English
Related papers

Related papers: Memory Error Detection in Security Testing

200 papers

Over 70% of security vulnerabilities in critical software systems today result from memory safety violations. To address this challenge, fuzzing and static analysis are widely used automated methods to discover such vulnerabilities. Fuzzing…

Cryptography and Security · Computer Science 2026-03-31 Keno Hassler , Philipp Görz , Stephan Lipp

Early identification of security issues in software development is vital to minimize their unanticipated impacts. Code review is a widely used manual analysis method that aims to uncover security issues along with other coding issues in…

Software Engineering · Computer Science 2024-07-18 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Software is prone to bugs and failures. Security bugs are those that expose or share privileged information and access in violation of the software's requirements. Given the seriousness of security bugs, there are centralized mechanisms for…

Software Engineering · Computer Science 2020-12-16 Daito Nakano , Mingyang Yin , Ryosuke Sato , Abram Hindle , Yasutaka Kamei , Naoyasu Ubayashi

It is quite common for security testing to be delayed until after the software has been developed, but vulnerabilities may get noticed throughout the implementation phase and the earlier they are discovered, the easier and cheaper it will…

Software Engineering · Computer Science 2018-05-25 Rahma Mahmood , Qusay H. Mahmoud

Pointers are a powerful, but dangerous feature provided by the C and C++ programming languages, and incorrect use of pointers is a common source of bugs and security vulnerabilities. Making secure software is crucial, as vulnerabilities…

Formal Languages and Automata Theory · Computer Science 2024-11-01 Vlad-Alexandru Teodorescu , Dorel Lucanu

(Note: This work is a preprint.) Static analysis (SA) tools produce many diagnostic alerts indicating that source code in C or C++ may be defective and potentially vulnerable to security exploits. Many of these alerts are false positives.…

Software Engineering · Computer Science 2025-08-06 David Svoboda , Lori Flynn , William Klieber , Michael Duggan , Nicholas Reimer , Joseph Sible

Open-source software (OSS) pipelines rely on automated static analysis tools to prevent the introduction of vulnerabilities in code. However, there is limited understanding of the efficacy of these tools across the OSS ecosystem over time.…

Cryptography and Security · Computer Science 2026-05-11 Jean-Charles Noirot Ferrand , Kyle Domico , Yohan Beugin , Patrick McDaniel

Memory leaks remain prevalent in real-world C/C++ software. Static analyzers such as CodeQL provide scalable program analysis but frequently miss such bugs because they cannot recognize project-specific custom memory-management functions…

Software Engineering · Computer Science 2026-04-29 Huihui Huang , Jieke Shi , Bo Wang , Zhou Yang , David Lo

While static analysis is useful in detecting early-stage hardware security bugs, its efficacy is limited because it requires information to form checks and is often unable to explain the security impact of a detected vulnerability. Large…

Cryptography and Security · Computer Science 2025-05-01 Baleegh Ahmad , Hammond Pearce , Ramesh Karri , Benjamin Tan

This empirical paper examines the time delays that occur between the publication of Common Vulnerabilities and Exposures (CVEs) in the National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS) information…

Cryptography and Security · Computer Science 2018-01-12 Jukka Ruohonen

Static analysis is a classical technique for improving software security and software quality in general. Fairly recently, a new static analyzer was implemented in the GNU Compiler Collection (GCC). The present paper uses the GCC's analyzer…

Software Engineering · Computer Science 2025-12-05 Jukka Ruohonen , Mubashrah Saddiqa , Krzysztof Sierszecki

Knowledge-based systems reason over some knowledge base. Hence, an important issue for such systems is how to acquire the knowledge needed for their inference. This paper assesses active learning methods for acquiring knowledge for "static…

Software Engineering · Computer Science 2020-10-23 Xueqi Yang , Zhe Yu , Junjie Wang , Tim Menzies

Background: The C and C++ languages hold significant importance in Software Engineering research because of their widespread use in practice. Numerous studies have utilized Machine Learning (ML) and Deep Learning (DL) techniques to detect…

Software Engineering · Computer Science 2024-08-06 Anh The Nguyen , Triet Huynh Minh Le , M. Ali Babar

The Common Vulnerabilities and Exposures (CVEs) system is a reference method for documenting publicly known information security weaknesses and exposures. This paper presents a study of the lifetime of CVEs in software projects and the risk…

Cryptography and Security · Computer Science 2025-04-08 Piotr Przymus , Mikołaj Fejzer , Jakub Narębski , Krzysztof Stencel

Flaw-finding static analysis tools typically generate large volumes of code flaw alerts including many false positives. To save on human effort to triage these alerts, a significant body of work attempts to use machine learning to classify…

Software Engineering · Computer Science 2021-05-11 Lori Flynn , William Snavely , Zachary Kurtz

Identifying vulnerabilities in source code is crucial, especially in critical software components. Existing methods such as static analysis, dynamic analysis, formal verification, and recently Large Language Models are widely used to detect…

Despite the recent advances in pre-production bug detection, heap-use-after-free and heap-buffer-overflow bugs remain the primary problem for security, reliability, and developer productivity for applications written in C or C++, across all…

Context: Coordination is a fundamental tenet of software engineering. Coordination is required also for identifying discovered and disclosed software vulnerabilities with Common Vulnerabilities and Exposures (CVEs). Motivated by recent…

Software Engineering · Computer Science 2020-07-27 Jukka Ruohonen , Sampsa Rauti , Sami Hyrynsalmi , Ville Leppänen

Memory leak bugs are a major problem in C/C++ programs. They occur when memory objects are not deallocated.Developers need to manually deallocate these objects to prevent memory leaks. As such, several techniques have been proposed to…

Cryptography and Security · Computer Science 2024-08-12 Aniruddhan Murali , Mahmoud Alfadel , Meiyappan Nagappan , Meng Xu , Chengnian Sun

std::string view is a reference-like data structure in the C++ Standard Template Library (STL) that enables fast and cheap processing of read-only strings. Due to its wide applicability and performance enhancing power, std::string view has…

Software Engineering · Computer Science 2024-08-20 Reka Kovacs , Gabor Horvath , Zoltan Porkolab
‹ Prev 1 2 3 10 Next ›