English
Related papers

Related papers: Tracing Vulnerable Code Lineage

200 papers

The increasing adoption of Large Language Models (LLMs) in software engineering has sparked interest in their use for software vulnerability detection. However, the rapid development of this field has resulted in a fragmented research…

Software Engineering · Computer Science 2025-12-22 Sabrina Kaniewski , Fabian Schmidt , Markus Enzweiler , Michael Menth , Tobias Heer

Open source software development, particularly within institutions such as universities and research laboratories, is often decentralized and difficult to track. Although academic teams produce many impactful scientific tools, their…

Software Engineering · Computer Science 2026-02-27 Juanita Gomez , Emily Lovell , Stephanie Lieggi , Alvaro A. Cardenas , James Davis

The identification of vulnerabilities is an important element in the software development life cycle to ensure the security of software. While vulnerability identification based on the source code is a well studied field, the identification…

Cryptography and Security · Computer Science 2022-12-05 Andreas Schaad , Dominik Binder

Vulnerability prediction is valuable in identifying security issues efficiently, even though it requires the source code of the target software system, which is a restrictive hypothesis. This paper presents an experimental study to predict…

Cryptography and Security · Computer Science 2025-04-01 D. Cotroneo , F. C. Grasso , R. Natella , V. Orbinato

Open source software ecosystems consist of thousands of interdependent libraries, which users can combine to great effect. Recent work has pointed out two kinds of risks in these systems: that technical problems like bugs and…

Software Engineering · Computer Science 2022-05-11 William Schueller , Johannes Wachs

The widespread dependency on open-source software makes it a fruitful target for malicious actors, as demonstrated by recurring attacks. The complexity of today's open-source supply chains results in a significant attack surface, giving…

Cryptography and Security · Computer Science 2023-07-19 Piergiorgio Ladisa , Henrik Plate , Matias Martinez , Olivier Barais

Vulnerabilities in open-source operating systems (OSs) pose substantial security risks to software systems, making their detection crucial. While fuzzing has been an effective vulnerability detection technique in various domains, OS fuzzing…

Operating Systems · Computer Science 2026-01-21 Kun Hu , Qicai Chen , Wenzhuo Zhang , Zilong Lu , Bihuan Chen , You Lu , Haowen Jiang , Bingkun Sun , Xin Peng , Wenyun Zhao

Software development relies on code reuse to minimize costs, creating vulnerability risks through dependencies with substantial economic impact, as seen in the Crowdstrike and HeartBleed incidents. We analyze 52,897 dependencies across…

Econometrics · Economics 2025-07-02 Cornelius Fritz , Co-Pierre Georg , Angelo Mele , Michael Schweinberger

Many tools and libraries are readily available to build and operate distributed Web applications. While the setup of operational environments is comparatively easy, practice shows that their continuous secure operation is more difficult to…

Cryptography and Security · Computer Science 2012-07-13 Matteo Maria Casalino , Michele Mangili , Henrik Plate , Serena Elisa Ponta

The utilization of third-party open-source libraries is widespread in modern software development. Due to the dependency relationships, vulnerabilities within open-source libraries pose significant security threats to downstream software.…

Software Engineering · Computer Science 2026-05-07 Liyou Chen , Hailong Sun , Xiang Gao , Lin Shi , Yixin Yang , Yi Xu

Being able to duplicate published research results is an important process of conducting research whether to build upon these findings or to compare with them. This process is called "replicability" when using the original authors'…

Digital Libraries · Computer Science 2020-05-07 Nicolas Bonneel , David Coeurjolly , Julie Digne , Nicolas Mellado

We present a new type of attack in which source code is maliciously encoded so that it appears different to a compiler and to the human eye. This attack exploits subtleties in text-encoding standards such as Unicode to produce source code…

Cryptography and Security · Computer Science 2023-03-09 Nicholas Boucher , Ross Anderson

In recent years, the explosion of malware and extensive code reuse have formed complex evolutionary connections among malware specimens. The rapid pace of development makes it challenging for existing studies to characterize recent…

Cryptography and Security · Computer Science 2025-12-02 Bojing Li , Duo Zhong , Dharani Nadendla , Gabriel Terceros , Prajna Bhandar , Raguvir S , Charles Nicholas

With one of the largest available collection of reusable packages, the JavaScript runtime environment Node.js is one of the most popular programming application. With recent work showing evidence that known vulnerabilities are prevalent in…

Code cloning is a common practice in software development, but it poses significant security risks by propagating vulnerabilities across cloned segments. To address this challenge, we introduce srcVul, a scalable, precise detection approach…

Software Engineering · Computer Science 2025-05-06 Hakam Alomari , Christopher Vendome , Hilal Gyawali

Similar vulnerability repeats in real-world software products because of code reuse, especially in wildly reused third-party code and libraries. Detecting repeating vulnerabilities like 1-day and N-day vulnerabilities is an important cyber…

Cryptography and Security · Computer Science 2024-01-19 Zian Liu , Lei Pan , Chao Chen , Ejaz Ahmed , Shigang Liu , Jun Zhang , Dongxi Liu

The increasing frequency of attacks on Android applications coupled with the recent popularity of large language models (LLMs) necessitates a comprehensive understanding of the capabilities of the latter in identifying potential…

Cryptography and Security · Computer Science 2025-03-18 Vasileios Kouliaridis , Georgios Karopoulos , Georgios Kambourakis

Software vulnerability detection is critical in software security because it identifies potential bugs in software systems, enabling immediate remediation and mitigation measures to be implemented before they may be exploited. Automatic…

Software Engineering · Computer Science 2023-06-21 Nima Shiri Harzevili , Alvine Boaye Belle , Junjie Wang , Song Wang , Zhen Ming , Jiang , Nachiappan Nagappan

Context: Software systems are in continuous evolution through source code changes to fixing bugs, adding new functionalities and improving the internal architecture. All these practices are recorded in the version history, which can be…

Software Engineering · Computer Science 2020-01-17 Leandro Ungari Cayres , Bruno Santos de Lima , Rogério Eduardo Garcia

An essential part of research and scientific communication is researchers' ability to reproduce the results of others. While there have been increasing standards for authors to make data and code available, many of these files are hard to…

Digital Libraries · Computer Science 2021-09-23 Layan Bahaidarah , Ethan Hung , Andreas F. De Melo Oliveira , Jyotsna Penumaka , Lukas Rosario , Ana Trisovic