English
Related papers

Related papers: Fixing Vulnerabilities Potentially Hinders Maintai…

200 papers

Code cloning is not only assumed to inflate maintenance costs but also considered defect-prone as inconsistent changes to code duplicates can lead to unexpected behavior. Consequently, the identification of duplicated code, clone detection,…

Software Engineering · Computer Science 2017-11-15 Elmar Juergens , Florian Deissenboeck , Benjamin Hummel , Stefan Wagner

Programmers have long ignored warnings, especially those generated by static analysis tools, due to the potential for false-positives. In some cases, warnings may be indicative of larger issues, but programmers may not understand how a…

Software Engineering · Computer Science 2025-05-20 Hansen Chang , Christian DeLozier

Open-Source Projects and Libraries are being used in software development while also bearing multiple security vulnerabilities. This use of third party ecosystem creates a new kind of attack surface for a product in development. An…

Software Engineering · Computer Science 2018-08-15 Lorenzo Neil , Sudip Mittal , Anupam Joshi

Software bugs significantly contribute to software cost and increase the risk of system malfunctioning. In recent years, many automated program-repair approaches have been proposed to automatically fix undesired program behavior. Despite of…

Software Engineering · Computer Science 2021-07-19 Dirk Beyer , Lars Grunske , Thomas Lemberger , Minxing Tang

The Open Source Software movement has been growing exponentially for a number of years with no signs of slowing. Driving this growth is the widespread availability of libraries and frameworks that provide many functionalities. Developers…

Software Engineering · Computer Science 2022-06-22 Stan Zajdel , Diego Elias Costa , Hafedh Mili

This study investigates the software vulnerability resolution time in the Maven ecosystem, focusing on the influence of CVE severity, library popularity as measured by the number of dependents, and version release frequency. The results…

Software Engineering · Computer Science 2025-04-01 Md Fazle Rabbi , Arifa Islam Champa , Rajshakhar Paul , Minhaz F. Zibran

Fine-tuning has become the standard practice for adapting pre-trained models to downstream tasks. However, the impact on model robustness is not well understood. In this work, we characterize the robustness-accuracy trade-off in…

Machine Learning · Computer Science 2025-07-15 Kunyang Li , Jean-Charles Noirot Ferrand , Ryan Sheatsley , Blaine Hoak , Yohan Beugin , Eric Pauley , Patrick McDaniel

Research in cybersecurity may seem reactive, specific, ephemeral, and indeed ineffective. Despite decades of innovation in defense, even the most critical software systems turn out to be vulnerable to attacks. Time and again. Offense and…

Cryptography and Security · Computer Science 2024-09-04 Marcel Böhme

Software updates reduce the opportunity for exploitation. However, since updates can also introduce breaking changes, enterprises face the problem of balancing the need to secure software with updates with the need to support operations. We…

Cryptography and Security · Computer Science 2022-05-26 Giorgio Di Tizio , Michele Armellini , Fabio Massacci

During the life cycle of software development, developers have to fix different kinds of bugs reported by testers or end users. The efficiency and effectiveness of fixing bugs have a huge impact on the reliability of the software as well as…

Software Engineering · Computer Science 2013-11-12 Jaechang Nam , Ning Chen

One of the biggest expense in software development is the maintenance. Therefore, it is critical to comprehend what triggers maintenance and if it may be predicted. Numerous research have demonstrated that specific methods of assessing the…

Software Engineering · Computer Science 2023-05-18 Al Khan , Remudin Reshid Mekuria , Ruslan Isaev

Industrial applications heavily integrate open-source software libraries nowadays. Beyond the benefits that libraries bring, they can also impose a real threat in case a library is affected by a vulnerability but its community is not active…

Software Engineering · Computer Science 2025-04-24 Alexandros Tsakpinis

Test-based automatic program repair has attracted a lot of attention in recent years. However, the test suites in practice are often too weak to guarantee correctness and existing approaches often generate a large number of incorrect…

Software Engineering · Computer Science 2018-07-30 Yingfei Xiong , Xinyuan Liu , Muhan Zeng , Lu Zhang , Gang Huang

We introduce a simple microscopic description of software bug dynamics where users, programmers and a maintainer interact through a given program, with a particular emphasis on bug creation, detection and fixing. When the program is written…

Statistical Mechanics · Physics 2007-05-23 Damien Challet , Yann Le Du

All computer programs have flaws, some of which can be exploited to gain unauthorized access to computer systems. We conducted a field study on publicly reported vulnerabilities affecting three open source software projects in widespread…

Software Engineering · Computer Science 2019-12-05 Raul Barbosa , Frederico Cerveira , Luis Goncalo , Henrique Madeira

Security vulnerabilities present in a code that has been written in diverse programming languages are among the most critical yet complicated aspects of source code to detect. Static analysis tools based on rule-based patterns usually do…

Cryptography and Security · Computer Science 2025-08-19 Hael Abdulhakim Ali Humran , Ferdi Sonmez

Vulnerabilities in open source packages can be a security risk for the client projects that use these packages as dependencies. When a new vulnerability is discovered in a package, the package should quickly release a fix in a new version,…

Cryptography and Security · Computer Science 2021-12-14 Nasif Imtiaz , Aniqa Khanom , Laurie Williams

Software development relies on code reuse to minimize costs, creating vulnerability risks through dependencies with substantial economic impact, as seen in the Crowdstrike and HeartBleed incidents. We analyze 52,897 dependencies across…

Econometrics · Economics 2025-07-02 Cornelius Fritz , Co-Pierre Georg , Angelo Mele , Michael Schweinberger

In the current software development environment, third-party libraries play a crucial role. They provide developers with rich functionality and convenient solutions, speeding up the pace and efficiency of software development. However, with…

Software Engineering · Computer Science 2024-04-30 Jia Zeng , Dan Han , Yaling Zhu , Yangzhong Wang , Fangchen Weng

Software security mainly studies vulnerability detection: is my code vulnerable today? This hinders risk estimation, so new approaches are emerging to forecast the occurrence of future vulnerabilities. While useful, these approaches are…

Software Engineering · Computer Science 2024-11-19 Carlos E. Budde , Ranindya Paramitha , Fabio Massacci