English
Related papers

Related papers: Detecting Security Fixes in Open-Source Repositori…

200 papers

Open-Source Projects and Libraries are being used in software development while also bearing multiple security vulnerabilities. This use of third party ecosystem creates a new kind of attack surface for a product in development. An…

Software Engineering · Computer Science 2018-08-15 Lorenzo Neil , Sudip Mittal , Anupam Joshi

CodeChecker is an open source project that integrates different static analysis tools such as the Clang Static Analyzer and Clang-Tidy into the build systems, continuous integration loops, and development workflows of C++ programmers. It…

Software Engineering · Computer Science 2024-08-06 Gabor Horvath , Reka Kovacs , Richard Szalay , Zoltan Porkolab , Gyorgy Orban , Daniel Krupp

Computer-based systems have solved several domain problems, including industrial, military, education, and wearable. Nevertheless, such arrangements need high-quality software to guarantee security and safety as both are mandatory for…

The complexity of software in embedded systems has increased significantly over the last years so that software verification now plays an important role in ensuring the overall product quality. In this context, SAT-based bounded model…

Software Engineering · Computer Science 2009-11-20 Lucas Cordeiro , Bernd Fischer , Joao Marques-Silva

With the emergence of the Node.js ecosystem, JavaScript has become a widely-used programming language for implementing server-side web applications. In this paper, we present the first empirical study of static code analysis tools for…

Cryptography and Security · Computer Science 2023-08-07 Tiago Brito , Mafalda Ferreira , Miguel Monteiro , Pedro Lopes , Miguel Barros , José Fragoso Santos , Nuno Santos

Software vulnerabilities are a serious and crucial concern. Typically, in a program or function consisting of hundreds or thousands of source code statements, there are only a few statements causing the corresponding vulnerabilities. Most…

Cryptography and Security · Computer Science 2024-06-13 Van Nguyen , Trung Le , Chakkrit Tantithamthavorn , Michael Fu , John Grundy , Hung Nguyen , Seyit Camtepe , Paul Quirk , Dinh Phung

Background: The C and C++ languages hold significant importance in Software Engineering research because of their widespread use in practice. Numerous studies have utilized Machine Learning (ML) and Deep Learning (DL) techniques to detect…

Software Engineering · Computer Science 2024-08-06 Anh The Nguyen , Triet Huynh Minh Le , M. Ali Babar

In software development, the identification of source code file experts is an important task. Identifying these experts helps to improve software maintenance and evolution activities, such as developing new features, code reviews, and bug…

Software Engineering · Computer Science 2022-08-17 Otávio Cury , Guilherme Avelino , Pedro Santos Neto , Ricardo Britto , Marco Túlio Valente

Machine learning (ML) provides us with numerous opportunities, allowing ML systems to adapt to new situations and contexts. At the same time, this adaptability raises uncertainties concerning the run-time product quality or dependability,…

Software Engineering · Computer Science 2022-10-18 Lalli Myllyaho , Mikko Raatikainen , Tomi Männistö , Jukka K. Nurminen , Tommi Mikkonen

Flaw-finding static analysis tools typically generate large volumes of code flaw alerts including many false positives. To save on human effort to triage these alerts, a significant body of work attempts to use machine learning to classify…

Software Engineering · Computer Science 2021-05-11 Lori Flynn , William Snavely , Zachary Kurtz

Traditional threat modeling occurs during design, but cloud deployments introduce unanticipated threats, especially multi-stage attacks chaining vulnerabilities across trust boundaries. Existing security tools analyze components in…

Cryptography and Security · Computer Science 2026-03-25 Nicholas Pecka , Lotfi Ben Othmane , Bharat Bhargava , Renee Bryce

High-quality datasets of real-world vulnerabilities are enormously valuable for downstream research in software security, but existing datasets are typically small, require extensive manual effort to update, and are missing crucial features…

Large language models (LLMs) are increasingly used to generate requirements specifications, design documents, code, and test cases. In contrast, much less attention has been given to a more difficult assurance problem: statically verifying…

Software Engineering · Computer Science 2026-05-19 Zhi Quan Zhou , Dave Towey , Tsong Yueh Chen

Large Language Models (LLMs) are emerging as transformative tools for software vulnerability detection, addressing critical challenges in the security domain. Traditional methods, such as static and dynamic analysis, often falter due to…

Cryptography and Security · Computer Science 2025-02-19 Ze Sheng , Zhicheng Chen , Shuning Gu , Heqing Huang , Guofei Gu , Jeff Huang

Content composition vulnerabilities remain among the most prevalent and persistent classes of security weakness in deployed software. Prior mitigations, including developer training, static analysis tools, and domain-specific template…

Programming Languages · Computer Science 2026-05-19 Mike Samuel , Tom Palmer , Shaw Summa , Robert Grayson

Semantic versioning policy is widely used to indicate the level of changes in a package release. Unfortunately, there are many cases where developers do not respect the semantic versioning policy, leading to the breakage of dependent…

Software Engineering · Computer Science 2022-04-13 Rabe Abdalkareem , Md Atique Reza Chowdhury , Emad Shihab

Open-source software (OSS) has experienced a surge in popularity, attributed to its collaborative development model and cost-effective nature. However, the adoption of specific software versions in development projects may introduce…

Software Engineering · Computer Science 2025-08-15 Yiran Cheng , Ting Zhang , Lwin Khin Shar , Shouguo Yang , Chaopeng Dong , David Lo , Shichao Lv , Zhiqiang Shi , Limin Sun

Accurate vulnerability-inducing commit identification serves as a foundation for a series of software security tasks, such as vulnerability detection and affected version analysis. A straightforward solution is the SZZ algorithm, which…

Cryptography and Security · Computer Science 2026-04-28 Sicong Cao , Jinxuan Xu , Le Yu , Jing Yang , Xingwei Lin , Linlin Zhu , Fu Xiao

Automatic testing is a widely adopted technique for improving software quality. Software developers add, remove and update test methods and test classes as part of the software development process as well as during the evolution phase,…

Software Engineering · Computer Science 2017-09-27 Stanislav Levin , Amiram Yehudai

Intelligent code analysis has received increasing attention in parallel with the remarkable advances in the field of machine learning (ML) in recent years. A major challenge in leveraging ML for this purpose is to represent source code in a…

Software Engineering · Computer Science 2021-05-10 Zeki Bilgin