English
Related papers

Related papers: Enhancing Security Patch Identification by Capturi…

200 papers

Software projects are dependent on many third-party libraries, therefore high-risk vulnerabilities can propagate through the dependency chain to downstream projects. Owing to the subjective nature of patch management, software vendors…

Software Engineering · Computer Science 2024-09-16 Mei Han , Lulu Wang , Jianming Chang , Bixin Li , Chunguang Zhang

The absolute majority of software today is developed collaboratively using collaborative version control tools such as Git. It is a common practice that once a vulnerability is detected and fixed, the developers behind the software issue a…

Cryptography and Security · Computer Science 2023-02-07 Nitzan Farhi , Noam Koenigstein , Yuval Shavitt

Applying security patches in open source software timely is critical for ensuring the security of downstream applications. However, it is challenging to apply these patches promptly because notifications of patches are often incomplete and…

Cryptography and Security · Computer Science 2024-06-11 Tianyu Chen , Lin Li , Taotao Qian , Jingyi Liu , Wei Yang , Ding Li , Guangtai Liang , Qianxiang Wang , Tao Xie

The most common use of data visualization is to minimize the complexity for proper understanding. A graph is one of the most commonly used representations for understanding relational data. It produces a simplified representation of data…

Software Engineering · Computer Science 2022-01-26 Md Nadim , Debajyoti Mondal , Chanchal K. Roy

This paper is an introductory discussion on the cause of open source software vulnerabilities, their importance in the cybersecurity ecosystem, and a selection of detection methods. A recent application security report showed 44% of…

Cryptography and Security · Computer Science 2022-03-31 Stuart Millar

Advancing our understanding of software vulnerabilities, automating their identification, the analysis of their impact, and ultimately their mitigation is necessary to enable the development of software that is more secure. While operating…

Software Engineering · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta , Michele Bezzi , Cédric Dangremont

Source code is changed for a reason, e.g., to adapt, correct, or adapt it. This reason can provide valuable insight into the development process but is rarely explicitly documented when the change is committed to a source code repository.…

Software Engineering · Computer Science 2021-05-03 Sebastian Hönel , Morgan Ericsson , Welf Löwe , Anna Wingkvist

Changes in source code are an inevitable part of software development. They are the results of indispensable activities such as fixing bugs or improving functionality. Descriptions for code changes (commit messages) help people better…

Software Engineering · Computer Science 2023-06-27 Thanh Trong Vu , Thanh-Dat Do , Hieu Dinh Vo

Public vulnerability databases such as CVE and NVD account for only 60% of security vulnerabilities present in open-source projects, and are known to suffer from inconsistent quality. Over the last two years, there has been considerable…

Software Engineering · Computer Science 2019-11-19 Achyudh Ram , Ji Xin , Meiyappan Nagappan , Yaoliang Yu , Rocío Cabrera Lozoya , Antonino Sabetta , Jimmy Lin

Commit messages are valuable resources for describing why code changes are committed to repositories in version control systems (e.g., Git). They effectively help developers understand code changes and better perform software maintenance…

Software Engineering · Computer Science 2025-09-22 Hongyu Kuang , Ning Zhang , Hui Gao , Xin Zhou , Wesley K. G. Assunção , Xiaoxing Ma , Dong Shao , Guoping Rong , He Zhang

In response to the prevailing challenges in contemporary software development, this article introduces an innovative approach to code augmentation centered around Impermanent Identifiers. The primary goal is to enhance the software…

A considerable corpus of research on software evolution focuses on mining changes in software repositories, but omits their pre-integration history. We present a novel method for tracking this otherwise invisible evolution of software…

Software Engineering · Computer Science 2024-09-04 Ralf Ramsauer , Daniel Lohmann , Wolfgang Mauerer

Unlike the flow structure of natural languages, programming languages have an inherent rigidity in structure and grammar.However, existing detection methods based on pre-trained models typically treat code as a natural language sequence,…

Software Engineering · Computer Science 2024-11-11 Ziliang Wang , Ge Li , Jia Li , Yihong Dong , Yingfei Xiong , Zhi Jin

Software security is becoming a high priority for both large companies and start-ups alike due to the increasing potential for harm that vulnerabilities and breaches carry with them. However, attaining robust security assurance while…

Software Engineering · Computer Science 2019-08-06 David N. Palacio , Daniel McCrystal , Kevin Moran , Carlos Bernal-Cárdenas , Denys Poshyvanyk , Chris Shenefiel

Open-source software (OSS) supply chain security has become a topic of concern for organizations. Patching an OSS vulnerability can require updating other dependent software products in addition to the original package. However, the…

Software Engineering · Computer Science 2024-04-19 Cadence Patrick , Kimberly Ruth , Zakir Durumeric

Java applications include third-party dependencies as bytecode. To keep these applications secure, researchers have proposed tools to re-identify dependencies that contain known vulnerabilities. Yet, to allow such re-identification, one…

Software Engineering · Computer Science 2024-07-26 Stefan Schott , Wolfram Fischer , Serena Elisa Ponta , Jonas Klauke , Eric Bodden

Automated detection of software vulnerabilities is critical for enhancing security, yet existing methods often struggle with the complexity and diversity of modern codebases. In this paper, we introduce EnStack, a novel ensemble stacking…

Software Engineering · Computer Science 2024-11-26 Shahriyar Zaman Ridoy , Md. Shazzad Hossain Shaon , Alfredo Cuzzocrea , Mst Shapna Akter

One of the most significant challenges in the field of software code auditing is the presence of vulnerabilities in software source code. Every year, more and more software flaws are discovered, either internally in proprietary code or…

Cryptography and Security · Computer Science 2023-06-16 Mst Shapna Akter , Hossain Shahriar , Juan Rodriguez Cardenas , Sheikh Iqbal Ahamed , Alfredo Cuzzocrea

Ethereum smart contracts are an innovation built on top of the blockchain technology, which provides a platform for automatically executing contracts in an anonymous, distributed, and trusted way. The problem is magnified by the fact that…

Cryptography and Security · Computer Science 2019-11-07 Jialiang Chang , Bo Gao , Hao Xiao , Jun Sun , Yan Cai , Zijiang Yang

In software development, developers frequently apply maintenance activities to the source code that change a few lines by a single commit. A good understanding of the characteristics of such small changes can support quality assurance…

Software Engineering · Computer Science 2024-05-16 Masanari Kondo , Daniel M. German , Yasutaka Kamei , Naoyasu Ubayashi , Osamu Mizuno