English
Related papers

Related papers: Tracing Vulnerable Code Lineage

200 papers

Software vulnerabilities remain a significant risk factor in achieving security objectives within software development organizations. This is especially true where either proprietary or open-source software (OSS) is included in the…

Software Engineering · Computer Science 2025-09-23 James J. Cusick

The use of open-source software (OSS) is ever-increasing, and so is the number of open-source vulnerabilities being discovered and publicly disclosed. The gains obtained from the reuse of community-developed libraries may be offset by the…

Cryptography and Security · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta

The prevalent usage of open-source software (OSS) has led to an increased interest in resolving potential third-party security risks by fixing common vulnerabilities and exposures (CVEs). However, even with automated code analysis tools in…

Software Engineering · Computer Science 2022-11-16 Frederik L. Dennig , Eren Cakmak , Henrik Plate , Daniel A. Keim

Identifying security issues early is encouraged to reduce the latent negative impacts on software systems. Code review is a widely-used method that allows developers to manually inspect modified code, catching security issues during a…

Software Engineering · Computer Science 2024-05-10 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Ethereum smart contracts are executable programs deployed on a blockchain. Once deployed, they cannot be updated due to their inherent immutability. Moreover, they often manage valuable assets that are worth millions of dollars, making them…

Cryptography and Security · Computer Science 2024-09-13 Konrad Weiss , Christof Ferreira Torres , Florian Wendland

Thousands of security vulnerabilities are discovered in production software each year, either reported publicly to the Common Vulnerabilities and Exposures database or discovered internally in proprietary code. Vulnerabilities often…

In modern software development workflows, the open-source software supply chain contributes significantly to efficient and convenient engineering practices. With increasing system complexity, using open-source software as third-party…

Software Engineering · Computer Science 2025-11-18 Zihe Yan , Kai Luo , Haoyu Yang , Yang Yu , Zhuosheng Zhang , Guancheng Li

Computer-based systems have solved several domain problems, including industrial, military, education, and wearable. Nevertheless, such arrangements need high-quality software to guarantee security and safety as both are mandatory for…

This study investigates vulnerabilities in dependencies of sampled open-source software (OSS) projects, the relationship between these and overall project security, and how developers' behaviors and practices influence their mitigation.…

Cryptography and Security · Computer Science 2024-08-27 Janislley Oliveira de Sousa , Bruno Carvalho de Farias , Eddie Batista de Lima Filho , Lucas Carvalho Cordeiro

Open source projects play a significant role in software production. Most of the software projects reuse and build upon the existing open source projects and libraries. While reusing is a time and cost-saving strategy, some of the key…

Software Engineering · Computer Science 2022-08-03 Javad Ghofrani , Paria Heravi , Kambiz A. Babaei , Mohammad Soorati

Tracking vulnerabilities inherited from third-party open-source software is a well-known challenge, often addressed by tracing the threads of dependency information. However, vulnerabilities can also propagate through forking: a code…

Cryptography and Security · Computer Science 2026-01-29 Romain Lefeuvre , Charly Reux , Stefano Zacchiroli , Olivier Barais , Benoit Combemale

Open-source projects are essential to software development, but publicly disclosing vulnerabilities without fixes increases the risk of exploitation. The Open Source Security Foundation (OpenSSF) addresses this issue by promoting robust…

Open-source software (OSS) supply chain security has become a topic of concern for organizations. Patching an OSS vulnerability can require updating other dependent software products in addition to the original package. However, the…

Software Engineering · Computer Science 2024-04-19 Cadence Patrick , Kimberly Ruth , Zakir Durumeric

The disconnect between distributed software artifacts and their supposed source code enables attackers to leverage the build process for inserting malicious functionality. Past research in this field focuses on compiled language ecosystems,…

Software Engineering · Computer Science 2025-08-13 Timo Pohl , Pavel Novák , Marc Ohm , Michael Meier

In Open Source Software, resources of any project are open for reuse by introducing dependencies or copying the resource itself. In contrast to dependency-based reuse, the infrastructure to systematically support copy-based reuse appears to…

Software Engineering · Computer Science 2025-01-30 Mahmoud Jahanshahi , David Reid , Audris Mockus

Where can we find malware source code? This question is motivated by a real need: there is a dearth of malware source code, which impedes various types of security research. Our work is driven by the following insight: public archives, like…

Cryptography and Security · Computer Science 2020-06-01 Md Omar Faruk Rokon , Risul Islam , Ahmad Darki , Vagelis E. Papalexakis , Michalis Faloutsos

Clone-and-own is a typical code reuse approach because of its simplicity and efficiency. Cloned software components are maintained independently by a new owner. These clone-and-own operations can be occurred sequentially, that is, cloned…

Software Engineering · Computer Science 2022-04-14 Hideaki Hata , Takashi Ishio

Software Heritage is the largest public archive of software source code and associated development history, as captured by modern version control systems. As of July 2023, it has archived more than 16 billion unique source code files coming…

Software Engineering · Computer Science 2023-10-17 Roberto Di Cosmo , Stefano Zacchiroli

As our lives, our businesses, and indeed our world economy become increasingly reliant on the secure operation of many interconnected software systems, the software engineering research community is faced with unprecedented research…

Software Engineering · Computer Science 2024-09-27 Marcel Böhme , Eric Bodden , Tevfik Bultan , Cristian Cadar , Yang Liu , Giuseppe Scanniello

The open-source software (OSS) ecosystem suffers from security threats caused by malware.However, OSS malware research has three limitations: a lack of high-quality datasets, a lack of malware diversity, and a lack of attack campaign…

Cryptography and Security · Computer Science 2025-04-18 Xiaoyan Zhou , Ying Zhang , Wenjia Niu , Jiqiang Liu , Haining Wang , Qiang Li