English
Related papers

Related papers: Vulnerable Source Code Detection using SonarCloud …

200 papers

The increasing adoption of Large Language Models (LLMs) in software engineering has sparked interest in their use for software vulnerability detection. However, the rapid development of this field has resulted in a fragmented research…

Software Engineering · Computer Science 2025-12-22 Sabrina Kaniewski , Fabian Schmidt , Markus Enzweiler , Michael Menth , Tobias Heer

With the wave of high-profile supply chain attacks targeting development and client organizations, supply chain security has recently become a focal point. As a result, there is an elevated discussion on securing the development environment…

Large language models (LLMs) have shown great potential for automatic code generation and form the basis for various tools such as GitHub Copilot. However, recent studies highlight that many LLM-generated code contains serious security…

Cryptography and Security · Computer Science 2024-09-11 Hossein Hajipour , Lea Schönherr , Thorsten Holz , Mario Fritz

Detecting security vulnerabilities in open-source software is a critical task that is highly regarded in the related research communities. Several approaches have been proposed in the literature for detecting vulnerable codes and…

Cryptography and Security · Computer Science 2025-07-25 Nima Atashin , Behrouz Tork Ladani , Mohammadreza Sharbaf

Software defect prediction is an essential task during the software development Lifecycle as it can help managers to identify the most defect-proneness modules. Thus, it can reduce the test cost and assign testing resources efficiently.…

Software Engineering · Computer Science 2022-09-30 Haneen Abu Alhija , Mohammad Azzeh , Fadi Almasalha

Secure by Design has become the mainstream development approach ensuring that software systems are not vulnerable to cyberattacks. Architectural security controls need to be carefully monitored over the software development life cycle to…

Software Engineering · Computer Science 2023-07-13 Ahmet Okutan , Ali Shokri , Viktoria Koscinski , Mohamad Fazelinia , Mehdi Mirakhorli

Fine-grained software vulnerability detection is an important and challenging problem. Ideally, a detection system (or detector) not only should be able to detect whether or not a program contains vulnerabilities, but also should be able to…

Cryptography and Security · Computer Science 2020-01-09 Deqing Zou , Sujuan Wang , Shouhuai Xu , Zhen Li , Hai Jin

Software vulnerabilities can result in catastrophic cyberattacks that increasingly threaten business operations. Consequently, ensuring the safety of software systems has become a paramount concern for both private and public sectors.…

Software Engineering · Computer Science 2024-12-10 Boyu Zhang , Triet H. M. Le , M. Ali Babar

Similar vulnerability repeats in real-world software products because of code reuse, especially in wildly reused third-party code and libraries. Detecting repeating vulnerabilities like 1-day and N-day vulnerabilities is an important cyber…

Cryptography and Security · Computer Science 2024-01-19 Zian Liu , Lei Pan , Chao Chen , Ejaz Ahmed , Shigang Liu , Jun Zhang , Dongxi Liu

Large Language Models (LLMs) have become powerful tools for automated code generation. However, these models often overlook critical security practices, which can result in the generation of insecure code that contains…

Software Engineering · Computer Science 2025-07-01 Hao Yan , Swapneel Suhas Vaidya , Xiaokuan Zhang , Ziyu Yao

Early identification of security issues in software development is vital to minimize their unanticipated impacts. Code review is a widely used manual analysis method that aims to uncover security issues along with other coding issues in…

Software Engineering · Computer Science 2024-07-18 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

As our lives, our businesses, and indeed our world economy become increasingly reliant on the secure operation of many interconnected software systems, the software engineering research community is faced with unprecedented research…

Software Engineering · Computer Science 2024-09-27 Marcel Böhme , Eric Bodden , Tevfik Bultan , Cristian Cadar , Yang Liu , Giuseppe Scanniello

Large language models (LLMs) excel at generating code from natural language instructions, yet they often lack an understanding of security vulnerabilities. This limitation makes it difficult for LLMs to avoid security risks in generated…

Cryptography and Security · Computer Science 2025-05-08 Lingxiang Wang , Hainan Zhang , Qinnan Zhang , Ziwei Wang , Hongwei Zheng , Jin Dong , Zhiming Zheng

This paper presents a framework that selectively triggers security reviews for incoming source code changes. Functioning as a review bot within a code review service, the framework can automatically request additional security reviews at…

Cryptography and Security · Computer Science 2024-05-28 Keun Soo Yim

Speeding up development may produce technical debt, i.e., not-quite-right code for which the effort to make it right increases with time as a sort of interest. Developers may be aware of the debt as they admit it in their code comments.…

Software Engineering · Computer Science 2022-05-05 Barbara Russo , Matteo Camilli , Moritz Mock

Modern software heavily relies on the use of components. Those components are usually published in central repositories, and managed by build systems via dependencies. Due to issues around vulnerabilities, licenses and the propagation of…

Software Engineering · Computer Science 2023-10-11 Jens Dietrich , Shawn Rasheed , Alexander Jordan , Tim White

Security vulnerabilities in software can have severe consequences; however, manual vulnerability detection is costly and does not scale, especially as agentic coding frameworks increase the rate of code production. Over the last decade, a…

Software Engineering · Computer Science 2026-05-11 Dan Ristea , Shae McFadden , Ezzeldin Shereen , Madeleine Dwyer , Sanyam Vyas , Chris Hicks , Vasilios Mavroudis

Accurate identification of software vulnerabilities is crucial for system integrity. Vulnerability datasets, often derived from the National Vulnerability Database (NVD) or directly from GitHub, are essential for training machine learning…

Open source code is considered a common practice in modern software development. However, reusing other code allows bad actors to access a wide developers' community, hence the products that rely on it. Those attacks are categorized as…

Cryptography and Security · Computer Science 2022-09-19 Chen Tsfaty , Michael Fire

With the increase of the adoption of blockchain technology in providing decentralized solutions to various problems, smart contracts have become more popular to the point that billions of US Dollars are currently exchanged every day through…

Cryptography and Security · Computer Science 2023-01-24 Feng Mi , Chen Zhao , Zhuoyi Wang , Sadaf MD Halim , Xiaodi Li , Zhouxiang Wu , Latifur Khan , Bhavani Thuraisingham