English
Related papers

Related papers: Mitigating Persistence of Open-Source Vulnerabilit…

200 papers

Log4j has become a widely adopted logging library for Java programs due to its long history and high reliability. Its widespread use is notable not only because of its maturity but also due to the complexity and depth of its features, which…

This paper presents a framework that selectively triggers security reviews for incoming source code changes. Functioning as a review bot within a code review service, the framework can automatically request additional security reviews at…

Cryptography and Security · Computer Science 2024-05-28 Keun Soo Yim

Industry practitioners are increasingly concerned with software that contains vulnerable versions of third-party dependencies that are included both directly and transitively. To address this problem, projects are encouraged to both…

Software Engineering · Computer Science 2025-10-24 Imranur Rahman , Ranindya Paramitha , William Enck , Laurie Williams

Modern software development is increasingly dependent on components, libraries and frameworks coming from third-party vendors or open-source suppliers and made available through a number of platforms (or forges). This way of writing…

Software Engineering · Computer Science 2020-12-16 Paolo Boldi , Georgios Gousios

The increasing interest in open source software has led to the emergence of large language-specific package distributions of reusable software libraries, such as npm and RubyGems. These software packages can be subject to vulnerabilities…

Software Engineering · Computer Science 2022-03-29 Ahmed Zerouali , Tom Mens , Alexandre Decan , Coen De Roover

Modern software development relies on package ecosystems where a single declared dependency can pull in many additional transitive packages. This dependency amplification, defined as the ratio of transitive to direct dependencies, has major…

Software Engineering · Computer Science 2025-12-18 Jahidul Arafat

Using libraries in applications has helped developers reduce the costs of reinventing already existing code. However, an increase in diverse technology stacks and third-party library usage has led developers to inevitably switch…

Software Engineering · Computer Science 2023-03-17 Kanchanok Kannee , Raula Gaikovina Kula , Supatsara Wattanakriengkrai , Kenichi Matsumoto

The popularity of JavaScript has lead to a large ecosystem of third-party packages available via the npm software package registry. The open nature of npm has boosted its growth, providing over 800,000 free and reusable software packages.…

Cryptography and Security · Computer Science 2019-06-10 Markus Zimmermann , Cristian-Alexandru Staicu , Cam Tenny , Michael Pradel

Software plays a crucial role in our daily lives, and therefore the quality and security of software systems have become increasingly important. However, vulnerabilities in software still pose a significant threat, as they can have serious…

Software Engineering · Computer Science 2023-09-18 Chaozheng Wang , Zongjie Li , Yun Peng , Shuzheng Gao , Sirong Chen , Shuai Wang , Cuiyun Gao , Michael R. Lyu

Open source machine learning (ML) libraries enable developers to integrate advanced ML functionality into their own applications. However, popular ML libraries, such as TensorFlow, are not available natively in all programming languages and…

Software Engineering · Computer Science 2024-10-21 Hao Li , Cor-Paul Bezemer

Much of the success of modern software development can be attributed to code reuse. The ability to reuse existing functionality via third-party dependencies has enabled massive gains in productivity, but for a long time the dominant…

Software Engineering · Computer Science 2025-10-07 Brittany Anne Reid , Raula Gaikovina Kula

As the default package manager for Node.js, npm has become one of the largest package management systems in the world. To facilitate dependency management for developers, npm supports a special type of dependency, Peer Dependency, whose…

Software Engineering · Computer Science 2025-06-04 Xingyu Wang , Mingsen Wang , Wenbo Shen , Rui Chang

To comply with high productivity demands, software developers reuse free open-source software (FOSS) code to avoid reinventing the wheel when incorporating software features. The reliance on FOSS reuse has been shown to improve productivity…

Software Engineering · Computer Science 2025-06-19 Haya Samaana , Diego Elias Costa , Ahmad Abdellatif , Emad Shihab

Automated detection of software vulnerabilities remains a critical challenge in software security. Log4j is an industrial-grade Java logging framework listed as one of the top 100 critical open source projects. On Dec. 10, 2021 a severe…

Software Engineering · Computer Science 2026-01-05 Victor Wen , Zedong Peng

Continuous fuzzing platforms such as OSS-Fuzz uncover large numbers of vulnerabilities, yet the subsequent repair process remains largely manual. Unfortunately, existing Automated Vulnerability Repair (AVR) techniques -- including recent…

Open-source software vulnerability patch detection is a critical component for maintaining software security and ensuring software supply chain integrity. Traditional manual detection methods face significant scalability challenges when…

Software Engineering · Computer Science 2025-09-30 Haoran Xu , Chen Zhi , Junxiao Han , Xinkui Zhao , Jianwei Yin , Shuiguang Deng

Each year, thousands of software vulnerabilities are discovered and reported to the public. Unpatched known vulnerabilities are a significant security risk. It is imperative that software vendors quickly provide patches once vulnerabilities…

Cryptography and Security · Computer Science 2017-07-26 Benjamin L. Bullough , Anna K. Yanchenko , Christopher L. Smith , Joseph R. Zipkin

Third-party libraries (TPLs) have become a significant part of the Android ecosystem. Developers can employ various TPLs to facilitate their app development. Unfortunately, the popularity of TPLs also brings new security issues. For…

Software Engineering · Computer Science 2021-08-05 Xian Zhan , Tianming Liu , Yepang Liu , Yang Liu , Li Li , Haoyu Wang , Xiapu Luo

Security vulnerability repair is a difficult task that is in dire need of automation. Two groups of techniques have shown promise: (1) large code language models (LLMs) that have been pre-trained on source code for tasks such as code…

Software Engineering · Computer Science 2024-04-03 Yi Wu , Nan Jiang , Hung Viet Pham , Thibaud Lutellier , Jordan Davis , Lin Tan , Petr Babkin , Sameena Shah

[Context:] The acceptance of candidate patches in automated program repair has been typically based on testing oracles. Testing requires typically a costly process of building the application while ML models can be used to quickly classify…

Software Engineering · Computer Science 2025-04-10 Maria Camporese , Fabio Massacci
‹ Prev 1 4 5 6 7 8 10 Next ›