English
Related papers

Related papers: Towards Immediate Feedback for Security Relevant C…

200 papers

Following the recent release of AI assistants, such as OpenAI's ChatGPT and GitHub Copilot, the software industry quickly utilized these tools for software development tasks, e.g., generating code or consulting AI for advice. While recent…

Safety-critical software systems are those whose failure or malfunction could result in casualty and/or serious financial loss. In such systems, safety assurance cases (SACs) are an emerging approach that adopts a proactive strategy to…

Software Engineering · Computer Science 2018-03-23 Jinghui Cheng , Micayla Goodrum , Ronald Metoyer , Jane Cleland-Huang

In Rust, unsafe code is the sole source of potential undefined behaviors. To avoid misuse, Rust developers should clarify the safety properties for each unsafe API. However, the community currently lacks a key standard for safety…

Programming Languages · Computer Science 2026-04-28 Zihao Rao , Jiping Zhou , Hongliang Tian , Xin Wang , Hui Xu

Background. Developers use Automated Static Analysis Tools (ASATs) to control for potential quality issues in source code, including defects and technical debt. Tool vendors have devised quite a number of tools, which makes it harder for…

Software Engineering · Computer Science 2021-01-25 Valentina Lenarduzzi , Savanna Lujan , Nyyti Saarimaki , Fabio Palomba

Self-Admitted Technical Debt (SATD) encompasses a wide array of sub-optimal design and implementation choices reported in software artefacts (e.g., code comments and commit messages) by developers themselves. Such reports have been central…

Software Engineering · Computer Science 2024-03-05 Nicolás E. Díaz Ferreyra , Mojtaba Shahin , Mansooreh Zahedi , Sodiq Quadri , Ricardo Scandariato

Mobile applications (apps) have become an essential part of everyday life, offering convenient access to services such as banking, healthcare, and shopping. With these apps handling sensitive personal and financial data, ensuring their…

Cryptography and Security · Computer Science 2024-08-20 Anthony Peruma , Timothy Huo , Ana Catarina Araújo , Jake Imanaka , Rick Kazman

Static code analysis tools are designed to aid software developers to build better quality software in less time, by detecting defects early in the software development life cycle. Even the most experienced developer regularly introduces…

Distributed, Parallel, and Cluster Computing · Computer Science 2021-02-05 Manuel Arenaz , Xavier Martorell

As security becomes more relevant for many companies, the popularity of static program analysis (SPA) tools is increasing. In this paper, we target the use of SPA tools among companies in Germany with a focus on security. We give insights…

Cryptography and Security · Computer Science 2022-08-15 Goran Piskachev , Stefan Dziwok , Thorsten Koch , Sven Merschjohan , Eric Bodden

Many tools and libraries are readily available to build and operate distributed Web applications. While the setup of operational environments is comparatively easy, practice shows that their continuous secure operation is more difficult to…

Cryptography and Security · Computer Science 2012-07-13 Matteo Maria Casalino , Michele Mangili , Henrik Plate , Serena Elisa Ponta

Web applications continue to be a favorite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high impact vulnerabilities. Static analysis tools are important to…

Cryptography and Security · Computer Science 2022-01-19 Ibéria Medeiros , Nuno Neves , Miguel Correia

Agile development methods are commonly used to iteratively develop the information systems and they can easily handle ever-changing business requirements. Scrum is one of the most popular agile software development frameworks. The…

Software Engineering · Computer Science 2015-04-07 Martin Tomanek , Tomas Klima

Safety-critical system's failure or malfunction can cause loss of human lives or damage to the physical environment; therefore, continuous safety assessment is crucial for such systems. In many domains this includes the use of Safety…

Software Engineering · Computer Science 2023-07-17 Ankit Agrawal , Jane Cleland-Huang

Code completion is an important feature of integrated development environments (IDEs). It allows developers to produce code faster, especially novice ones who are not fully familiar with APIs and others code. Previous works on code…

Software Engineering · Computer Science 2020-11-03 M. Weyssow , H. Sahraoui , B. Frénay , B. Vanderose

Version control systems for source code, such as Git, are key tools in modern software development environments. Many developers use online services, such as GitHub or GitLab, for collaborative software development. While software projects…

Cryptography and Security · Computer Science 2022-11-15 Alexander Krause , Jan H. Klemmer , Nicolas Huaman , Dominik Wermke , Yasemin Acar , Sascha Fahl

Turing completeness has made Ethereum smart contracts attractive to blockchain developers and attackers alike. To increase code security, many tools can now spot most known vulnerabilities$-$at the cost of production efficiency. Recent…

Cryptography and Security · Computer Science 2024-10-23 Tommaso Oss , Carlos E. Budde

Over the last years, the number of cyber-attacks on industrial control systems has been steadily increasing. Among several factors, proper software development plays a vital role in keeping these systems secure. To achieve secure software,…

Software Engineering · Computer Science 2021-02-23 Tiago Espinha Gasiba , Ulrike Lechner , Maria Pinto-Albuquerque , Anmoal Porwal

Integrating security into agile software development is an open issue for research and practice. Especially in strongly regulated industries, complexity increases not only when scaling agile practices but also when aiming for compliance…

Software Engineering · Computer Science 2021-05-31 Fabiola Moyón , Daniel Méndez Fernández , Kristian Beckers , Sebastian Klepper

The C and C++ programming languages are notoriously insecure yet remain indispensable. Developers therefore resort to a multi-pronged approach to find security issues before adversaries. These include manual, static, and dynamic program…

Cryptography and Security · Computer Science 2018-06-13 Dokyung Song , Julian Lettner , Prabhu Rajasekaran , Yeoul Na , Stijn Volckaert , Per Larsen , Michael Franz

We present a second iteration of a machine learning approach to static code analysis and fingerprinting for weaknesses related to security, software engineering, and others using the open-source MARF framework and the MARFCAT application…

Cryptography and Security · Computer Science 2013-05-13 Serguei A. Mokhov , Joey Paquet , Mourad Debbabi , Yankui Sun

Frequently advised secure development recommendations often fall short in practice for app developers. Tool-driven (e.g., using static analysis tools) approaches lack context and domain-specific requirements of an app being tested. App…

Software Engineering · Computer Science 2021-11-04 Muhammad Sajidur Rahman , Blas Kojusner , Ryon Kennedy , Prerit Pathak , Lin Qi , Byron Williams
‹ Prev 1 3 4 5 6 7 10 Next ›