English
Related papers

Related papers: Evaluating SZZ Implementations: An Empirical Study…

200 papers

The SZZ algorithm represents a standard way to identify bug fixing commits as well as inducing counterparts. It forms the basis for data sets used in numerous empirical studies. Since its creation, multiple extensions have been proposed to…

Software Engineering · Computer Science 2022-09-29 Peter Bludau , Alexander Pretschner

The SZZ algorithm is the dominant technique for identifying bug-inducing commits and serves as a foundation for many software engineering studies, such as bug prediction and static code analysis. Researchers have proposed many variants to…

Software Engineering · Computer Science 2025-04-03 Lingxiao Tang , Jiakun Liu , Zhongxin Liu , Xiaohu Yang , Lingfeng Bao

Context: The SZZ algorithm is the de facto standard for labeling bug fixing commits and finding inducing changes for defect prediction data. Recent research uncovered potential problems in different parts of the SZZ algorithm. Most defect…

Software Engineering · Computer Science 2022-01-24 Steffen Herbold , Alexander Trautsch , Fabian Trautsch , Benjamin Ledel

Accurate vulnerability-inducing commit identification serves as a foundation for a series of software security tasks, such as vulnerability detection and affected version analysis. A straightforward solution is the SZZ algorithm, which…

Cryptography and Security · Computer Science 2026-04-28 Sicong Cao , Jinxuan Xu , Le Yu , Jing Yang , Xingwei Lin , Linlin Zhu , Fu Xiao

The SZZ algorithm for identifying bug-inducing changes has been widely used to evaluate defect prediction techniques and to empirically investigate when, how, and by whom bugs are introduced. Over the years, researchers have proposed…

Software Engineering · Computer Science 2021-02-10 Giovanni Rosa , Luca Pascarella , Simone Scalabrino , Rosalia Tufano , Gabriele Bavota , Michele Lanza , Rocco Oliveto

In the multi-commit development model, programmers complete tasks (e.g., implementing a feature) by organizing their work in several commits and packaging them into a commit-set. Analyzing data from developers using this model can be useful…

Many software engineering maintenance tasks require linking a commit that induced a bug with the commit that later fixed that bug. Several existing SZZ algorithms provide a way to identify the potential commit that induced a bug when given…

Software Engineering · Computer Science 2024-11-20 Salomé Perez-Rosero , Robert Dyer , Samuel W. Flint , Shane McIntosh , Witawas Srisa-an

Fuzzing has been studied and applied ever since the 1990s. Automated and continuous fuzzing has recently been applied also to open source software projects, including the Linux and BSD kernels. This paper concentrates on the practical…

Software Engineering · Computer Science 2020-02-26 Jukka Ruohonen , Kalle Rindell

Numerous empirical software engineering studies rely on detailed information about bugs. While issue trackers often contain information about when bugs were fixed, details about when they were introduced to the system are often absent. As a…

Software Engineering · Computer Science 2019-08-20 Markus Borg , Oscar Svensson , Kristian Berg , Daniel Hansson

\'Sliwerski, Zimmermann, and Zeller (SZZ) just won the 2026 ACM SIGSOFT Impact Award for asking: When do changes induce fixes? Their paper from 2005 served as the foundation for a wide array of approaches aimed at identifying…

Software Engineering · Computer Science 2026-04-01 Niklas Risse , Marcel Böhme

BACKGROUND: Software engineers must be vigilant in preventing and correcting vulnerabilities and other critical bugs. In servicing this need, numerous tools and techniques have been developed to assist developers. Fuzzers, by autonomously…

Software Engineering · Computer Science 2023-05-22 Brandon Keller , Andrew Meneely , Benjamin Meyers

Identifying Bug-Inducing Commits (BICs) is fundamental for understanding software defects and enabling downstream tasks such as defect prediction and automated program repair. Yet existing SZZ-based approaches rely on git blame, restricting…

Software Engineering · Computer Science 2026-05-11 Yu Shi , Hao Li , Bram Adams , Ahmed E. Hassan

Fuzzing has become one of the most effective bug finding approach for software. In recent years, 24*7 continuous fuzzing platforms have emerged to test critical pieces of software, e.g., Linux kernel. Though capable of discovering many bugs…

Cryptography and Security · Computer Science 2021-11-12 Xiaochen Zou , Guoren Li , Weiteng Chen , Hang Zhang , Zhiyun Qian

Over the past 6 years, Syzbot has fuzzed the Linux kernel day and night to report over 5570 bugs, of which 4604 have been patched [11]. While this is impressive, we have found the average time to find a bug is over 405 days. Moreover, we…

Software Engineering · Computer Science 2024-01-23 Joseph Bursey , Ardalan Amiri Sani , Zhiyun Qian

Fuzzing has become a cornerstone technique for uncovering vulnerabilities and enhancing the security of OS kernels. However, state-of-the-art kernel fuzzers, including the de facto standard Syzkaller, struggle to generate valid syscall…

Cryptography and Security · Computer Science 2025-10-13 Boyu Liu , Yang Zhang , Liang Cheng , Yi Zhang , Junjie Fan , Yu Fu

Fuzzing has been an important approach for finding bugs and vulnerabilities in programs. Many fuzzers deployed in industry run daily and can generate an overwhelming number of crashes. Diagnosing such crashes can be very challenging and…

Software Engineering · Computer Science 2022-09-07 Ashwin Kallingal Joshy , Wei Le

Software vulnerabilities are constantly being reported and exploited in software products, causing significant impacts on society. In recent years, the main approach to vulnerability detection, fuzzing, has been integrated into the…

Software Engineering · Computer Science 2025-10-21 Tatsuya Shirai , Olivier Nourry , Yutaro Kashiwa , Kenji Fujiwara , Yasutaka Kamei , Hajimu Iida

Continuous fuzzing is an increasingly popular technique for automated quality and security assurance. Google maintains OSS-Fuzz: a continuous fuzzing service for open source software. We conduct the first empirical study of OSS-Fuzz,…

Software Engineering · Computer Science 2021-03-23 Zhen Yu Ding , Claire Le Goues

Linux kernel bug repair is typically approached as a direct mapping from crash reports to code patches. In practice, however, kernel fixes undergo iterative revision on mailing lists before acceptance, with reviewer feedback shaping…

Software Engineering · Computer Science 2026-04-07 Luyao Bai , Kenan Alghythee , Hang Zhang , Xiaoguang Wang

Bugs in operating system kernels can affect billions of devices and users all over the world. As a result, a large body of research has been focused on kernel fuzzing, i.e., automatically generating syscall (system call) sequences to detect…

Cryptography and Security · Computer Science 2025-03-17 Chenyuan Yang , Zijie Zhao , Lingming Zhang
‹ Prev 1 2 3 10 Next ›