English
Related papers

Related papers: Fixing Vulnerabilities Potentially Hinders Maintai…

200 papers

Open source software (OSS) vulnerabilities threaten the security of software systems that use OSS. Vulnerability databases provide valuable information (e.g., vulnerable version and patch) to mitigate OSS vulnerabilities. There arises a…

Software Engineering · Computer Science 2023-10-03 Congying Xu , Bihuan Chen , Chenhao Lu , Kaifeng Huang , Xin Peng , Yang Liu

This paper is an introductory discussion on the cause of open source software vulnerabilities, their importance in the cybersecurity ecosystem, and a selection of detection methods. A recent application security report showed 44% of…

Cryptography and Security · Computer Science 2022-03-31 Stuart Millar

Each year, thousands of software vulnerabilities are discovered and reported to the public. Unpatched known vulnerabilities are a significant security risk. It is imperative that software vendors quickly provide patches once vulnerabilities…

Cryptography and Security · Computer Science 2017-07-26 Benjamin L. Bullough , Anna K. Yanchenko , Christopher L. Smith , Joseph R. Zipkin

Third-party library dependencies are commonplace in today's software development. With the growing threat of security vulnerabilities, applying security fixes in a timely manner is important to protect software systems. As such, the…

Software Engineering · Computer Science 2022-05-18 Ayano Ikegami , Raula Gaikovina Kula , Bodin Chinthanet , Vittunyuta Maeprasart , Ali Ouni , Takashi Ishio , Kenichi Matsumoto

In open-source software (OSS), software vulnerabilities have significantly increased. Although researchers have investigated the perspectives of vulnerability reporters and OSS contributor security practices, understanding the perspectives…

Software Engineering · Computer Science 2025-02-04 Jessy Ayala , Yu-Jye Tung , Joshua Garcia

Comparing the quality of software written in different computer languages is required in a variety of scenarios, e.g. multi-language projects or application selection process among candidates in different languages. We focus on the…

Software Engineering · Computer Science 2024-11-26 Christophe Ponsard , Gustavo Ospina , Denis Darquennes

Reliability prediction is crucial for ensuring the safety and security of software systems, especially in the context of industry practices. While various metrics and measurements are employed to assess software reliability, the complexity…

Software Engineering · Computer Science 2025-07-29 Dapeng Yan , Wenjie Yang , Kui Liu , Zhiming Liu , Zhikuang Cai

Our study is focused on an evaluation of the maintainability characteristic in the context of the long-term evolution of open-source software. According to well established software quality models such as the ISO 9126 and the more recent…

Software Engineering · Computer Science 2020-09-03 Arthur-Jozsef Molnar , Simona Motogna

This work aims at discussing the complexity aspect of software while demonstrating its relationship with security. Complexity is an essential part of software; however, numerous studies indicate that they increase the vulnerability of the…

Software Engineering · Computer Science 2020-02-18 Mamdouh Alenezi , Mohammad Zarour

Reviewing source code from a security perspective has proven to be a difficult task. Indeed, previous research has shown that developers often miss even popular and easy-to-detect vulnerabilities during code review. Initial evidence…

Software Engineering · Computer Science 2022-02-15 Larissa Braz , Christian Aeberhard , Gül Çalikli , Alberto Bacchelli

Timely patching is paramount to safeguard users and maintainers against dire consequences of malicious attacks. In practice, patching is prioritized following the nature of the code change that is committed in the code repository. When such…

Software Engineering · Computer Science 2020-01-27 Arthur D. Sawadogo , Tegawendé F. Bissyandé , Naouel Moha , Kevin Allix , Jacques Klein , Li Li , Yves Le Traon

This study investigates vulnerabilities in dependencies of sampled open-source software (OSS) projects, the relationship between these and overall project security, and how developers' behaviors and practices influence their mitigation.…

Cryptography and Security · Computer Science 2024-08-27 Janislley Oliveira de Sousa , Bruno Carvalho de Farias , Eddie Batista de Lima Filho , Lucas Carvalho Cordeiro

Zero-day vulnerabilities can be accidentally or maliciously placed in code and can remain in place for years. In this study, we address an aspect of their longevity by considering the likelihood that they will be discovered in the code…

Cryptography and Security · Computer Science 2018-09-03 Andrew J. Lohn

Software built on poor structural patterns often shows higher exposure to security defects. When code differs from established best practices, verification and maintenance become increasingly difficult, thereby raising the risk of…

Cryptography and Security · Computer Science 2026-01-26 Masoud Jamshidiyan Tehrani

Context: Free and Open Source Software (FOSS) communities' ability to stay viable and productive over time is pivotal for society as they maintain the building blocks that digital infrastructure, products, and services depend on.…

Software Engineering · Computer Science 2024-02-13 Adam Alami , Raúl Pardo , Johan Linåker

Open-source libraries are widely used by software developers to speed up the development of products, however, they can introduce security vulnerabilities, leading to incidents like Log4Shell. With the expanding usage of open-source…

Modifications to open-source software (OSS) are often provided in the form of "patch stacks" - sets of changes (patches) that modify a given body of source code. Maintaining patch stacks over extended periods of time is problematic when the…

Software Engineering · Computer Science 2020-09-03 Ralf Ramsauer , Daniel Lohmann , Wolfgang Mauerer

In this paper we discuss the impact of open source on both the security and transparency of a software system. We focus on the more technical aspects of this issue, combining and extending arguments developed over the years. We stress that…

Cryptography and Security · Computer Science 2021-08-23 Jaap-Henk Hoepman , Bart Jacobs

The focus on rapid software delivery inevitably results in the accumulation of technical debt, which, in turn, affects quality and slows future development. Yet, companies with a long history of rapid delivery exist. Our primary aim is to…

Identifying which software versions are affected by a vulnerability is critical for patching, risk mitigation. Despite a growing body of tools, their real-world effectiveness remains unclear due to narrow evaluation scopes often limited to…

Software Engineering · Computer Science 2025-09-10 Xingchu Chen , Chengwei Liu , Jialun Cao , Yang Xiao , Xinyue Cai , Yeting Li , Jingyi Shi , Tianqi Sun , Haiming Chen ang Wei Huo
‹ Prev 1 2 3 10 Next ›