English
Related papers

Related papers: Less is More: Supporting Developers in Vulnerabili…

200 papers

The phenomenon of architecture erosion can negatively impact the maintenance and evolution of software systems, and manifest in a variety of symptoms during software development. While erosion is often considered rather late, its symptoms…

Software Engineering · Computer Science 2022-01-05 Ruiyin Li , Mohamed Soliman , Peng Liang , Paris Avgeriou

Software supply chain attacks have increased exponentially since 2020. The primary attack vectors for supply chain attacks are through: (1) software components; (2) the build infrastructure; and (3) humans (a.k.a software practitioners).…

Cryptography and Security · Computer Science 2025-09-11 Laurie Williams , Sammy Migues

In this paper, we present a challenging code reasoning task: vulnerability detection. Large Language Models (LLMs) have shown promising results in natural-language and math reasoning, but state-of-the-art (SOTA) models reported only 54.5%…

Software Engineering · Computer Science 2025-01-09 Benjamin Steenhoek , Md Mahbubur Rahman , Monoshi Kumar Roy , Mirza Sanjida Alam , Hengbo Tong , Swarna Das , Earl T. Barr , Wei Le

Background: Noise, defined as an unwanted sound, is one of the commonest factors that could affect people's performance in their daily work activities. The software engineering research community has marginally investigated the effects of…

Software Engineering · Computer Science 2018-07-12 Simone Romano , Giuseppe Scanniello , Davide Fucci , Natalia Juristo , Burak Turhan

Vulnerability detection is crucial to protect software security. Nowadays, deep learning (DL) is the most promising technique to automate this detection task, leveraging its superior ability to extract patterns and representations within…

Software Engineering · Computer Science 2026-02-13 Yuejun Guo , Qiang Hu , Qiang Tang , Yves Le Traon

Static security analysis is a widely used technique for detecting software vulnerabilities across a wide range of weaknesses, application domains, and programming languages. While prior work surveyed static analyzes for specific weaknesses…

Cryptography and Security · Computer Science 2026-02-23 Kevin Hermann , Sven Peldszus , Thorsten Berger

Alert fatigue is a common issue faced by software teams using the DevSecOps paradigm. The overwhelming number of warnings and alerts generated by security and code scanning tools, particularly in smaller teams where resources are limited,…

Cryptography and Security · Computer Science 2025-10-15 Nikolaos Lykousas , Vasileios Argyropoulos , Fran Casino

Recent advancements in large language models (LLMs) have highlighted the potential for vulnerability detection, a crucial component of software quality assurance. Despite this progress, most studies have been limited to the perspective of a…

Software Engineering · Computer Science 2024-05-21 Zhenyu Mao , Jialong Li , Dongming Jin , Munan Li , Kenji Tei

Peer code review and continuous integration often interleave with each other in the modern software quality management. Although several studies investigate how non-technical factors (e.g., reviewer workload), developer participation and…

Software Engineering · Computer Science 2018-07-06 Mohammad Masudur Rahman , Chanchal K. Roy

Context. Modern Code Review (MCR) is being adopted in both open source and commercial projects as a common practice. MCR is a widely acknowledged quality assurance practice that allows early detection of defects as well as poor coding…

Software Engineering · Computer Science 2021-10-01 Moataz Chouchen , Jefferson Olongo , Ali Ouni , Mohamed Wiem Mkaouer

Developers rely on open-source packages and must review dependencies to safeguard against vulnerable or malicious upstream code. A careful review of all dependencies changes often does not occur in practice. Therefore, developers need…

Software Engineering · Computer Science 2025-07-24 Sivana Hamer , Nasif Imtiaz , Mahzabin Tamanna , Preya Shabrina , Laurie Williams

Code Review plays a crucial role in software quality, by allowing reviewers to discuss and critique any new patches before they can be successfully integrated into the project code. Yet, it is unsure the extent to which coding pattern…

Software Engineering · Computer Science 2021-03-17 Panyawut Sri-iesaranusorn , Raula Gaikovina Kula , Takashi Ishio

Zero-day vulnerabilities can be accidentally or maliciously placed in code and can remain in place for years. In this study, we address an aspect of their longevity by considering the likelihood that they will be discovered in the code…

Cryptography and Security · Computer Science 2018-09-03 Andrew J. Lohn

Background: As most of the software development organizations are male-dominated, female developers encountering various negative workplace experiences reported feeling like they "do not belong". Exposures to discriminatory expletives or…

Computers and Society · Computer Science 2018-12-14 Rajshakhar Paul , Amiangshu Bosu , Kazi Zakia Sultana

Developers spend a large portion of their time and effort on comprehending source code. While many studies have investigated how developers approach these comprehension tasks and what factors influence their success, less is known about how…

Software Engineering · Computer Science 2019-08-01 Chak Shun Yu , Christoph Treude , Maurício Aniche

The area of software development and secure coding can benefit significantly from advancements in virtual assistants. Research has shown that many coders neglect security in favor of meeting deadlines. This shortcoming leaves systems…

Cryptography and Security · Computer Science 2021-05-14 Fitzroy D. Nembhard , Marco M. Carvalho

Background: Modern Code Review (MCR) is a key component for delivering high-quality software and sharing knowledge among developers. Effective reviews require an in-depth understanding of the code and demand from the reviewers to…

Software Engineering · Computer Science 2024-02-16 Michael Unterkalmsteiner , Deepika Badampudi , Ricardo Britto , Nauman bin Ali

Due to the growing number of cyber attacks against computer systems, we need to pay special attention to the security of our software systems. In order to maximize the effectiveness, excluding the human component from this process would be…

Cryptography and Security · Computer Science 2021-05-18 Tamás Viszkok , Péter Hegedűs , Rudolf Ferenc

Unreadable code could be a breeding ground for errors. Thus, previous work defined approaches based on machine learning to automatically assess code readability that can warn developers when some code artifacts (e.g., classes) become…

Software Engineering · Computer Science 2025-03-12 Antonio Vitale , Emanuela Guglielmi , Rocco Oliveto , Simone Scalabrino

Code quality remains an abstract concept that fails to get traction at the business level. Consequently, software companies keep trading code quality for time-to-market and new features. The resulting technical debt is estimated to waste up…

Software Engineering · Computer Science 2022-03-10 Adam Tornhill , Markus Borg