English
Related papers

Related papers: A Large-Scale Security-Oriented Static Analysis of…

200 papers

The increasingly sophisticated environment in which attackers operate makes software security an even greater challenge in open-source projects, where malicious packages are prevalent. Static analysis tools, such as Malcontent, are highly…

Cryptography and Security · Computer Science 2026-01-27 Duc-Ly Vu , Thanh-Cong Nguyen , Minh-Khanh Vu , Ngoc-Thanh Nguyen , Kim-Anh Do Thi

Python is a widely adopted programming language, valued for its simplicity and flexibility. However, its dynamic type system poses significant challenges for automated refactoring - an essential practice in software evolution aimed at…

Software Engineering · Computer Science 2025-11-20 Jonhnanthan Oliveira , Rohit Gheyi , Márcio Ribeiro , Alessandro Garcia

The reuse and distribution of open-source software must be in compliance with its accompanying open-source license. In modern packaging ecosystems, maintaining such compliance is challenging because a package may have a complex…

Software Engineering · Computer Science 2023-08-14 Weiwei Xu , Hao He , Kai Gao , Minghui Zhou

Python has become the most popular programming language as it is friendly to work with for beginners. However, a recent study has found that most security issues in Python have not been indexed by CVE and may only be fixed by 'silent'…

Cryptography and Security · Computer Science 2023-07-25 Shiyu Sun , Shu Wang , Xinda Wang , Yunlong Xing , Elisa Zhang , Kun Sun

Background: Previous studies have shown that up to 99.59 % of the Java apps using crypto APIs misuse the API at least once. However, these studies have been conducted on Java and C, while empirical studies for other languages are missing.…

Software Engineering · Computer Science 2021-09-03 Anna-Katharina Wickert , Lars Baumgärtner , Florian Breitfelder , Mira Mezini

The number of people accessing online services is increasing day by day, and with new users, comes a greater need for effective and responsive cyber-security. Our goal in this study was to find out if there are common patterns within the…

Cryptography and Security · Computer Science 2024-05-15 Gábor Antal , Balázs Mosolygó , Norbert Vándor , Péter Hegedüs

The npm (Node Package Manager) ecosystem is the most important package manager for JavaScript development with millions of users. Consequently, a plethora of earlier work investigated how vulnerability reporting, patch propagation, and in…

Cryptography and Security · Computer Science 2025-06-10 Rajdeep Ghosh , Shiladitya De , Mainack Mondal

There has been a long-standing hypothesis that a software's popularity is related to its security or insecurity in both research and popular discourse. There are also a few empirical studies that have examined the hypothesis, either…

Software Engineering · Computer Science 2025-06-12 Jukka Ruohonen , Qusai Ramadan

Python is very popular because it can be used for a wider audience of developers, data scientists, machine learning experts and so on. Like other programming languages, there are beginner to advanced levels of writing Python code. However,…

Software Engineering · Computer Science 2024-10-11 Indira Febriyanti , Youmei Fan , Kazumasa Shimari , Kenichi Matsumoto , Raula Gaikovina Kula

Tests that cause spurious failures without any code changes, i.e., flaky tests, hamper regression testing, increase maintenance costs, may shadow real bugs, and decrease trust in tests. While the prevalence and importance of flakiness is…

Software Engineering · Computer Science 2022-02-15 Martin Gruber , Stephan Lukasczyk , Florian Kroiß , Gordon Fraser

The popularity of JavaScript has lead to a large ecosystem of third-party packages available via the npm software package registry. The open nature of npm has boosted its growth, providing over 800,000 free and reusable software packages.…

Cryptography and Security · Computer Science 2019-06-10 Markus Zimmermann , Cristian-Alexandru Staicu , Cam Tenny , Michael Pradel

Security policies, such as SECURITY.md files, are now common in open-source projects. They help guide responsible vulnerability reporting and build trust among users and contributors. Despite their growing use, it is still unclear how these…

The open-source software (OSS) ecosystem suffers from security threats caused by malware.However, OSS malware research has three limitations: a lack of high-quality datasets, a lack of malware diversity, and a lack of attack campaign…

Cryptography and Security · Computer Science 2025-04-18 Xiaoyan Zhou , Ying Zhang , Wenjia Niu , Jiqiang Liu , Haining Wang , Qiang Li

Package managers such as NPM, Maven, and PyPI play a pivotal role in open-source software (OSS) ecosystems, streamlining the distribution and management of various freely available packages. The fine-grained details within software packages…

Software Engineering · Computer Science 2024-04-18 Xiaoyan Zhou , Feiran Liang , Zhaojie Xie , Yang Lan , Wenjia Niu , Jiqiang Liu , Haining Wang , Qiang Li

The paper examines the handling times of software vulnerabilities in CPython, the reference implementation and interpreter for the today's likely most popular programming language, Python. The background comes from the so-called…

Cryptography and Security · Computer Science 2025-05-27 Jukka Ruohonen

Package managers have become a vital part of the modern software development process. They allow developers to reuse third-party code, share their own code, minimize their codebase, and simplify the build process. However, recent reports…

Cryptography and Security · Computer Science 2020-12-03 Ruian Duan , Omar Alrawi , Ranjita Pai Kasturi , Ryan Elder , Brendan Saltaformaggio , Wenke Lee

Command injection vulnerabilities are a significant security threat in dynamic languages like Python, particularly in widely used open-source projects where security issues can have extensive impact. With the proven effectiveness of Large…

Software Engineering · Computer Science 2025-05-22 Yuxuan Wang , Jingshu Chen , Qingyang Wang

Modern software development frequently uses third-party packages, raising the concern of supply chain security attacks. Many attackers target popular package managers, like npm, and their users with supply chain attacks. In 2021 there was a…

Cryptography and Security · Computer Science 2022-02-15 Nusrat Zahan , Thomas Zimmermann , Patrice Godefroid , Brendan Murphy , Chandra Maddila , Laurie Williams

While attackers often distribute malware to victims via open-source, community-driven package repositories, these repositories do not currently run automated malware detection systems. In this work, we explore the security goals of the…

Cryptography and Security · Computer Science 2023-09-19 Duc-Ly Vu , Zachary Newman , John Speed Meyers

Software vulnerabilities are a fundamental cause of cyber attacks. Effectively identifying these vulnerabilities is essential for robust cybersecurity, yet it remains a complex and challenging task. In this paper, we present SafePyScript, a…

Software Engineering · Computer Science 2024-11-04 Talaya Farasat , Atiqullah Ahmadzai , Aleena Elsa George , Sayed Alisina Qaderi , Dusan Dordevic , Joachim Posegga