English
Related papers

Related papers: Memory Error Detection in Security Testing

200 papers

This work presents a new tool to verify the correctness of cryptographic implementations with respect to cache attacks. Our methodology discovers vulnerabilities that are hard to find with other techniques, observed as exploitable leakage.…

Cryptography and Security · Computer Science 2017-09-07 Gorka Irazoqui , Kai Cong , Xiaofei Guo , Hareesh Khattri , Arun Kanuparthi , Thomas Eisenbarth , Berk Sunar

Large language models (LLMs) can detect software vulnerabilities, but how do they actually identify vulnerable code? We address this question using mechanistic interpretability; analyzing the internal computations of a neural network to…

Cryptography and Security · Computer Science 2026-05-29 Syafiq Al Atiiq , Chun Zhou , Christian Gehrmann

Software vulnerabilities continue to be the primary cause of cyberattacks. It is crucial to identify vulnerabilities in applications' source code before attackers gain access to them and exploit any vulnerability they may contain.…

Software Engineering · Computer Science 2026-05-26 Jorge Martins , David Dantas , Rafael Ramires , Bernardo Ferreira , Ibéria Medeiros

Static performance estimation is essential during compile-time analysis, yet traditional runtime-based methods are costly and platform-dependent. We investigate mems, the number of memory accesses, as a static and architecture-independent…

Software Engineering · Computer Science 2025-05-13 Liwei Zhang , Baoquan Cui , Xutong Ma , Jian Zhang

Static Application Security Testing (SAST) tools often suffer from high false positive rates, leading to alert fatigue that consumes valuable auditing resources. Recent efforts leveraging Large Language Models (LLMs) as filters offer…

Cryptography and Security · Computer Science 2026-03-05 Mingcheng Jiang , Jiancheng Huang , Jiangfei Wang , Zhengzhu Xie , Nan Fang , Guang Cheng , Xiaoyan Hu , Hua Wu

Software engineers can find vulnerabilities with less effort if they are directed towards code that might contain more vulnerabilities. HARMLESS is an incremental support vector machine tool that builds a vulnerability prediction model from…

Software Engineering · Computer Science 2019-10-29 Zhe Yu , Christopher Theisen , Laurie Williams , Tim Menzies

Searching for clues, gathering evidence, and reviewing case files are all techniques used by criminal investigators to draw sound conclusions and avoid wrongful convictions. Similarly, in software engineering (SE) research, we can develop…

Software Engineering · Computer Science 2023-09-19 Marvin Muñoz Barón , Marvin Wyrich , Daniel Graziotin , Stefan Wagner

Critical vulnerabilities with Common Vulnerability Scoring System scores of 9.0 or higher pose severe risks to organisations' information systems. Timely detection and remediation are essential to minimise economic and reputational damage…

Cryptography and Security · Computer Science 2026-04-23 Lena Sinterhauf , Andreas Aßmuth , Roland Kaltefleiter

In this experience paper, we report on a large-scale empirical study of Static Application Security Testing (SAST) in Open-Source Embedded Software (EMBOSS) repositories. We collected a corpus of 258 of the most popular EMBOSS projects, and…

Software Engineering · Computer Science 2025-04-28 Mingjie Shen , Akul Abhilash Pillai , Brian A. Yuan , James C. Davis , Aravind Machiry

Bug triaging for security vulnerabilities is a critical part of software maintenance, ensuring that the most pressing vulnerabilities are addressed promptly to safeguard system integrity and user data. However, the process is…

Intrusion detection has focused primarily on detecting cyberattacks at the event-level. Since there is such a large volume of network data and attacks are minimal, machine learning approaches have focused on improving accuracy and reducing…

Cryptography and Security · Computer Science 2020-04-14 Steven McElwee , James Cannady

Bug reports are common artefacts in software development. They serve as the main channel for users to communicate to developers information about the issues that they encounter when using released versions of software programs. In the…

Software Engineering · Computer Science 2021-12-21 Arthur D. Sawadogo , Quentin Guimard , Tegawendé F. Bissyandé , Abdoul Kader Kaboré , Jacques Klein , Naouel Moha

Driven by new software development processes and testing in clouds, system and integration testing nowadays tends to produce enormous number of alarms. Such test alarms lay an almost unbearable burden on software testing engineers who have…

Software Engineering · Computer Science 2017-03-03 He Jiang , Xiaochen Li , Zijiang Yang , Jifeng Xuan

Memory safety defects pose a major threat to software reliability, enabling cyberattacks, outages, and crashes. To mitigate these risks, organizations adopt Compositional Bounded Model Checking (BMC), using unit proofs to formally verify…

Software Engineering · Computer Science 2025-03-19 Paschal C. Amusuo , Owen Cochell , Taylor Le Lievre , Parth V. Patil , Aravind Machiry , James C. Davis

Many studies have developed Machine Learning (ML) approaches to detect Software Vulnerabilities (SVs) in functions and fine-grained code statements that cause such SVs. However, there is little work on leveraging such detection outputs for…

Software Engineering · Computer Science 2022-03-17 Triet H. M. Le , M. Ali Babar

Context: In C, low-level errors, such as buffer overflow and use-after-free, are a major problem, as they cause security vulnerabilities and hard-to-find bugs. C lacks automatic checks, and programmers cannot apply defensive programming…

Programming Languages · Computer Science 2017-12-05 Manuel Rigger , Rene Mayrhofer , Roland Schatz , Matthias Grimmer , Hanspeter Mössenböck

Software testing is one of the very important Quality Assurance (QA) components. A lot of researchers deal with the testing process in terms of tester motivation and how tests should or should not be written. However, it is not known from…

Software Engineering · Computer Science 2022-01-04 Matej Madeja , Jaroslav Porubän , Michaela Bačíková , Matúš Sulír , Ján Juhár , Sergej Chodarev , Filip Gurbáľ

Security patches in open-source software, providing security fixes to identified vulnerabilities, are crucial in protecting against cyberattacks. Despite the National Vulnerability Database (NVD) publishes identified vulnerabilities, a vast…

Cryptography and Security · Computer Science 2021-06-08 Yaqin Zhou , Jing Kai Siow , Chenyu Wang , Shangqing Liu , Yang Liu

This study investigates vulnerabilities in dependencies of sampled open-source software (OSS) projects, the relationship between these and overall project security, and how developers' behaviors and practices influence their mitigation.…

Cryptography and Security · Computer Science 2024-08-27 Janislley Oliveira de Sousa , Bruno Carvalho de Farias , Eddie Batista de Lima Filho , Lucas Carvalho Cordeiro

Version control systems are commonly used to manage open-source software, in which each commit may introduce new vulnerabilities or fix existing ones. Researchers have developed various tools for detecting vulnerabilities in code commits,…

Software Engineering · Computer Science 2025-01-08 Zhaonan Wu , Yanjie Zhao , Chen Wei , Zirui Wan , Yue Liu , Haoyu Wang