Open Source Software (OSS) security and resilience are worldwide phenomena hampering economic and technological innovation. OSS vulnerabilities can cause unauthorized access, data breaches, network disruptions, and privacy violations,…

Software Engineering · Computer Science 2024-01-17 Nafis Tanveer Islam , Gonzalo De La Torre Parra , Dylan Manual , Murtuza Jadliwala , Peyman Najafirad

Vulnerability detection plays a key role in secure software development. There are many different vulnerability detection tools and techniques to choose from, and insufficient information on which vulnerability detection techniques to use…

Software Engineering · Computer Science 2021-03-10 Sarah Elder

Automated program verifiers are typically implemented using an intermediate verification language (IVL), such as Boogie or Why3. A verifier front-end translates the input program and specification into an IVL program, while the back-end…

Programming Languages · Computer Science 2024-05-13 Gaurav Parthasarathy , Thibault Dardinier , Benjamin Bonneau , Peter Müller , Alexander J. Summers

Intrusion Detection Systems (IDSs) are a necessary cyber defense mechanism. Unfortunately, their capability has fallen behind that of attackers. This motivates us to improve our understanding of the root causes of their false-negatives. In…

Cryptography and Security · Computer Science 2019-09-20 Eric Ficke , Kristin M. Schweitzer , Raymond M. Bateman , Shouhuai Xu