English
Related papers

Related papers: Detecting Security Patches via Behavioral Data in …

200 papers

Logging is a significant programming practice. Due to the highly transactional nature of modern software applications, massive amount of logs are generated every day, which may overwhelm developers. Logging information overload can be…

Software Engineering · Computer Science 2022-07-20 Yiming Tang , Allan Spektor , Raffi Khatchadourian , Mehdi Bagherzadeh

With software system complexity leading to the rise of software defects, research efforts have been done on techniques towards predicting software defects and Just-in-time (JIT) defect prediction which predicts whether a code change is…

Software Engineering · Computer Science 2021-10-05 Giuseppe Ng , Charibeth Cheng

With the rapid growth of software scale and complexity, a large number of bug reports are submitted to the bug tracking system. In order to speed up defect repair, these reports need to be accurately classified so that they can be sent to…

Software Engineering · Computer Science 2022-08-03 Fanqi Meng , Xuesong Wang , Jingdong Wang , Peifang Wang

Vulnerability identification is crucial to protect software systems from attacks for cyber-security. However, huge projects have more than millions of lines of code, and the complex dependencies make it hard to carry out traditional static…

Cryptography and Security · Computer Science 2023-11-01 Shuo Liu , Gail Kaiser

GitHub is one of the most widely used public code development platform. However, the code hosted publicly on the platform is vulnerable to commit spoofing that allows an adversary to introduce malicious code or commits into the repository…

Software Engineering · Computer Science 2025-04-29 Anupam Sharma , Sreyashi Karmakar , Gayatri Priyadarsini Kancherla , Abhishek Bichhawat

Android apps include third-party native libraries to increase performance and to reuse functionality. Native code is directly executed from apps through the Java Native Interface or the Android Native Development Kit. Android developers add…

Cryptography and Security · Computer Science 2021-03-04 Sumaya Almanee , Arda Unal , Mathias Payer , Joshua Garcia

Attacks against computer systems exploiting software vulnerabilities can cause substantial damage to the cyber-infrastructure of our modern society and economy. To minimize the consequences, it is vital to detect and fix vulnerabilities as…

Software Engineering · Computer Science 2023-04-18 Son Nguyen , Thu-Trang Nguyen , Thanh Trong Vu , Thanh-Dat Do , Kien-Tuan Ngo , Hieu Dinh Vo

In an increasingly interconnected and data-driven world, the importance of robust security measures cannot be overstated. A knowledge graph constructed with information extracted from the system along with the desired security behavior can…

Cryptography and Security · Computer Science 2023-12-11 M. Xie , T. Rahat , W. Wang , Y. Tian

Throughout 2021, GitGuardian's monitoring of public GitHub repositories revealed a two-fold increase in the number of secrets (database credentials, API keys, and other credentials) exposed compared to 2020, accumulating more than six…

Software Engineering · Computer Science 2023-01-31 Setu Kumar Basak , Lorenzo Neil , Bradley Reaves , Laurie Williams

Open-source software (OSS) greatly facilitates program development for developers. However, the high number of vulnerabilities in open-source software is a major concern, including in Golang, a relatively new programming language. In…

Software Engineering · Computer Science 2024-01-18 Jinchang Hu , Lyuye Zhang , Chengwei Liu , Sen Yang , Song Huang , Yang Liu

Eliminating vulnerabilities from low-level code is vital for securing software. Static analysis is a promising approach for discovering vulnerabilities since it can provide developers early feedback on the code they write. But, it presents…

Cryptography and Security · Computer Science 2016-04-07 Bhargava Shastry , Fabian Yamaguchi , Konrad Rieck , Jean-Pierre Seifert

Are malicious repositories hiding under the educational label in GitHub? Recent studies have identified collections of GitHub repositories hosting malware source code with notable collaboration among the developers. Thus, analyzing GitHub…

Software Engineering · Computer Science 2024-03-08 Md Rayhanul Masud , Michalis Faloutsos

The art of finding software vulnerabilities has been covered extensively in the literature and there is a huge body of work on this topic. In contrast, the intentional insertion of exploitable, security-critical bugs has received little…

Cryptography and Security · Computer Science 2020-07-07 Jannik Pewny , Thorsten Holz

The Go programming language aims to provide memory and thread safety through measures such as automated memory management with garbage collection and a strict type system. However, it also offers a way of circumventing this safety net…

Cryptography and Security · Computer Science 2020-10-23 Johannes Lauinger , Lars Baumgärtner , Anna-Katharina Wickert , Mira Mezini

Background: Performance bugs can lead to severe issues regarding computation efficiency, power consumption, and user experience. Locating these bugs is a difficult task because developers have to judge for every costly operation whether…

Software Engineering · Computer Science 2017-07-03 Sebastian Baltes , Oliver Moseler , Fabian Beck , Stephan Diehl

Java applications include third-party dependencies as bytecode. To keep these applications secure, researchers have proposed tools to re-identify dependencies that contain known vulnerabilities. Yet, to allow such re-identification, one…

Software Engineering · Computer Science 2024-07-26 Stefan Schott , Wolfram Fischer , Serena Elisa Ponta , Jonas Klauke , Eric Bodden

Bug reports are common artefacts in software development. They serve as the main channel for users to communicate to developers information about the issues that they encounter when using released versions of software programs. In the…

Software Engineering · Computer Science 2021-12-21 Arthur D. Sawadogo , Quentin Guimard , Tegawendé F. Bissyandé , Abdoul Kader Kaboré , Jacques Klein , Naouel Moha

LLM-based coding agents are rapidly being deployed in software development, yet their safety implications remain poorly understood. These agents, while capable of accelerating software development, may exhibit unsafe behaviors during normal…

Artificial Intelligence · Computer Science 2025-08-26 Matous Kozak , Roshanak Zilouchian Moghaddam , Siva Sivaraman

Although using third-party libraries is common practice when writing software, vulnerabilities may be found even in well-known libraries. Detected vulnerabilities are often fixed quickly in the library code. The easiest way to include these…

Software Engineering · Computer Science 2023-05-23 Kristiina Rahkema , Dietmar Pfahl

In this work, we investigate the practice of patch construction in the Linux kernel development, focusing on the differences between three patching processes: (1) patches crafted entirely manually to fix bugs, (2) those that are derived…

Software Engineering · Computer Science 2018-12-20 Anil Koyuncu , Tegawendé F. Bissyandé , Dongsun Kim , Jacques Klein , Martin Monperrus , Yves Le Traon