English
Related papers

Related papers: LibDB: An Effective and Efficient Framework for De…

200 papers

Modern software systems are increasingly dependent on third-party libraries. It is widely recognized that using mature and well-tested third-party libraries can improve developers' productivity, reduce time-to-market, and produce more…

Software Engineering · Computer Science 2016-12-07 Mohamed Aymen Saied , Ali Ouni , Houari Sahraoui , Raula Gaikovina Kula , Katsuro Inoue , David Lo

Function-level binary code similarity detection is a crucial aspect of cybersecurity. It enables the detection of bugs and patent infringements in released software and plays a pivotal role in preventing supply chain attacks. A practical…

Cryptography and Security · Computer Science 2023-12-27 Sun RuiJin , Guo Shize , Guo Jinhong , Li Wei , Zhan Dazhi , Sun Meng , Pan Zhisong

Binary similarity detection is a critical technique that has been applied in many real-world scenarios where source code is not available, e.g., bug search, malware analysis, and code plagiarism detection. Existing works are ineffective in…

Cryptography and Security · Computer Science 2023-08-04 Zian Liu , Zhi Zhang , Siqi Ma , Dongxi Liu , Jun Zhang , Chao Chen , Shigang Liu , Muhammad Ejaz Ahmed , Yang Xiang

Automated debugging, long pursued in a variety of fields from software engineering to cybersecurity, requires a framework that offers the building blocks for a programmable debugging workflow. However, existing debuggers are primarily…

Software Engineering · Computer Science 2025-06-06 Gabriele Digregorio , Roberto Alessandro Bertolini , Francesco Panebianco , Mario Polino

Developers usually use TPLs to facilitate the development of the projects to avoid reinventing the wheels, however, the vulnerable TPLs indeed cause severe security threats. The majority of existing research only considered whether projects…

Software Engineering · Computer Science 2024-09-05 Fangyuan Zhang , Lingling Fan , Sen Chen , Miaoying Cai , Sihan Xu , Lida Zhao

Visual Programming Languages (VPLs), coupled with the high-level abstractions that are commonplace in visual programming environments, enable users with less technical knowledge to become proficient programmers. However, the lower skill…

Software Engineering · Computer Science 2021-07-16 Miguel Terra-Neves , João Nadkarni , Miguel Ventura , Pedro Resende , Hugo Veiga , António Alegria

This paper is the result of a two month research internship on the topic of library version identification. In this paper, ideas and techniques from literature in the area of binary comparison and fingerprinting are outlined and applied to…

Cryptography and Security · Computer Science 2017-03-02 Thomas Rinsma

The identification of vulnerabilities is an important element in the software development life cycle to ensure the security of software. While vulnerability identification based on the source code is a well studied field, the identification…

Cryptography and Security · Computer Science 2022-12-05 Andreas Schaad , Dominik Binder

Open-Source Projects and Libraries are being used in software development while also bearing multiple security vulnerabilities. This use of third party ecosystem creates a new kind of attack surface for a product in development. An…

Software Engineering · Computer Science 2018-08-15 Lorenzo Neil , Sudip Mittal , Anupam Joshi

The privacy of personal information has received significant attention in mobile software. Although previous researchers have designed some methods to identify the conflict between app behavior and privacy policies, little is known about…

Software Engineering · Computer Science 2023-09-12 Kaifa Zhao , Xian Zhan , Le Yu , Shiyao Zhou , Hao Zhou , Xiapu Luo , Haoyu Wang , Yepang Liu

Third-party Python libraries introduce dependency management overhead, supply chain risk, and deployment friction in constrained environments. A natural question is how much of this ecosystem can be replicated using only Python's standard…

Software Engineering · Computer Science 2026-05-21 Peng Ding , Rick Stevens

Third-party libraries are a central building block to develop software systems. However, outdated third-party libraries are commonly used, and developers are usually less aware of the potential risks. Therefore, a quantitative and holistic…

Software Engineering · Computer Science 2020-02-26 Ying Wang , Bihuan Chen , Kaifeng Huang , Bowen Shi , Congying Xu , Xin Peng , Yang Liu , Yijian Wu

In the current software development environment, third-party libraries play a crucial role. They provide developers with rich functionality and convenient solutions, speeding up the pace and efficiency of software development. However, with…

Software Engineering · Computer Science 2024-04-30 Jia Zeng , Dan Han , Yaling Zhu , Yangzhong Wang , Fangchen Weng

Background: Leaking sensitive information - such as API keys, tokens, and credentials - in source code remains a persistent security threat. Traditional regex and entropy-based tools often generate high false positives due to limited…

Software Engineering · Computer Science 2025-07-29 Md Nafiu Rahman , Sadif Ahmed , Zahin Wahab , S M Sohan , Rifat Shahriyar

Recent advances in LLM-based decompilers have been shown effective to convert low-level binaries into human-readable source code. However, there still lacks a comprehensive benchmark that provides large-scale binary-source function pairs,…

Software Engineering · Computer Science 2025-10-21 Hanzhuo Tan , Xiaolong Tian , Hanrui Qi , Jiaming Liu , Zuchen Gao , Siyi Wang , Qi Luo , Jing Li , Yuqun Zhang

Understanding TTPs (Tactics, Techniques, and Procedures) in malware binaries is essential for security analysis and threat intelligence, yet remains challenging in practice. Real-world malware binaries are typically stripped of symbols,…

Cryptography and Security · Computer Science 2026-02-09 Zhou Xuan , Xiangzhe Xu , Mingwei Zheng , Louis Zheng-Hua Tan , Jinyao Guo , Tiantai Zhang , Le Yu , Chengpeng Wang , Xiangyu Zhang

Binary code analysis plays a pivotal role in the field of software security and is widely used in tasks such as software maintenance, malware detection, software vulnerability discovery, patch analysis, etc. However, unlike source code,…

Software Engineering · Computer Science 2025-05-01 Xiuwei Shang , Zhenkan Fu , Shaoyin Cheng , Guoqiang Chen , Gangyang Li , Li Hu , Weiming Zhang , Nenghai Yu

A fundamental problem in cybersecurity and computer science is determining whether a program is free of bugs and vulnerabilities. Fuzzing, a popular approach to discovering vulnerabilities in programs, has several advantages over…

Cryptography and Security · Computer Science 2026-01-27 Ian Hardgrove , John D. Hastings

Vulnerability prediction is valuable in identifying security issues efficiently, even though it requires the source code of the target software system, which is a restrictive hypothesis. This paper presents an experimental study to predict…

Cryptography and Security · Computer Science 2025-04-01 D. Cotroneo , F. C. Grasso , R. Natella , V. Orbinato

Security of software supply chains is necessary to ensure that software updates do not contain maliciously injected code or introduce vulnerabilities that may compromise the integrity of critical infrastructure. Verifying the integrity of…