English
Related papers

Related papers: Data-Driven Vulnerability Detection and Repair in …

200 papers

Security bugs are errors in code that, when exploited, can lead to serious software vulnerabilities. These bugs could allow an attacker to take over an application and steal information. One of the ways to address this issue is by means of…

Software Engineering · Computer Science 2021-02-23 Tiago Espinha Gasiba , Samra Hodzic , Ulrike Lechner , Maria Pinto-Albuquerque

The rapid growth of Artificial Intelligence (AI) models and applications has led to an increasingly complex security landscape. Developers of AI projects must contend not only with traditional software supply chain issues but also with…

Software Engineering · Computer Science 2026-01-12 The Anh Nguyen , Triet Huynh Minh Le , M. Ali Babar

Implementing software security practices is a critical concern in modern software development. Industry practitioners, security tool providers, and researchers have provided standard security guidelines and sophisticated security…

Software Engineering · Computer Science 2022-05-26 Enrique Larios-Vargas , Omar Elazhary , Soroush Yousefi , Derek Lowlind , Michael L. W. Vliek , Margaret-Anne Storey

Background. Developers use Automated Static Analysis Tools (ASATs) to control for potential quality issues in source code, including defects and technical debt. Tool vendors have devised quite a number of tools, which makes it harder for…

Software Engineering · Computer Science 2021-01-25 Valentina Lenarduzzi , Savanna Lujan , Nyyti Saarimaki , Fabio Palomba

Data-driven research on the automated discovery and repair of security vulnerabilities in source code requires comprehensive datasets of real-life vulnerable code and their fixes. To assist in such research, we propose a method to…

Software Engineering · Computer Science 2022-02-08 Guru Prasad Bhandari , Amara Naseer , Leon Moonen

Software vulnerabilities are now reported at an unprecedented speed due to the recent development of automated vulnerability hunting tools. However, fixing vulnerabilities still mainly depends on programmers' manual efforts. Developers need…

Cryptography and Security · Computer Science 2022-03-23 Jianlei Chi , Yu Qu , Ting Liu , Qinghua Zheng , Heng Yin

The increasing reliance of software projects on third-party libraries has raised concerns about the security of these libraries due to hidden vulnerabilities. Managing these vulnerabilities is challenging due to the time gap between fixes…

Software Engineering · Computer Science 2023-09-06 Son Nguyen , Thanh Trong Vu , Hieu Dinh Vo

The absolute majority of software today is developed collaboratively using collaborative version control tools such as Git. It is a common practice that once a vulnerability is detected and fixed, the developers behind the software issue a…

Cryptography and Security · Computer Science 2023-02-07 Nitzan Farhi , Noam Koenigstein , Yuval Shavitt

The Android platform introduces the runtime permission model in version 6.0. The new model greatly improves data privacy and user experience, but brings new challenges for app developers. First, it allows users to freely revoke granted…

Software Engineering · Computer Science 2022-02-01 Sinan Wang , Yibo Wang , Xian Zhan , Ying Wang , Yepang Liu , Xiapu Luo , Shing-Chi Cheung

Third-party library dependencies are commonplace in today's software development. With the growing threat of security vulnerabilities, applying security fixes in a timely manner is important to protect software systems. As such, the…

Software Engineering · Computer Science 2022-05-18 Ayano Ikegami , Raula Gaikovina Kula , Bodin Chinthanet , Vittunyuta Maeprasart , Ali Ouni , Takashi Ishio , Kenichi Matsumoto

To protect cryptographic implementations from side-channel vulnerabilities, developers must adopt constant-time programming practices. As these can be error-prone, many side-channel detection tools have been proposed. Despite this, such…

Cryptography and Security · Computer Science 2023-10-13 Antoine Geimer , Mathéo Vergnolle , Frédéric Recoules , Lesly-Ann Daniel , Sébastien Bardin , Clémentine Maurice

The Java Stream API aims at increasing developer productivity thanks to an easy-to-read declarative syntax to express computations. It also simplifies parallel computing, providing a high-level abstraction on top of common parallelization…

Programming Languages · Computer Science 2026-05-25 Filippo Schiavio , Walter Binder

A common cause of bugs and vulnerabilities are the violations of usage constraints associated with Application Programming Interfaces (APIs). API misuses are common in software projects, and while there have been techniques proposed to…

Software Engineering · Computer Science 2022-04-22 Hong Jin Kang , David Lo

On average, 71% of the code in typical Java projects comes from open-source software (OSS) dependencies, making OSS dependencies the dominant component of modern software code bases. This high degree of OSS reliance comes with a…

Software Engineering · Computer Science 2025-10-23 Stefan Schott , Serena Elisa Ponta , Wolfram Fischer , Jonas Klauke , Eric Bodden

Scripting languages are continuously gaining popularity due to their ease of use and the flourishing software ecosystems that surround them. These languages offer crash and memory safety by design, thus, developers do not need to understand…

Cryptography and Security · Computer Science 2023-02-06 Cristian-Alexandru Staicu , Sazzadur Rahaman , Ágnes Kiss , Michael Backes

Open-source libraries are widely used by software developers to speed up the development of products, however, they can introduce security vulnerabilities, leading to incidents like Log4Shell. With the expanding usage of open-source…

Mobile applications rely on complex backends that introduce significant security risks, yet developers often lack the tools to assess these risks effectively. This paper presents AndroScanner, an automated pipeline for detecting…

Cryptography and Security · Computer Science 2026-04-17 Harini Dandu

Security Orchestration, Automation, and Response (SOAR) platforms integrate and orchestrate a wide variety of security tools to accelerate the operational activities of Security Operation Center (SOC). Integration of security tools in a…

Cryptography and Security · Computer Science 2022-01-21 Zarrin Tasnim Sworna , Chadni Islam , Muhammad Ali Babar

With the increasing reliance on Open Source Software, users are exposed to third-party library vulnerabilities. Software Composition Analysis (SCA) tools have been created to alert users of such vulnerabilities. SCA requires the…

The Department of Homeland Security in the United States estimates that 90% of software vulnerabilities can be traced back to defects in design and software coding. The financial impact of these vulnerabilities has been shown to exceed 380…

Software Engineering · Computer Science 2021-02-11 Tiago Espinha Gasiba , Ulrike Lechner , Maria Pinto-Albuquerque , Daniel Mendez