English
Related papers

Related papers: Toward Effective Secure Code Reviews: An Empirical…

200 papers

The increasing frequency of attacks on Android applications coupled with the recent popularity of large language models (LLMs) necessitates a comprehensive understanding of the capabilities of the latter in identifying potential…

Cryptography and Security · Computer Science 2025-03-18 Vasileios Kouliaridis , Georgios Karopoulos , Georgios Kambourakis

Code review is a common process that is used by developers, in which a reviewer provides useful comments or points out defects in the submitted source code changes via pull request. Code review has been widely used for both industry and…

Software Engineering · Computer Science 2019-12-23 JingKai Siow , Cuiyun Gao , Lingling Fan , Sen Chen , Yang Liu

This paper is an introductory discussion on the cause of open source software vulnerabilities, their importance in the cybersecurity ecosystem, and a selection of detection methods. A recent application security report showed 44% of…

Cryptography and Security · Computer Science 2022-03-31 Stuart Millar

Code translation is crucial for cross-language codebase migration, and large language models (LLMs) have emerged as a promising technique to automate this process. However, the security implications of using LLMs for code translation remain…

Cryptography and Security · Computer Science 2025-12-09 Hailong Chang , Guozhu Meng , Shuhui Xiao , Kai Chen , Kun Sun , Yilin Li

Language models for code (CodeLMs) have emerged as powerful tools for code-related tasks, outperforming traditional methods and standard machine learning approaches. However, these models are susceptible to security vulnerabilities, drawing…

Software Engineering · Computer Science 2025-05-20 Yuchen Chen , Weisong Sun , Chunrong Fang , Zhenpeng Chen , Yifei Ge , Tingxu Han , Quanjun Zhang , Yang Liu , Zhenyu Chen , Baowen Xu

Code review is a well-established and valued practice in the software engineering community contributing to both code quality and interpersonal benefits. However, there are challenges in both tools and processes that give rise to…

Software Engineering · Computer Science 2025-07-15 Lo Gullstrand Heander , Emma Söderberg , Christofer Rydenfält

Security issue reports are the primary means of informing development teams of security risks in projects, but little is known about current practices. We aim to understand the characteristics of these reports in open-source projects and…

Cryptography and Security · Computer Science 2021-12-21 Noah Bühlmann , Mohammad Ghafari

The Web is replete with tutorial-style content on how to accomplish programming tasks. Unfortunately, even top-ranked tutorials suffer from severe security vulnerabilities, such as cross-site scripting (XSS), and SQL injection (SQLi).…

Cryptography and Security · Computer Science 2017-04-11 Tommi Unruh , Bhargava Shastry , Malte Skoruppa , Federico Maggi , Konrad Rieck , Jean-Pierre Seifert , Fabian Yamaguchi

During code reviews, an essential step in software quality assurance, reviewers have the difficult task of understanding and evaluating code changes to validate their quality and prevent introducing faults to the codebase. This is a tedious…

Software Engineering · Computer Science 2024-05-14 Doriane Olewicki , Sarra Habchi , Bram Adams

Code security and usability are both essential for various coding assistant applications driven by large language models (LLMs). Current code security benchmarks focus solely on single evaluation task and paradigm, such as code completion…

Computation and Language · Computer Science 2025-05-16 Yutao Mou , Xiao Deng , Yuxiao Luo , Shikun Zhang , Wei Ye

Effective peer code review in collaborative software development necessitates useful reviewer comments and supportive automated tools. Code review comments are a central component of the Modern Code Review process in the industry and…

Software Engineering · Computer Science 2023-07-07 Sharif Ahmed , Nasir U. Eisty

A central function of code review is to increase understanding; helping reviewers understand a code change aids in knowledge transfer and finding bugs. Comments in code largely serve a similar purpose, helping future readers understand the…

Software Engineering · Computer Science 2022-04-04 Nikitha Rao , Jason Tsay , Martin Hirzel , Vincent J. Hellendoorn

JavaScript has been consistently among the most popular programming languages in the past decade. However, its dynamic, weakly-typed, and asynchronous nature can make it challenging to write maintainable code for developers without in-depth…

Cryptography and Security · Computer Science 2024-12-02 Vikas Kambhampati , Nehaz Hussain Mohammed , Amin Milani Fard

Large language models (LLMs) have brought significant advancements to code generation, benefiting both novice and experienced developers. However, their training using unsanitized data from open-source repositories, like GitHub, introduces…

Software Engineering · Computer Science 2023-10-26 Jiexin Wang , Liuwen Cao , Xitong Luo , Zhiping Zhou , Jiayuan Xie , Adam Jatowt , Yi Cai

Software vulnerabilities can have serious consequences, which is why many techniques have been proposed to defend against them. Among these, vulnerability detection techniques are a major area of focus. However, there is a lack of a…

Software Engineering · Computer Science 2023-03-30 Yingzhou Bi , Jiangtao Huang , Penghui Liu , Lianmei Wang

The automation of code review has been tackled by several researchers with the goal of reducing its cost. The adoption of deep learning in software engineering pushed the automation to new boundaries, with techniques imitating developers in…

Software Engineering · Computer Science 2024-01-11 Rosalia Tufano , Ozren Dabić , Antonio Mastropaolo , Matteo Ciniselli , Gabriele Bavota

Security Application Programming Interfaces (APIs) are crucial for ensuring software security. However, their misuse introduces vulnerabilities, potentially leading to severe data breaches and substantial financial loss. Complex API design,…

Cryptography and Security · Computer Science 2025-05-15 Zahra Mousavi , Chadni Islam , M. Ali Babar , Alsharif Abuadbba , Kristen Moore

Context: Security Vulnerabilities (SVs) pose many serious threats to software systems. Developers usually seek solutions to addressing these SVs on developer Question and Answer (Q&A) websites. However, there is still little known about…

Software Engineering · Computer Science 2021-09-10 Triet H. M. Le , Roland Croft , David Hin , M. Ali Babar

Open-source projects are essential to software development, but publicly disclosing vulnerabilities without fixes increases the risk of exploitation. The Open Source Security Foundation (OpenSSF) addresses this issue by promoting robust…

Computer-based systems have solved several domain problems, including industrial, military, education, and wearable. Nevertheless, such arrangements need high-quality software to guarantee security and safety as both are mandatory for…