English
Related papers

Related papers: Test Suites as a Source of Training Data for Stati…

200 papers

Due to increasingly complex software design and rapid iterative development, code defects and security vulnerabilities are prevalent in modern software. In response, programmers rely on static analysis tools to regularly scan their…

Software Engineering · Computer Science 2022-03-21 Anant Kharkar , Roshanak Zilouchian Moghaddam , Matthew Jin , Xiaoyu Liu , Xin Shi , Colin Clement , Neel Sundaresan

Static Analysis (SA) tools are used to identify potential weaknesses in code and fix them in advance, while the code is being developed. In legacy codebases with high complexity, these rules-based static analysis tools generally report a…

It is quite common for security testing to be delayed until after the software has been developed, but vulnerabilities may get noticed throughout the implementation phase and the earlier they are discovered, the easier and cheaper it will…

Software Engineering · Computer Science 2018-05-25 Rahma Mahmood , Qusay H. Mahmoud

Static analysis tools come in many forms andconfigurations, allowing them to handle various tasks in a (secure) development process: code style linting, bug/vulnerability detection, verification, etc., and adapt to the specific requirements…

Early identification of security issues in software development is vital to minimize their unanticipated impacts. Code review is a widely used manual analysis method that aims to uncover security issues along with other coding issues in…

Software Engineering · Computer Science 2024-07-18 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Web applications are distributed applications, they are programs that run on more than one computer and communicate through a network or server. This very distributed nature of web applications, combined with the scale and sheer complexity…

Cryptography and Security · Computer Science 2022-10-17 Akash Nagaraj , Bishesh Sinha , Mukund Sood , Yash Mathur , Sanchika Gupta , Dinkar Sitaram

Static analysis is an important approach for finding bugs and vulnerabilities in software. However, inspecting and confirming static warnings are challenging and time-consuming. In this paper, we present a novel solution that automatically…

Software Engineering · Computer Science 2021-06-30 Ashwin Kallingal Joshy , Xueyuan Chen , Benjamin Steenhoek , Wei Le

(Note: This work is a preprint.) Static analysis (SA) tools produce many diagnostic alerts indicating that source code in C or C++ may be defective and potentially vulnerable to security exploits. Many of these alerts are false positives.…

Software Engineering · Computer Science 2025-08-06 David Svoboda , Lori Flynn , William Klieber , Michael Duggan , Nicholas Reimer , Joseph Sible

Static analysis tools are widely used for vulnerability detection as they understand programs with complex behavior and millions of lines of code. Despite their popularity, static analysis tools are known to generate an excess of false…

Software Engineering · Computer Science 2021-02-17 Yunhui Zheng , Saurabh Pujar , Burn Lewis , Luca Buratti , Edward Epstein , Bo Yang , Jim Laredo , Alessandro Morari , Zhong Su

Static code analysis (SCA) tools are widely used as effective ways to detect bugs and vulnerabilities in software systems. However, the reports generated by these tools often contain a large number of non-actionable findings, which can…

Software Engineering · Computer Science 2026-04-21 Tamás Aladics , Norbert Vándor , Rudolf Ferenc , Péter Hegedűs

Over 70% of security vulnerabilities in critical software systems today result from memory safety violations. To address this challenge, fuzzing and static analysis are widely used automated methods to discover such vulnerabilities. Fuzzing…

Cryptography and Security · Computer Science 2026-03-31 Keno Hassler , Philipp Görz , Stephan Lipp

Static code analysis is a powerful approach to detect quality deficiencies such as performance bottlenecks, safety violations or security vulnerabilities already during a software system's implementation. Yet, as current software systems…

Software Engineering · Computer Science 2017-10-23 Eric Bodden

Knowledge-based systems reason over some knowledge base. Hence, an important issue for such systems is how to acquire the knowledge needed for their inference. This paper assesses active learning methods for acquiring knowledge for "static…

Software Engineering · Computer Science 2020-10-23 Xueqi Yang , Zhe Yu , Junjie Wang , Tim Menzies

In large programming classes, it takes a significant effort from teachers to evaluate exercises and provide detailed feedback. In systems programming, test cases are not sufficient to assess exercises, since concurrency and resource…

Computers and Society · Computer Science 2024-11-07 Roberto Natella

Static analyzers are tool sets which are proving to be indispensable to modern programmers. These enable the programmers to detect possible errors and security defects present in the current code base within the implementation phase of the…

Software Engineering · Computer Science 2019-05-14 Eljose E Sajan , Yunpeng Zhang , Liang-Chieh Cheng

Static analysis tools are frequently used to scan the source code and detect deviations from the project coding guidelines. Given their importance, linters are often introduced to classrooms to educate students on how to detect and…

Software Engineering · Computer Science 2023-07-20 Eman Abdullah AlOmar , Salma Abdullah AlOmar , Mohamed Wiem Mkaouer

Static Application Security Testing (SAST) tools play a vital role in modern software development by automatically detecting potential vulnerabilities in source code. However, their effectiveness is often limited by a high rate of false…

Software Engineering · Computer Science 2026-03-12 Tom Ohlmer , Michael Schlichtig , Eric Bodden

Static analysis tools are commonly used to detect defects before the code is released. Previous research has focused on their overall effectiveness and their ability to detect defects. However, little is known about the usage patterns of…

Software Engineering · Computer Science 2023-11-14 Georgios Liargkovas , Evangelia Panourgia , Diomidis Spinellis

Context: Static analyses are well-established to aid in understanding bugs or vulnerabilities during the development process or in large-scale studies. A low false-positive rate is essential for the adaption in practice and for precise…

Software Engineering · Computer Science 2024-03-13 Anna-Katharina Wickert , Michael Schlichtig , Marvin Vogel , Lukas Winter , Mira Mezini , Eric Bodden

Static analysis is widely used for software assurance. However, static analysis tools can report an overwhelming number of warnings, many of which are false positives. Applying static analysis to a new version, a large number of warnings…

Software Engineering · Computer Science 2023-05-05 Xiuyuan Guo , Ashwin Kallingal Joshy , Benjamin Steenhoek , Wei Le , Lori Flynn
‹ Prev 1 2 3 10 Next ›