English
Related papers

Related papers: Making Secure Software Insecure without Changing I…

200 papers

Docker offers an ecosystem that offers a platform for application packaging, distributing, and managing within containers. However, the Docker platform has not yet matured. Presently, Docker is less secured than virtual machines (VM) and…

Cryptography and Security · Computer Science 2023-04-25 Robail Yasrab

With the wave of high-profile supply chain attacks targeting development and client organizations, supply chain security has recently become a focal point. As a result, there is an elevated discussion on securing the development environment…

For companies developing web-based applications, the Dev and the Ops refer to different groups with either operational or development focus. Therefore, DevOps help these companies streamline software development and operations activities by…

Software Engineering · Computer Science 2024-03-26 Anas Dakkak , Jan Bosch , Helena Holmström Olsson

We inspected 45 actively deployed Operational Technology (OT) product families from ten major vendors and found that every system suffers from at least one trivial vulnerability. We reported a total of 53 weaknesses, stemming from insecure…

Cryptography and Security · Computer Science 2023-03-23 Jos Wetzels , Daniel dos Santos , Mohammad Ghafari

The software supply chain involves a multitude of tools and processes that enable software developers to write, build, and ship applications. Recently, security compromises of tools or processes has led to a surge in proposals to address…

Cryptography and Security · Computer Science 2022-09-12 Marcela S. Melara , Mic Bowman

Nowadays, the use of agile software development methods like Scrum is common in industry and academia. Considering the current attacking landscape, it is clear that developing secure software should be a main concern in all software…

Cryptography and Security · Computer Science 2015-07-13 Christoph Pohl , Hans-Joachim Hof

GitHub is a popular data repository for code examples. It is being continuously used to train several AI-based tools to automatically generate code. However, the effectiveness of such tools in correctly demonstrating the usage of…

Cryptography and Security · Computer Science 2022-11-28 Catherine Tony , Nicolás E. Díaz Ferreyra , Riccardo Scandariato

Software reuse may result in software bloat when significant portions of application dependencies are effectively unused. Several tools exist to remove unused (byte)code from an application or its dependencies, thus producing smaller…

Software Engineering · Computer Science 2021-08-12 Serena Elisa Ponta , Wolfram Fischer , Henrik Plate , Antonino Sabetta

Integrating security activities into the software development lifecycle to detect security flaws is essential for any project. These activities produce reports that must be managed and looped back to project stakeholders like developers to…

Software Engineering · Computer Science 2022-04-20 Markus Voggenreiter , Ulrich Schöpp

Software systems have grown as an indispensable commodity used across various industries, and almost all essential services depend on them for effective operation. The software is no longer an independent or stand-alone piece of code…

Software Engineering · Computer Science 2025-05-29 Ritwik Murali , Akash Ravi

Internet users increasingly rely on commercial virtual private network (VPN) services to protect their security and privacy. The VPN services route the client's traffic over an encrypted tunnel to a VPN gateway in the cloud. Thus, they hide…

Cryptography and Security · Computer Science 2019-12-11 Thanh Bui , Siddharth Prakash Rao , Markku Antikainen , Tuomas Aura

Using open-source dependencies is essential in modern software development. However, this practice implies significant trust in third-party code, while there is little support for developers to assess this trust. As a consequence, attacks…

Software Engineering · Computer Science 2025-09-08 Raphina Liu , Sofia Bobadilla , Benoit Baudry , Martin Monperrus

Trusted Execution Environments (TEEs) are gradually adopted by major cloud providers, offering a practical option of \emph{confidential computing} for users who don't fully trust public clouds. TEEs use CPU-enabled hardware features to…

Cryptography and Security · Computer Science 2023-08-15 AKM Mubashwir Alam , Keke Chen

DevOps processes comply with principles and offer practices with main objective to support efficiently the evolution of IT systems. To be efficient a DevOps process relies on a set of integrated tools. DevOps is the first required…

Software Engineering · Computer Science 2019-04-05 Evgeny Bobrov , Antonio Bucchiarone , Alfredo Capozucca , Nicolas Guelfi , Manuel Mazzara , Alexandr Naumchev , Larisa Safina

Recent attacks have broken process isolation by exploiting microarchitectural side channels that allow indirect access to shared microarchitectural state. Enclaves strengthen the process abstraction to restore isolation guarantees. We…

Cryptography and Security · Computer Science 2019-08-30 Thomas Bourgeat , Ilia Lebedev , Andrew Wright , Sizhuo Zhang , Arvind , Srinivas Devadas

Vulnerabilities in open-source software can cause cascading effects in the modern digital ecosystem. It is especially worrying if these vulnerabilities repeat across many projects, as once the adversaries find one of them, they can scale up…

Cryptography and Security · Computer Science 2025-05-27 Jafar Akhoundali , Hamidreza Hamidi , Kristian Rietveld , Olga Gadyatskaya

This study investigates vulnerabilities in dependencies of sampled open-source software (OSS) projects, the relationship between these and overall project security, and how developers' behaviors and practices influence their mitigation.…

Cryptography and Security · Computer Science 2024-08-27 Janislley Oliveira de Sousa , Bruno Carvalho de Farias , Eddie Batista de Lima Filho , Lucas Carvalho Cordeiro

For Model-Driven Engineering (MDE) to become Agile, it is has to be usable with and for DevOps as the technical basis of Agility. We describe our experiences in implementing and applying the BB8 architecture that provides a means to reuse…

Software Engineering · Computer Science 2021-11-24 Jörn Guy Süß , Samantha Swift , Eban Escott

Sensitive applications running on the cloud often require data to be stored in an encrypted domain. To run data mining algorithms on such data, partially homomorphic encryption schemes (allowing certain operations in the ciphertext domain)…

Cryptography and Security · Computer Science 2023-08-08 Tikaram Sanyashi , Bernard Menezes

As the use of DevOps practices continues to grow, organizations are seeking ways to improve collaboration, speed up development cycles, and increase security, transparency, and traceability. Blockchain technology has the potential to…

Cryptography and Security · Computer Science 2023-06-02 Muhammad Shoaib Farooq , Usman Ali