English
Related papers

Related papers: Finding 709 Defects in 258 Projects: An Experience…

200 papers

Open-source software (OSS) pipelines rely on automated static analysis tools to prevent the introduction of vulnerabilities in code. However, there is limited understanding of the efficacy of these tools across the OSS ecosystem over time.…

Cryptography and Security · Computer Science 2026-05-11 Jean-Charles Noirot Ferrand , Kyle Domico , Yohan Beugin , Patrick McDaniel

In recent years, the importance of smart contract security has been heightened by the increasing number of attacks against them. To address this issue, a multitude of static application security testing (SAST) tools have been proposed for…

Software Engineering · Computer Science 2024-07-02 Kaixuan Li , Yue Xue , Sen Chen , Han Liu , Kairan Sun , Ming Hu , Haijun Wang , Yang Liu , Yixiang Chen

Code obfuscation is widely adopted in modern software development to protect intellectual property and hinder reverse engineering, but it also provides attackers with a powerful means to conceal malicious logic inside otherwise legitimate…

Cryptography and Security · Computer Science 2026-04-02 Francesco Pagano , Lorenzo Pisu , Leonardo Regano , Davide Maiorca , Alessio Merlo , Giorgio Giacinto

In the open source software (OSS) ecosystem, there exists a complex software supply chain, where developers upstream and downstream widely borrow and reuse code. This results in the widespread occurrence of recurring defects, missing fixes,…

Cryptography and Security · Computer Science 2024-01-31 Fuwei Wang , Yongzhi Liu , Zhiqiang Dong

Software vulnerabilities pose significant security challenges and potential risks to society, necessitating extensive efforts in automated vulnerability detection. There are two popular lines of work to address automated vulnerability…

Software Engineering · Computer Science 2024-07-24 Xin Zhou , Duc-Manh Tran , Thanh Le-Cong , Ting Zhang , Ivana Clairine Irsan , Joshua Sumarlin , Bach Le , David Lo

Static Application Security Testing (SAST) is a popular quality assurance technique in software engineering. However, integrating SAST tools into industry-level product development and security assessment poses various technical and…

Software Engineering · Computer Science 2021-03-25 Anh Nguyen-Duc , Manh Viet Do , Quan Luong Hong , Kiem Nguyen Khac

Early identification of security issues in software development is vital to minimize their unanticipated impacts. Code review is a widely used manual analysis method that aims to uncover security issues along with other coding issues in…

Software Engineering · Computer Science 2024-07-18 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Embedded software is used in safety-critical systems such as medical devices and autonomous vehicles, where software defects, including security vulnerabilities, have severe consequences. Most embedded codebases are developed in unsafe…

Cryptography and Security · Computer Science 2024-09-06 Ayushi Sharma , Shashank Sharma , Santiago Torres-Arias , Aravind Machiry

The demand for automated security analysis techniques, such as static analysis based security testing (SAST) tools continues to increase. To develop SASTs that are effectively leveraged by developers for finding vulnerabilities, researchers…

Cryptography and Security · Computer Science 2024-06-21 Amit Seal Ami , Kevin Moran , Denys Poshyvanyk , Adwait Nadkarni

Static Analysis Tools (SATs) are central to security engineering activities, as they enable early identification of code weaknesses without requiring execution. However, their effectiveness is often limited by high false-positive rates and…

Cryptography and Security · Computer Science 2026-02-04 Nicolás E. Díaz Ferreyra , Moritz Mock , Max Kretschmann , Barbara Russo , Mojtaba Shahin , Mansooreh Zahedi , Riccardo Scandariato

Identifying vulnerabilities in source code is crucial, especially in critical software components. Existing methods such as static analysis, dynamic analysis, formal verification, and recently Large Language Models are widely used to detect…

Context: Static Application Security Testing Tools (SASTTs) identify software vulnerabilities to support the security and reliability of software applications. Interestingly, several studies have suggested that alternative solutions may be…

Software Engineering · Computer Science 2024-03-15 Matteo Esposito , Valentina Falaschi , Davide Falessi

Web applications are distributed applications, they are programs that run on more than one computer and communicate through a network or server. This very distributed nature of web applications, combined with the scale and sheer complexity…

Cryptography and Security · Computer Science 2022-10-17 Akash Nagaraj , Bishesh Sinha , Mukund Sood , Yash Mathur , Sanchika Gupta , Dinkar Sitaram

Quantum Software Engineering (QSE) is essential for ensuring the reliability and maintainability of hybrid quantum-classical systems, yet empirical evidence on how bugs emerge and affect quality in real-world quantum projects remains…

Software Engineering · Computer Science 2026-01-05 Mir Mohammad Yousuf , Shabir Ahmad Sofi

Static Application Security Testing tools help developers find security vulnerabilities before release, but they often produce many false positives. This increases manual review effort, reduces developer trust, and may cause real…

Cryptography and Security · Computer Science 2026-05-05 Mohd Ruhul Ameen , Md Takrim Ul Alam , Akif Islam

The delivery of a framework in place for secure application development is of real value for application development teams to integrate security into their development life cycle, especially when a mobile or web application moves past the…

Cryptography and Security · Computer Science 2020-07-07 Jinfeng Li

Self-Admitted Technical Debt (SATD) encompasses a wide array of sub-optimal design and implementation choices reported in software artefacts (e.g., code comments and commit messages) by developers themselves. Such reports have been central…

Software Engineering · Computer Science 2024-03-05 Nicolás E. Díaz Ferreyra , Mojtaba Shahin , Mansooreh Zahedi , Sodiq Quadri , Ricardo Scandariato

Background: Despite the widespread use of automated security defect detection tools, software projects still contain many security defects that could result in serious damage. Such tools are largely context-insensitive and may not cover all…

Software Engineering · Computer Science 2023-07-06 Jiaxin Yu , Liming Fu , Peng Liang , Amjed Tahir , Mojtaba Shahin

Background: Static Application Security Testing (SAST) tools purport to assist developers in detecting security issues in source code. These tools typically use rule-based approaches to scan source code for security vulnerabilities.…

Software Engineering · Computer Science 2021-07-19 Roland Croft , Dominic Newlands , Ziyu Chen , M. Ali Babar

Nowadays, the correct use of cryptography libraries is essential to ensure the necessary information security in different kinds of applications. A common practice in software development is the use of static application security testing…

Software Engineering · Computer Science 2022-07-08 Markus Haug Ana Cristina Franco Da Silva , Stefan Wagner
‹ Prev 1 2 3 10 Next ›