English
Related papers

Related papers: Code-centric Learning-based Just-In-Time Vulnerabi…

200 papers

Just-in-time (JIT) defect prediction refers to the technique of predicting whether a code change is defective. Many contributions have been made in this area through the excellent dataset by Kamei. In this paper, we revisit the dataset and…

Software Engineering · Computer Science 2021-09-29 Giuseppe Ng , Charibeth Cheng

The increasing complexity of today's software requires the contribution of thousands of developers. This complex collaboration structure makes developers more likely to introduce defect-prone changes that lead to software faults.…

Software Engineering · Computer Science 2023-04-17 Jonathan Bryan , Pablo Moriano

Just-in-time (JIT) compilers are key components for many popular programming languages with managed runtimes (e.g., Java and JavaScript). JIT compilers perform optimizations and generate native code at runtime based on dynamic profiling…

Software Engineering · Computer Science 2026-03-09 Zijian Yi , Cheng Ding , August Shi , Milos Gligoric

This work introduces CodeFlowLM, an incremental learning framework for Just-In-Time Software Defect Prediction (JIT-SDP) that leverages pre-trained language models (PLMs). Unlike traditional online learners, CodeFlowLM employs continual…

Software Engineering · Computer Science 2025-12-02 Monique Louise Monteiro , George G. Cabral , Adriano L. I. OLiveira

Just-in-time defect prediction (JIT-DP) aims to predict the likelihood of code changes resulting in software defects at an early stage. Although code change metrics and semantic features have enhanced prediction accuracy, prior research has…

Software Engineering · Computer Science 2025-07-29 Feifei Niu , Junqian Shao , Christoph Mayr-Dorn , Liguo Huang , Wesley K. G. Assunção , Chuanyi Li , Jidong Ge , Alexander Egyed

The lack of reliable sources of detailed information on the vulnerabilities of open-source software (OSS) components is a major obstacle to maintaining a secure software supply chain and an effective vulnerability management process.…

Cryptography and Security · Computer Science 2025-03-18 Antonino Sabetta , Michele Bezzi

In recent years, the rise of autonomous driving technologies has highlighted the critical importance of reliable software for ensuring safety and performance. This paper proposes a novel approach for just-in-time software defect prediction…

Software Engineering · Computer Science 2025-03-03 Faisal Mohammad , Duksan Ryu

Just-in-time (JIT) compilers are used by many modern programming systems in order to improve performance. Bugs in JIT compilers provide exploitable security vulnerabilities and debugging them is difficult as they are large, complex, and…

Programming Languages · Computer Science 2021-08-27 HeuiChan Lim , Stephen Kobourov

Software vulnerabilities pose significant risks to computer systems, impacting our daily lives, productivity, and even our health. Identifying and addressing security vulnerabilities in a timely manner is crucial to prevent hacking and data…

Cryptography and Security · Computer Science 2023-08-01 Jin Wang , Zishan Huang , Hui Xiao , Yinhao Xiao

Vulnerability identification is crucial to protect software systems from attacks for cyber-security. However, huge projects have more than millions of lines of code, and the complex dependencies make it hard to carry out traditional static…

Cryptography and Security · Computer Science 2023-11-01 Shuo Liu , Gail Kaiser

Recent work has shown that Just-In-Time (JIT) compilation can introduce timing side-channels to constant-time programs, which would otherwise be a principled and effective means to counter timing attacks. In this paper, we propose a novel…

Programming Languages · Computer Science 2022-03-01 Qi Qin , JulianAndres JiYang , Fu Song , Taolue Chen , Xinyu Xing

The growing dependence of software projects on external libraries has generated apprehensions regarding the security of these libraries because of concealed vulnerabilities. Handling these vulnerabilities presents difficulties due to the…

Software Engineering · Computer Science 2023-09-18 Hieu Dinh Vo , Thanh Trong Vu , Son Nguyen

We present LeJit, a template-based framework for testing Java just-in-time (JIT) compilers. Like recent template-based frameworks, LeJit executes a template -- a program with holes to be filled -- to generate concrete programs given as…

Software Engineering · Computer Science 2024-07-09 Zhiqiang Zang , Fu-Yao Yu , Aditya Thimmaiah , August Shi , Milos Gligoric

Detecting vulnerability fix commits in open-source software is crucial for maintaining software security. To help OSS identify vulnerability fix commits, several automated approaches are developed. However, existing approaches like…

Software Engineering · Computer Science 2025-01-28 Xu Yang , Wenhan Zhu , Michael Pacheco , Jiayuan Zhou , Shaowei Wang , Xing Hu , Kui Liu

Just-In-Time (JIT) models detect the fix-inducing changes (or defect-inducing changes). These models are designed based on the assumption that past code change properties are similar to future ones. However, as the system evolves, the…

Software Engineering · Computer Science 2021-03-08 Hadi Jahanshahi , Dhanya Jothimani , Ayşe Başar , Mucahit Cevik

Java applications include third-party dependencies as bytecode. To keep these applications secure, researchers have proposed tools to re-identify dependencies that contain known vulnerabilities. Yet, to allow such re-identification, one…

Software Engineering · Computer Science 2024-07-26 Stefan Schott , Wolfram Fischer , Serena Elisa Ponta , Jonas Klauke , Eric Bodden

The way developers edit day-to-day code tends to be repetitive, often using existing code elements. Many researchers have tried to automate repetitive code changes by learning from specific change templates which are applied to limited…

Software Engineering · Computer Science 2022-04-21 Saikat Chakraborty , Yangruibo Ding , Miltiadis Allamanis , Baishakhi Ray

Security vulnerabilities often arise unintentionally during development due to a lack of security expertise and code complexity. Traditional tools, such as static and dynamic analysis, detect vulnerabilities only after they are introduced…

Cryptography and Security · Computer Science 2026-02-03 Ranjith Krishnamurthy , Oshando Johnson , Goran Piskachev , Eric Bodden

When a developer pushes a change to an application's codebase, a good practice is to have a test case specifying this behavioral change. Thanks to continuous integration (CI), the test is run on subsequent commits to check that they do no…

Software Engineering · Computer Science 2023-05-05 Benjamin Danglot , Martin Monperrus , Walter Rudametkin , Benoit Baudry

Advancing our understanding of software vulnerabilities, automating their identification, the analysis of their impact, and ultimately their mitigation is necessary to enable the development of software that is more secure. While operating…

Software Engineering · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta , Michele Bezzi , Cédric Dangremont