English
Related papers

Related papers: Detecting Security Fixes in Open-Source Repositori…

200 papers

Large language models (LLMs) are increasingly embedded in open-source software (OSS) ecosystems, creating complex interactions among natural language prompts, probabilistic model outputs, and execution-capable components. However, it…

Cryptography and Security · Computer Science 2026-04-16 Fariha Tanjim Shifat , Hariswar Baburaj , Ce Zhou , Jaydeb Sarker , Mia Mohammad Imran

Lehman's Laws teach us that a software system will become progressively less satisfying to its users over time, unless it is continually adapted to meet new needs. Understanding software maintenance can potentially relieve many of the pains…

Software Engineering · Computer Science 2019-03-13 Stanislav Levin , Amiram Yehudai

Ensuring software quality in embedded firmware is critical, especially in safety-critical domains where compliance with functional safety standards (ISO 26262) requires strong guarantees of software reliability. While machine learning-based…

Software Engineering · Computer Science 2026-02-09 Marco De Luca , Domenico Amalfitano , Anna Rita Fasolino , Porfirio Tramontana

Despite the immense popularity of the Automated Program Repair (APR) field, the question of patch validation is still open. Most of the present-day approaches follow the so-called Generate-and-Validate approach, where first a candidate…

Software Engineering · Computer Science 2021-04-01 Viktor Csuvik , Dániel Horváth , Márk Lajkó , László Vidács

One of the biggest expense in software development is the maintenance. Therefore, it is critical to comprehend what triggers maintenance and if it may be predicted. Numerous research have demonstrated that specific methods of assessing the…

Software Engineering · Computer Science 2023-05-18 Al Khan , Remudin Reshid Mekuria , Ruslan Isaev

Vulnerabilities severely threaten software systems, making the timely application of security patches crucial for mitigating attacks. However, software vendors often silently patch vulnerabilities with limited disclosure, where Security…

Software Engineering · Computer Science 2026-01-12 Qingyuan Li , Chenchen Yu , Chuanyi Li , Xin-Cheng Wen , Cheryl Lee , Cuiyun Gao , Bin Luo

While code review is central to the software development process, it can be tedious and expensive to carry out. In this paper, we investigate whether and how Large Language Models (LLMs) can aid with code reviews. Our investigation focuses…

Software Engineering · Computer Science 2024-03-14 Rasmus Ingemann Tuffveson Jensen , Vali Tawosi , Salwa Alamir

Static analysis is a method of analyzing source code without executing it. It is widely used to find bugs and code smells in industrial software. Besides other methods, the most important techniques are those based on the abstract syntax…

Software Engineering · Computer Science 2024-08-13 Gabor Horvath , Reka Kovacs , Richard Szalay , Zoltan Porkolab

Static analysis is a powerful technique for bug detection in critical systems like operating system kernels. However, designing and implementing static analyzers is challenging, time-consuming, and typically limited to predefined bug…

Software Engineering · Computer Science 2025-09-05 Chenyuan Yang , Zijie Zhao , Zichen Xie , Haoyu Li , Lingming Zhang

Peer code review has been found to be effective in identifying security vulnerabilities. However, despite practicing mandatory code reviews, many Open Source Software (OSS) projects still encounter a large number of post-release security…

Software Engineering · Computer Science 2021-02-16 Rajshakhar Paul , Asif Kamal Turzo , Amiangshu Bosu

In the domain of security, vulnerabilities frequently remain undetected even after their exploitation. In this work, vulnerabilities refer to publicly disclosed flaws documented in Common Vulnerabilities and Exposures (CVE) reports.…

Cryptography and Security · Computer Science 2025-09-05 Refat Othman , Diaeddin Rimawi , Bruno Rossi , Barbara Russo

The advent of large language models (LLMs) has significantly advanced artificial intelligence (AI) in software engineering (SE), with source code embeddings playing a crucial role in tasks such as source code clone detection and source code…

Software Engineering · Computer Science 2025-06-04 Zixiang Xian , Chenhui Cui , Rubing Huang , Chunrong Fang , Zhenyu Chen

Early identification of security issues in software development is vital to minimize their unanticipated impacts. Code review is a widely used manual analysis method that aims to uncover security issues along with other coding issues in…

Software Engineering · Computer Science 2024-07-18 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Command injection vulnerabilities are a significant security threat in dynamic languages like Python, particularly in widely used open-source projects where security issues can have extensive impact. With the proven effectiveness of Large…

Software Engineering · Computer Science 2025-05-22 Yuxuan Wang , Jingshu Chen , Qingyang Wang

Corrective maintenance is crucial to ensure the quality of software, thereby improving reliability and user experience. In a version control system (VCS), developers write commit messages to document their changes and support later…

Software Engineering · Computer Science 2026-04-21 Syful Islam , Stefano Zacchiroli

Context: Since it is well-established that developers spend a substantial portion of their time understanding source code, the ability to automatically identify algorithms within source code presents a valuable opportunity. This capability…

Software Engineering · Computer Science 2026-04-06 Denis Neumüller , Sebastian Boll , David Schüler , Matthias Tichy

In today's rapidly evolving technological landscape and advanced software development, the rise in cyber security attacks has become a pressing concern. The integration of robust cyber security defenses has become essential across all…

Software Engineering · Computer Science 2023-11-02 Mounika Vanamala , Keith Bryant , Alex Caravella

Detecting vulnerabilities within compiled binaries is challenging due to lost high-level code structures and other factors such as architectural dependencies, compilers, and optimization options. To address these obstacles, this research…

Cryptography and Security · Computer Science 2024-12-17 Gary A. McCully , John D. Hastings , Shengjie Xu , Adam Fortier

Security vulnerabilities often arise unintentionally during development due to a lack of security expertise and code complexity. Traditional tools, such as static and dynamic analysis, detect vulnerabilities only after they are introduced…

Cryptography and Security · Computer Science 2026-02-03 Ranjith Krishnamurthy , Oshando Johnson , Goran Piskachev , Eric Bodden

In this experience paper, we report on a large-scale empirical study of Static Application Security Testing (SAST) in Open-Source Embedded Software (EMBOSS) repositories. We collected a corpus of 258 of the most popular EMBOSS projects, and…

Software Engineering · Computer Science 2025-04-28 Mingjie Shen , Akul Abhilash Pillai , Brian A. Yuan , James C. Davis , Aravind Machiry