English
Related papers

Related papers: Detecting Security Fixes in Open-Source Repositori…

200 papers

Smart contract developers frequently seek solutions to developmental challenges on Q&A platforms such as Stack Overflow (SO). Although community responses often provide viable solutions, the embedded code snippets can also contain hidden…

Software Engineering · Computer Science 2024-07-24 Jiachi Chen , Chong Chen , Jiang Hu , John Grundy , Yanlin Wang , Ting Chen , Zibin Zheng

Whenever a bug occurs in a program, software developers assume that the code is flawed, not the compiler. In fact, if compilers should be correct, they are just normal software with their own bugs. Hard to find, errors in them have…

Cryptography and Security · Computer Science 2018-11-28 Baptiste David

Open source software (OSS) is integral to modern product development, and any vulnerability within it potentially compromises numerous products. While developers strive to apply security patches, pinpointing these patches among extensive…

Cryptography and Security · Computer Science 2024-09-16 Jinhong Yu , Yi Chen , Di Tang , Xiaozhong Liu , XiaoFeng Wang , Chen Wu , Haixu Tang

Smart contracts written in Solidity are programs used in blockchain networks, such as Etherium, for performing transactions. However, as with any piece of software, they are prone to errors and may present vulnerabilities, which malicious…

Logic in Computer Science · Computer Science 2021-11-29 Kunjian Song , Nedas Matulevicius , Eddie B. de Lima Filho , Lucas C. Cordeiro

Ethereum smart contracts are programs that run on the Ethereum blockchain, and many smart contract vulnerabilities have been discovered in the past decade. Many security analysis tools have been created to detect such vulnerabilities, but…

Cryptography and Security · Computer Science 2021-01-11 Nami Ashizawa , Naoto Yanai , Jason Paul Cruz , Shingo Okamura

Open-source software serves as a foundation for the internet and the cyber supply chain, but its exploitation is becoming increasingly prevalent. While advances in vulnerability detection for OSS have been significant, prior research has…

Cryptography and Security · Computer Science 2024-12-02 Zhuoran Tan , Christos Anagnosstopoulos , Jeremy Singer

Zero-day vulnerabilities can be accidentally or maliciously placed in code and can remain in place for years. In this study, we address an aspect of their longevity by considering the likelihood that they will be discovered in the code…

Cryptography and Security · Computer Science 2018-09-03 Andrew J. Lohn

Static analysis tools are frequently used to scan the source code and detect deviations from the project coding guidelines. Given their importance, linters are often introduced to classrooms to educate students on how to detect and…

Software Engineering · Computer Science 2023-07-20 Eman Abdullah AlOmar , Salma Abdullah AlOmar , Mohamed Wiem Mkaouer

Certification through auditing allows to ensure that critical embedded systems are secure. This entails reviewing their critical components and checking for dangerous execution paths. This latter task requires the use of specialized tools…

Software Engineering · Computer Science 2023-03-08 Guilhem Lacombe , David Feliot , Etienne Boespflug , Marie-Laure Potet

Large Language Models (LLMs) have shown great promise in vulnerability identification. As C/C++ comprises half of the Open-Source Software (OSS) vulnerabilities over the past decade and updates in OSS mainly occur through commits, enhancing…

Cryptography and Security · Computer Science 2024-09-12 Zeqing Qin , Yiwei Wu , Lansheng Han

Open source development contains contributions from both hired and volunteer software developers. Identification of this status is important when we consider the transferability of research results to the closed source software industry, as…

Software Engineering · Computer Science 2018-10-04 Maëlick Claes , Mika Mäntylä , Miikka Kuutila , Umar Farooq

Modern software development is based on a series of rapid incremental changes collaboratively made to large source code repositories by developers with varying experience and expertise levels. The ZeroIn project is aimed at analyzing the…

Software Engineering · Computer Science 2022-04-19 Kalyan Perumalla , Aradhana Soni , Rupam Dey , Steven Rich

Data leakage is a well-known problem in machine learning. Data leakage occurs when information from outside the training dataset is used to create a model. This phenomenon renders a model excessively optimistic or even useless in the real…

Programming Languages · Computer Science 2024-08-07 Filip Drobnjaković , Pavle Subotić , Caterina Urban

The increasing inclusion of Machine Learning (ML) models in safety critical systems like autonomous cars have led to the development of multiple model-based ML testing techniques. One common denominator of these testing techniques is their…

Machine Learning · Computer Science 2019-09-09 Houssem Ben Braiek , Foutse Khomh

Knowledge-based systems reason over some knowledge base. Hence, an important issue for such systems is how to acquire the knowledge needed for their inference. This paper assesses active learning methods for acquiring knowledge for "static…

Software Engineering · Computer Science 2020-10-23 Xueqi Yang , Zhe Yu , Junjie Wang , Tim Menzies

With the continuous growth in the scale and complexity of software systems, defect remediation has become increasingly difficult and costly. Automated defect prediction tools can proactively identify software changes prone to defects within…

Software Engineering · Computer Science 2025-05-14 Liguo Ji , Chenchen Li , Shenglin Wang , Furui Zhan

Deep learning (DL) models have become increasingly popular in identifying software vulnerabilities. Prior studies found that vulnerabilities across different vulnerable programs may exhibit similar vulnerable scopes, implicitly forming…

Cryptography and Security · Computer Science 2023-06-13 Michael Fu , Trung Le , Van Nguyen , Chakkrit Tantithamthavorn , Dinh Phung

Formally verified compilers and formally verified static analyzers are a solution to the problem that certain industries face when they have to demonstrate to authorities that the object code they run truly corresponds to its source code…

Logic in Computer Science · Computer Science 2024-07-12 David Monniaux

Security misconfigurations in Container Orchestrators (COs) can pose serious threats to software systems. While Static Analysis Tools (SATs) can effectively detect these security vulnerabilities, the industry currently lacks automated…

Software Engineering · Computer Science 2025-02-05 Ziyang Ye , Triet Huynh Minh Le , M. Ali Babar

Static analysis is an important approach for finding bugs and vulnerabilities in software. However, inspecting and confirming static warnings are challenging and time-consuming. In this paper, we present a novel solution that automatically…

Software Engineering · Computer Science 2021-06-30 Ashwin Kallingal Joshy , Xueyuan Chen , Benjamin Steenhoek , Wei Le