English
Related papers

Related papers: Cerberus: Query-driven Scalable Vulnerability Dete…

200 papers

Data-driven research on the automated discovery and repair of security vulnerabilities in source code requires comprehensive datasets of real-life vulnerable code and their fixes. To assist in such research, we propose a method to…

Software Engineering · Computer Science 2022-02-08 Guru Prasad Bhandari , Amara Naseer , Leon Moonen

In open-source software (OSS), software vulnerabilities have significantly increased. Although researchers have investigated the perspectives of vulnerability reporters and OSS contributor security practices, understanding the perspectives…

Software Engineering · Computer Science 2025-02-04 Jessy Ayala , Yu-Jye Tung , Joshua Garcia

Deep learning solutions for vulnerability detection proposed in academic research are not always accessible to developers, and their applicability in industrial settings is rarely addressed. Transferring such technologies from academia to…

Software Engineering · Computer Science 2025-11-25 Moritz Mock , Thomas Forrer , Barbara Russo

Due to convenience, open-source software is widely used. For beneficial reasons, open-source maintainers often fix the vulnerabilities silently, exposing their users unaware of the updates to threats. Previous works all focus on black-box…

Cryptography and Security · Computer Science 2023-02-16 Jiamou Sun , Zhenchang Xing , Qinghua Lu , Xiwei Xu , Liming Zhu , Thong Hoang , Dehai Zhao

Deep learning has been shown to be a promising tool in detecting software vulnerabilities. In this work, we train neural networks with program slices extracted from the source code of C/C++ programs to detect software vulnerabilities. The…

Cryptography and Security · Computer Science 2024-05-29 Zhen Huang , Amy Aumpansub

Debugging CUDA programs has long been challenging because failures often arise from subtle interactions among hardware behavior, compiler decisions, memory hierarchy, and asynchronous execution. More importantly, with the rapid expansion of…

Machine Learning · Computer Science 2026-05-27 Shiyang Li , Haoyang Chen , Mattia Fazzini , Caiwen Ding

Mainstream software applications and tools are the configurable platforms with an enormous number of parameters along with their values. Certain settings and possible interactions between these parameters may harden (or soften) the security…

Software Engineering · Computer Science 2020-06-17 Shuvalaxmi Dass , Akbar Siami Namin

Securing critical assets in a bus-based System-On-Chip (SoC) is imperative to mitigate potential vulnerabilities and prevent unauthorized access, ensuring the integrity, availability, and confidentiality of the system. Ensuring security…

Cryptography and Security · Computer Science 2023-08-15 Sudipta Paria , Aritra Dasgupta , Swarup Bhunia

Binary verification plays a pivotal role in software security, yet building a verification service that is both open and trustworthy poses a formidable challenge. In this paper, we introduce a novel binary verification service, AGORA,…

Cryptography and Security · Computer Science 2025-10-14 Hongbo Chen , Quan Zhou , Sen Yang , Xing Han , Fan Zhang , Danfeng Zhang , Xiaofeng Wang

Kubernetes, an open-source platform for automating the deployment, scaling, and management of containerized applications, is widely used for its efficiency and scalability. However, its complexity and extensive configuration options often…

Cryptography and Security · Computer Science 2024-08-08 Eoghan Russell , Kapal Dev

The sources of reliable, code-level information about vulnerabilities that affect open-source software (OSS) are scarce, which hinders a broad adoption of advanced tools that provide code-level detection and assessment of vulnerable OSS…

Software Engineering · Computer Science 2021-05-10 Therese Fehrer , Rocío Cabrera Lozoya , Antonino Sabetta , Dario Di Nucci , Damian A. Tamburri

Open-source software (OSS) has experienced a surge in popularity, attributed to its collaborative development model and cost-effective nature. However, the adoption of specific software versions in development projects may introduce…

Software Engineering · Computer Science 2025-08-15 Yiran Cheng , Ting Zhang , Lwin Khin Shar , Shouguo Yang , Chaopeng Dong , David Lo , Shichao Lv , Zhiqiang Shi , Limin Sun

Smart contract developers frequently seek solutions to developmental challenges on Q&A platforms such as Stack Overflow (SO). Although community responses often provide viable solutions, the embedded code snippets can also contain hidden…

Software Engineering · Computer Science 2024-07-24 Jiachi Chen , Chong Chen , Jiang Hu , John Grundy , Yanlin Wang , Ting Chen , Zibin Zheng

Discovering vulnerabilities in applications of real-world complexity is a daunting task: a vulnerability may affect a single line of code, and yet it compromises the security of the entire application. Even worse, vulnerabilities may…

Cryptography and Security · Computer Science 2020-12-10 Gabriele Costa , Andrea Valenza

Security vulnerabilities present in a code that has been written in diverse programming languages are among the most critical yet complicated aspects of source code to detect. Static analysis tools based on rule-based patterns usually do…

Cryptography and Security · Computer Science 2025-08-19 Hael Abdulhakim Ali Humran , Ferdi Sonmez

In the rapidly evolving landscape of software development, addressing security vulnerabilities in open-source software (OSS) has become critically important. However, existing research and tools from both academia and industry mainly relied…

Software Engineering · Computer Science 2025-04-01 Lyuye Zhang , Jiahui Wu , Chengwei Liu , Kaixuan Li , Xiaoyu Sun , Lida Zhao , Chong Wang , Yang Liu

We present AuthREST, an open-source security testing tool targeting broken authentication, one of the most prevalent API security risks in the wild. AuthREST automatically tests web APIs for credential stuffing, password brute forcing, and…

Cryptography and Security · Computer Science 2025-09-15 Davide Corradini , Mariano Ceccato , Mohammad Ghafari

Developers often build software on top of third-party libraries (Libs) to improve productivity, but these libraries may contain vulnerabilities that enable supply chain attacks. Existing tools detect vulnerable dependencies, yet developers…

Cryptography and Security · Computer Science 2026-03-31 Ying Zhang , Wenjia Song , Zhengjie Ji , Danfeng , Yao , Na Meng

Cloud computing services provide scalable and cost-effective solutions for data storage, processing, and collaboration. With their growing popularity, concerns about security vulnerabilities are increasing. To address this, first, we…

Cryptography and Security · Computer Science 2024-12-25 Mikhail Kazdagli , Mohit Tiwari , Akshat Kumar

In this paper, we investigate the strategies adopted by Solidity developers to fix security vulnerabilities in smart contracts. Vulnerabilities are categorized using the DASP TOP 10 taxonomy, and fixing strategies are extracted from GitHub…