English
Related papers

Related papers: D2A: A Dataset Built for AI-Based Vulnerability De…

200 papers

Static analysis tools come in many forms andconfigurations, allowing them to handle various tasks in a (secure) development process: code style linting, bug/vulnerability detection, verification, etc., and adapt to the specific requirements…

Static Analysis (SA) tools are used to identify potential weaknesses in code and fix them in advance, while the code is being developed. In legacy codebases with high complexity, these rules-based static analysis tools generally report a…

Due to increasingly complex software design and rapid iterative development, code defects and security vulnerabilities are prevalent in modern software. In response, programmers rely on static analysis tools to regularly scan their…

Software Engineering · Computer Science 2022-03-21 Anant Kharkar , Roshanak Zilouchian Moghaddam , Matthew Jin , Xiaoyu Liu , Xin Shi , Colin Clement , Neel Sundaresan

Security vulnerabilities present in a code that has been written in diverse programming languages are among the most critical yet complicated aspects of source code to detect. Static analysis tools based on rule-based patterns usually do…

Cryptography and Security · Computer Science 2025-08-19 Hael Abdulhakim Ali Humran , Ferdi Sonmez

Knowledge-based systems reason over some knowledge base. Hence, an important issue for such systems is how to acquire the knowledge needed for their inference. This paper assesses active learning methods for acquiring knowledge for "static…

Software Engineering · Computer Science 2020-10-23 Xueqi Yang , Zhe Yu , Junjie Wang , Tim Menzies

Static bug detection tools help developers detect code problems. However, it is known that they remain underutilized due to various reasons. Recent advances to incorporate static bug detectors in modern software development workflows can…

Software Engineering · Computer Science 2021-03-26 Junjie Li

Web applications continue to be a favorite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high impact vulnerabilities. Static analysis tools are important to…

Cryptography and Security · Computer Science 2022-01-19 Ibéria Medeiros , Nuno Neves , Miguel Correia

Despite their ability to aid developers in detecting potential defects early in the software development life cycle, static analysis tools often suffer from precision issues (i.e., high false positive rates of reported alarms). To improve…

Software Engineering · Computer Science 2024-01-22 Yuwei Zhang , Ying Xing , Ge Li , Zhi Jin

Each year, software vulnerabilities are discovered, which pose significant risks of exploitation and system compromise. We present a convolutional neural network model that can successfully identify bugs in C code. We trained our model…

Cryptography and Security · Computer Science 2026-02-27 C. Seas , G. Fitzpatrick , J. A. Hamilton , M. C. Carlisle

Static analysis tools have evolved over time to assist in detecting bugs. However, the excessive false warnings can impede developers' productivity and confidence in the tools. Previous research efforts have explored learning-based…

Software Engineering · Computer Science 2026-04-22 Han Liu , Jian Zhang , Cen Zhang , Xiaohan Zhang , Kaixuan Li , Sen Chen , Shang-Wei Lin , Yixiang Chen , Xinhua Li , Yang Liu

Static analysis is widely used for software assurance. However, static analysis tools can report an overwhelming number of warnings, many of which are false positives. Applying static analysis to a new version, a large number of warnings…

Software Engineering · Computer Science 2023-05-05 Xiuyuan Guo , Ashwin Kallingal Joshy , Benjamin Steenhoek , Wei Le , Lori Flynn

Static bug finders have been widely-adopted by developers to find bugs in real world software projects. They leverage predefined heuristic static analysis rules to scan source code or binary code of a software project, and report violations…

Software Engineering · Computer Science 2021-12-24 Junjie Wang , Yuchao Huang , Song Wang , Qing Wang

Application security is an essential part of developing modern software, as lots of attacks depend on vulnerabilities in software. The number of attacks is increasing globally due to technological advancements. Companies must include…

Cryptography and Security · Computer Science 2023-05-18 Mohamed Mjd Alhafi , Mohammad Hammade , Khloud Al Jallad

Flaw-finding static analysis tools typically generate large volumes of code flaw alerts including many false positives. To save on human effort to triage these alerts, a significant body of work attempts to use machine learning to classify…

Software Engineering · Computer Science 2021-05-11 Lori Flynn , William Snavely , Zachary Kurtz

Eliminating vulnerabilities from low-level code is vital for securing software. Static analysis is a promising approach for discovering vulnerabilities since it can provide developers early feedback on the code they write. But, it presents…

Cryptography and Security · Computer Science 2016-04-07 Bhargava Shastry , Fabian Yamaguchi , Konrad Rieck , Jean-Pierre Seifert

Static analyzers are tool sets which are proving to be indispensable to modern programmers. These enable the programmers to detect possible errors and security defects present in the current code base within the implementation phase of the…

Software Engineering · Computer Science 2019-05-14 Eljose E Sajan , Yunpeng Zhang , Liang-Chieh Cheng

Web applications are distributed applications, they are programs that run on more than one computer and communicate through a network or server. This very distributed nature of web applications, combined with the scale and sheer complexity…

Cryptography and Security · Computer Science 2022-10-17 Akash Nagaraj , Bishesh Sinha , Mukund Sood , Yash Mathur , Sanchika Gupta , Dinkar Sitaram

Deep Neural Networks (DNNs) are used in a wide variety of applications. However, as in any software application, DNN-based apps are afflicted with bugs. Previous work observed that DNN bug fix patterns are different from traditional bug fix…

Software Engineering · Computer Science 2021-12-09 Mohammad Wardat , Breno Dantas Cruz , Wei Le , Hridesh Rajan

Static bug detection tools help developers detect problems in the code, including bad programming practices and potential defects. Recent efforts to integrate static bug detectors in modern software development workflows, such as in code…

Software Engineering · Computer Science 2024-01-24 Junjie Li , Jinqiu Yang

Deep Learning (DL) applications are being used to solve problems in critical domains (e.g., autonomous driving or medical diagnosis systems). Thus, developers need to debug their systems to ensure that the expected behavior is delivered.…

Software Engineering · Computer Science 2023-07-19 Mohammad Wardat , Breno Dantas Cruz , Wei Le , Hridesh Rajan
‹ Prev 1 2 3 10 Next ›