English
Related papers

Related papers: Detecting Security Fixes in Open-Source Repositori…

200 papers

Large Language Models (LLMs) are being used more and more for various coding tasks, including to help coders identify bugs and are a promising avenue to support coders in various tasks including vulnerability detection -- particularly given…

Software Engineering · Computer Science 2025-05-27 Ignacio Mariano Andreozzi Pofcher , Joshua Ellul

In software development environments, code quality is crucial. This study aims to assist Machine Learning (ML) engineers in enhancing their code by identifying and correcting Data Leakage issues within their models. Data Leakage occurs when…

Software Engineering · Computer Science 2025-09-22 Owen Truong , Terrence Zhang , Arnav Marchareddy , Ryan Lee , Jeffery Busold , Michael Socas , Eman Abdullah AlOmar

Static source code analysis is a powerful tool for finding and fixing bugs when deployed properly; it is, however, all too easy to deploy it in a way that looks good superficially, but which misses important defects, shows many false…

Software Engineering · Computer Science 2022-02-25 Flash Sheridan

In the past couple of decades, significant research efforts have been devoted to the prediction of software bugs (i.e., defects). In general, these works leverage a diverse set of metrics, tools, and techniques to predict which classes,…

Software Engineering · Computer Science 2024-08-06 Ehsan Mashhadi , Shaiful Chowdhury , Somayeh Modaberi , Hadi Hemmati , Gias Uddin

Large language models (LLMs) for automatic code generation have achieved breakthroughs in several programming tasks. Their advances in competition-level programming problems have made them an essential pillar of AI-assisted pair…

Cryptography and Security · Computer Science 2023-10-24 Hossein Hajipour , Keno Hassler , Thorsten Holz , Lea Schönherr , Mario Fritz

The growing dependence of software projects on external libraries has generated apprehensions regarding the security of these libraries because of concealed vulnerabilities. Handling these vulnerabilities presents difficulties due to the…

Software Engineering · Computer Science 2023-09-18 Hieu Dinh Vo , Thanh Trong Vu , Son Nguyen

Bug localization in object oriented program ha s always been an important issue in softeware engineering. In this paper, I propose a source level bug localization technique for object oriented embedded programs. My proposed technique,…

Software Engineering · Computer Science 2011-09-02 Partha Pratim Ray

Despite their remarkable success, large language models (LLMs) have shown limited ability on safety-critical code tasks such as vulnerability detection. Typically, static analysis (SA) tools, like CodeQL, CodeGuru Security, etc., are used…

Cryptography and Security · Computer Science 2025-09-15 Ira Ceka , Feitong Qiao , Anik Dey , Aastha Valecha , Gail Kaiser , Baishakhi Ray

With the rapid increasing number of open source software (OSS), the majority of the software vulnerabilities in the open source components are fixed silently, which leads to the deployed software that integrated them being unable to get a…

Cryptography and Security · Computer Science 2022-07-20 Bozhi Wu , Shangqing Liu , Ruitao Feng , Xiaofei Xie , Jingkai Siow , Shang-Wei Lin

Due to increasingly complex software design and rapid iterative development, code defects and security vulnerabilities are prevalent in modern software. In response, programmers rely on static analysis tools to regularly scan their…

Software Engineering · Computer Science 2022-03-21 Anant Kharkar , Roshanak Zilouchian Moghaddam , Matthew Jin , Xiaoyu Liu , Xin Shi , Colin Clement , Neel Sundaresan

Static analysis remains one of the most popular approaches for detecting and correcting poor or vulnerable program code. It involves the examination of code listings, test results, or other documentation to identify errors, violations of…

Artificial Intelligence · Computer Science 2021-08-27 Fitzroy D. Nembhard , Marco M. Carvalho

In this paper, we investigate the strategies adopted by Solidity developers to fix security vulnerabilities in smart contracts. Vulnerabilities are categorized using the DASP TOP 10 taxonomy, and fixing strategies are extracted from GitHub…

Testing is the most widely employed method to find vulnerabilities in real-world software programs. Compositional analysis, based on symbolic execution, is an automated testing method to find vulnerabilities in medium- to large-scale…

Software Engineering · Computer Science 2018-07-25 Saahil Ognawala , Ricardo Nales Amato , Alexander Pretschner , Pooja Kulkarni

Context: Static analyses are well-established to aid in understanding bugs or vulnerabilities during the development process or in large-scale studies. A low false-positive rate is essential for the adaption in practice and for precise…

Software Engineering · Computer Science 2024-03-13 Anna-Katharina Wickert , Michael Schlichtig , Marvin Vogel , Lukas Winter , Mira Mezini , Eric Bodden

Ensuring robustness in ML-enabled software systems requires addressing critical challenges, such as silent failures, out-of-distribution (OOD) data, and adversarial attacks. Traditional software engineering practices, which rely on…

Software Engineering · Computer Science 2025-10-22 Hala Abdelkader , Mohamed Abdelrazek , Priya Rani , Rajesh Vasa , Jean-Guy Schneider

Developers today use significant amounts of open source code, surfacing the need for ways to automatically audit and upgrade library dependencies, and giving rise to the subfield of Software Composition Analysis (SCA). SCA products are…

Software Engineering · Computer Science 2019-10-01 Darius Foo , Jason Yeo , Hao Xiao , Asankhaya Sharma

Smart contracts have been increasingly used together with blockchains to automate financial and business transactions. However, many bugs and vulnerabilities have been identified in many contracts which raises serious concerns about smart…

Software Engineering · Computer Science 2020-05-21 Zhipeng Gao , Lingxiao Jiang , Xin Xia , David Lo , John Grundy

The high rate of false alarms from static analysis tools and Large Language Models (LLMs) complicates vulnerability detection in Solidity Smart Contracts, demanding methods that can formally or empirically prove the presence of defects.…

Software Engineering · Computer Science 2025-09-17 Ştefan-Claudiu Susan , Andrei Arusoaie , Dorel Lucanu

This study examined code issue detection and revision automation by integrating Large Language Models (LLMs) such as OpenAI's GPT-3.5 Turbo and GPT-4o into software development workflows. A static code analysis framework detects issues such…

Software Engineering · Computer Science 2025-06-13 Seyed Moein Abtahi , Akramul Azim

Existing literature heavily relies on static analysis tools to evaluate LLMs for secure code generation and vulnerability detection. We reviewed 1,080 LLM-generated code samples, built a human-validated ground-truth, and compared the…

Cryptography and Security · Computer Science 2026-02-06 Ehsan Firouzi , Mohammad Ghafari
‹ Prev 1 3 4 5 6 7 10 Next ›