English
Related papers

Related papers: Mitigating Persistence of Open-Source Vulnerabilit…

200 papers

While reusing third-party libraries (TPL) facilitates software development, its chaotic management has brought great threats to software maintenance and the unauthorized use of source code also raises ethical problems such as misconduct on…

Software Engineering · Computer Science 2025-08-05 Lida Zhao , Chaofan Li , Yueming Wu , Lyuye Zhang , Jiahui Wu , Chengwei Liu , Sen Chen , Yutao Hu , Zhengzi Xu , Yi Liu , Jingquan Ge , Jun Sun , Yang Liu

Software libraries are central to the functionality, security, and maintainability of modern code. As developers increasingly turn to Large Language Models (LLMs) to assist with programming tasks, understanding how these models recommend…

Software Engineering · Computer Science 2025-08-08 Jasmine Latendresse , SayedHassan Khatoonabadi , Emad Shihab

Contemporary software is characterized by reuse of components that are declared as dependencies and that are received from package managers/registries, such as, NPM, PyPI, RubyGems, Maven Central, etc. Direct and indirect dependency…

Software Engineering · Computer Science 2022-03-04 Rolf-Helge Pfeiffer

Recent results of machine learning for automatic vulnerability detection (ML4VD) have been very promising. Given only the source code of a function $f$, ML4VD techniques can decide if $f$ contains a security flaw with up to 70% accuracy.…

Cryptography and Security · Computer Science 2025-01-16 Niklas Risse , Marcel Böhme

Software vulnerabilities continue to be ubiquitous, even in the era of AI-powered code assistants, advanced static analysis tools, and the adoption of extensive testing frameworks. It has become apparent that we must not simply prevent…

Although using third-party libraries has become prevalent in contemporary software development, developers often struggle to update their dependencies. Prior works acknowledge that due to the migration effort, priority and other issues…

Software Engineering · Computer Science 2024-07-08 Vittunyuta Maeprasart , Ali Ouni , Raula Gaikovina Kula

The security guarantee of AI-enabled software systems (particularly using deep learning techniques as a functional core) is pivotal against the adversarial attacks exploiting software vulnerabilities. However, little attention has been paid…

Software Engineering · Computer Science 2024-06-14 Zhongzheng Lai , Huaming Chen , Ruoxi Sun , Yu Zhang , Minhui Xue , Dong Yuan

Accurate detection of third-party libraries (TPLs) is fundamental to Android security, supporting vulnerability tracking, malware detection, and supply chain auditing. Despite many proposed tools, their real-world effectiveness remains…

Cryptography and Security · Computer Science 2025-09-08 Jintao Gu , Haolang Lu , Guoshun Nan , Yihan Lin , Kun Wang , Yuchun Guo , Yigui Cao , Yang Liu

Modern software heavily relies on the use of components. Those components are usually published in central repositories, and managed by build systems via dependencies. Due to issues around vulnerabilities, licenses and the propagation of…

Software Engineering · Computer Science 2023-10-11 Jens Dietrich , Shawn Rasheed , Alexander Jordan , Tim White

The exponential increase in software vulnerabilities has created an urgent need for automatic vulnerability repair (AVR) solutions. Recent research has formulated AVR as a sequence generation problem and has leveraged large language models…

Artificial Intelligence · Computer Science 2025-10-08 Xin-Cheng Wen , Zirui Lin , Yijun Yang , Cuiyun Gao , Deheng Ye

Security is a requirement of utmost importance to produce high-quality software. However, there is still a considerable amount of vulnerabilities being discovered and fixed almost weekly. We hypothesize that developers affect the…

Software Engineering · Computer Science 2021-09-14 Sofia Reis , Rui Abreu , Luis Cruz

Eliminating vulnerabilities from low-level code is vital for securing software. Static analysis is a promising approach for discovering vulnerabilities since it can provide developers early feedback on the code they write. But, it presents…

Cryptography and Security · Computer Science 2016-04-07 Bhargava Shastry , Fabian Yamaguchi , Konrad Rieck , Jean-Pierre Seifert

Applying security patches in open source software timely is critical for ensuring the security of downstream applications. However, it is challenging to apply these patches promptly because notifications of patches are often incomplete and…

Cryptography and Security · Computer Science 2024-06-11 Tianyu Chen , Lin Li , Taotao Qian , Jingyi Liu , Wei Yang , Ding Li , Guangtai Liang , Qianxiang Wang , Tao Xie

Understanding the structural characteristics and connectivity patterns of large-scale software ecosystems is critical for enhancing software reuse, improving ecosystem resilience, and mitigating security risks. In this paper, we investigate…

Software Engineering · Computer Science 2025-08-20 Daniel Ogenrwot , John Businge , Shaikh Arifuzzaman

Industrial applications heavily rely on open-source software (OSS) libraries, which provide various benefits. But, they can also present a substantial risk if a vulnerability or attack arises and the community fails to promptly address the…

Software Engineering · Computer Science 2025-04-24 Alexandros Tsakpinis , Alexander Pretschner

Vulnerabilities in open-source software can cause cascading effects in the modern digital ecosystem. It is especially worrying if these vulnerabilities repeat across many projects, as once the adversaries find one of them, they can scale up…

Cryptography and Security · Computer Science 2025-05-27 Jafar Akhoundali , Hamidreza Hamidi , Kristian Rietveld , Olga Gadyatskaya

This paper is an introductory discussion on the cause of open source software vulnerabilities, their importance in the cybersecurity ecosystem, and a selection of detection methods. A recent application security report showed 44% of…

Cryptography and Security · Computer Science 2022-03-31 Stuart Millar

To enhance the compatibility in the version control of Java Third-party Libraries (TPLs), Maven adopts Semantic Versioning (SemVer) to standardize the underlying meaning of versions, but users could still confront abnormal execution and…

Software Engineering · Computer Science 2022-09-02 Lyuye Zhang , Chengwei Liu , Zhengzi Xu , Sen Chen , Lingling Fan , Bihuan Chen , Yang Liu

In finance, leverage is the ratio between assets borrowed from others and one's own assets. A matching situation is present in software: by using free open-source software (FOSS) libraries a developer leverages on other people's code to…

Software Engineering · Computer Science 2021-03-08 Fabio Massacci , Ivan Pashchenko

Timely patching is paramount to safeguard users and maintainers against dire consequences of malicious attacks. In practice, patching is prioritized following the nature of the code change that is committed in the code repository. When such…

Software Engineering · Computer Science 2020-01-27 Arthur D. Sawadogo , Tegawendé F. Bissyandé , Naouel Moha , Kevin Allix , Jacques Klein , Li Li , Yves Le Traon
‹ Prev 1 3 4 5 6 7 10 Next ›