English
Related papers

Related papers: Mitigating Persistence of Open-Source Vulnerabilit…

200 papers

Following OpenAI's introduction of GPTs, a surge in GPT apps has led to the launch of dedicated LLM app stores. Nevertheless, given its debut, there is a lack of sufficient understanding of this new ecosystem. To fill this gap, this paper…

Cryptography and Security · Computer Science 2024-11-28 Zejun Zhang , Li Zhang , Xin Yuan , Anlan Zhang , Mengwei Xu , Feng Qian

The increasing popularity of certain programming languages has spurred the creation of ecosystem-specific package repositories and package managers. Such repositories (e.g., npm, PyPI) serve as public databases that users can query to…

Cryptography and Security · Computer Science 2023-10-09 Piergiorgio Ladisa , Merve Sahin , Serena Elisa Ponta , Marco Rosa , Matias Martinez , Olivier Barais

Currently, little is known about the structure of the Cargo ecosystem and the potential for vulnerability propagation. Many empirical studies generalize third-party dependency governance strategies from a single software ecosystem to other…

Cryptography and Security · Computer Science 2022-10-17 Peiyang Jia , Chengwei Liu , Hongyu Sun , Chengyi Sun , Mianxue Gu , Yang Liu , Yuqing Zhang

Background: The Node Package Manager (npm) ecosystem plays a vital role in modern software development by providing a vast repository of packages and tools that developers can use to implement their software systems. However, recent…

Software Engineering · Computer Science 2026-01-29 Anthony Peruma , Truman Choy , Gerald Lee , Italo De Oliveira Santos

A resource leak occurs when a program fails to release a finite resource like a socket, file descriptor or database connection. While sound static analysis tools can detect all leaks, automatically repairing them remains challenging. Prior…

Software Engineering · Computer Science 2025-10-07 Sanjay Malakar , Michael D. Ernst , Martin Kellogg , Manu Sridharan

Python software development heavily relies on third-party packages. Direct and transitive dependencies create a labyrinth of software supply chains. While it is convenient to reuse code, vulnerabilities within these dependency chains can…

Cryptography and Security · Computer Science 2026-03-11 Jacob Mahon , Chenxi Hou , Zhihao Yao

Towards understanding the ecosystem gap of fixed-release Linux that is caused by the evolution of mirrors, we conducted a comprehensive study of the Debian ecosystem. This study involved the collection of Debian packages and the…

Software Engineering · Computer Science 2024-09-13 Wei Tang , Zhengzi Xu , Chengwei Liu , Ping Luo , Yang Liu

Discovering vulnerabilities in applications of real-world complexity is a daunting task: a vulnerability may affect a single line of code, and yet it compromises the security of the entire application. Even worse, vulnerabilities may…

Cryptography and Security · Computer Science 2020-12-10 Gabriele Costa , Andrea Valenza

In the open source software (OSS) ecosystem, there exists a complex software supply chain, where developers upstream and downstream widely borrow and reuse code. This results in the widespread occurrence of recurring defects, missing fixes,…

Cryptography and Security · Computer Science 2024-01-31 Fuwei Wang , Yongzhi Liu , Zhiqiang Dong

Applications depend on libraries to avoid reinventing the wheel. Libraries may have incompatible changes during evolving. As a result, applications will suffer from compatibility failures. There has been much research on addressing…

Software Engineering · Computer Science 2021-02-18 Zhouyang Jia , Shanshan Li , Tingting Yu , Chen Zeng , Erci Xu , Xiaodong Liu , Ji Wang , Xiangke Liao

Open source software (OSS) is integral to modern product development, and any vulnerability within it potentially compromises numerous products. While developers strive to apply security patches, pinpointing these patches among extensive…

Cryptography and Security · Computer Science 2024-09-16 Jinhong Yu , Yi Chen , Di Tang , Xiaozhong Liu , XiaoFeng Wang , Chen Wu , Haixu Tang

There has been a surge of interest in using machine learning (ML) to automatically detect malware through their dynamic behaviors. These approaches have achieved significant improvement in detection rates and lower false positive rates at…

Machine Learning · Computer Science 2019-05-20 Li Chen , Chih-Yuan Yang , Anindya Paul , Ravi Sahita

Background: Modern software uses many third-party libraries and frameworks as dependencies. Known vulnerabilities in these dependencies are a potential security risk. Software composition analysis (SCA) tools, therefore, are being…

Software Engineering · Computer Science 2021-09-02 Nasif Imtiaz , Seaver Thorne , Laurie Williams

This study investigates vulnerabilities in dependencies of sampled open-source software (OSS) projects, the relationship between these and overall project security, and how developers' behaviors and practices influence their mitigation.…

Cryptography and Security · Computer Science 2024-08-27 Janislley Oliveira de Sousa , Bruno Carvalho de Farias , Eddie Batista de Lima Filho , Lucas Carvalho Cordeiro

Background: Automated Vulnerability Repair (AVR) is a fast-growing branch of program repair. Recent studies show that large language models (LLMs) outperform traditional techniques, extending their success beyond code generation and fault…

Software Engineering · Computer Science 2026-01-15 Maria Camporese , Fabio Massacci

Developers often build software on top of third-party libraries (Libs) to improve productivity, but these libraries may contain vulnerabilities that enable supply chain attacks. Existing tools detect vulnerable dependencies, yet developers…

Cryptography and Security · Computer Science 2026-03-31 Ying Zhang , Wenjia Song , Zhengjie Ji , Danfeng , Yao , Na Meng

One of the most powerful features of R is its infrastructure for contributed code. The built-in package manager and complementary repositories provide a great system for development and exchange of code, and have played an important role in…

Software Engineering · Computer Science 2013-11-04 Jeroen Ooms

Recurrent neural networks (RNNs) are a cornerstone of sequence modeling across various scientific and industrial applications. Owing to their versatility, numerous RNN variants have been proposed over the past decade, aiming to improve the…

Machine Learning · Computer Science 2025-10-27 Francesco Martinuzzi

In software development, developers extensively utilize third-party libraries to avoid implementing existing functionalities. When a new third-party library vulnerability is disclosed, project maintainers need to determine whether their…

Software Engineering · Computer Science 2023-12-18 Zirui Chen , Xing Hu , Xin Xia , Yi Gao , Tongtong Xu , David Lo , Xiaohu Yang

Machine learning (ML) underpins foundation models in finance, healthcare, and critical infrastructure, making them targets for data poisoning, model extraction, prompt injection, automated jailbreaking, and preference-guided black-box…

Cryptography and Security · Computer Science 2025-12-30 Armstrong Foundjem , Lionel Nganyewou Tidjon , Leuson Da Silva , Foutse Khomh