English
Related papers

Related papers: Causative Insights into Open Source Software Secur…

200 papers

One of the most important challenges in the field of software code audit is the presence of vulnerabilities in software source code. These flaws are highly likely ex-ploited and lead to system compromise, data leakage, or denial of…

Machine Learning · Computer Science 2023-03-15 Mst Shapna Akter , Hossain Shahriar , Zakirul Alam Bhuiya

Large Language Models (LLMs) are emerging as transformative tools for software vulnerability detection, addressing critical challenges in the security domain. Traditional methods, such as static and dynamic analysis, often falter due to…

Cryptography and Security · Computer Science 2025-02-19 Ze Sheng , Zhicheng Chen , Shuning Gu , Heqing Huang , Guofei Gu , Jeff Huang

In open source project governance, there has been a lot of concern about how to measure developers' contributions. However, extremely sparse work has focused on enabling developers to improve their contributions, while it is significant and…

Software Engineering · Computer Science 2022-10-26 Jiakuan Fan , Haoyue Wang , Wei Wang , Ming Gao , Shengyu Zhao

While code review is central to the software development process, it can be tedious and expensive to carry out. In this paper, we investigate whether and how Large Language Models (LLMs) can aid with code reviews. Our investigation focuses…

Software Engineering · Computer Science 2024-03-14 Rasmus Ingemann Tuffveson Jensen , Vali Tawosi , Salwa Alamir

Large language models (LLMs) are increasingly embedded in open-source software (OSS) ecosystems, creating complex interactions among natural language prompts, probabilistic model outputs, and execution-capable components. However, it…

Cryptography and Security · Computer Science 2026-04-16 Fariha Tanjim Shifat , Hariswar Baburaj , Ce Zhou , Jaydeb Sarker , Mia Mohammad Imran

Usability is an increasing concern in open source software (OSS). Given the recent changes in the OSS landscape, it is imperative to examine the OSS contributors' current valued factors, practices, and challenges concerning usability. We…

Software Engineering · Computer Science 2020-07-15 Wenting Wang , Jinghui Cheng , Jin L. C. Guo

Security patch detection (SPD) is crucial for maintaining software security, as unpatched vulnerabilities can lead to severe security risks. In recent years, numerous learning-based SPD approaches have demonstrated promising results on…

Software Engineering · Computer Science 2025-09-09 Qingyuan Li , Binchang Li , Cuiyun Gao , Shuzheng Gao , Zongjie Li

Many open source software (OSS) projects need more human resources for maintenance, improvements, and sometimes even their survival. These needs allegedly apply even to vital OSS projects that can be seen as being a part of the world's…

Cryptography and Security · Computer Science 2026-05-18 Jukka Ruohonen , Gaurav Choudhary , Adam Alami

In open-source software (OSS), software vulnerabilities have significantly increased. Although researchers have investigated the perspectives of vulnerability reporters and OSS contributor security practices, understanding the perspectives…

Software Engineering · Computer Science 2025-02-04 Jessy Ayala , Yu-Jye Tung , Joshua Garcia

Open-source software (OSS) supply chain security has become a topic of concern for organizations. Patching an OSS vulnerability can require updating other dependent software products in addition to the original package. However, the…

Software Engineering · Computer Science 2024-04-19 Cadence Patrick , Kimberly Ruth , Zakir Durumeric

While automated vulnerability detection techniques have made promising progress in detecting security vulnerabilities, their scalability and applicability remain challenging. The remarkable performance of Large Language Models (LLMs), such…

Cryptography and Security · Computer Science 2024-10-24 Avishree Khare , Saikat Dutta , Ziyang Li , Alaia Solko-Breslin , Rajeev Alur , Mayur Naik

The sources of reliable, code-level information about vulnerabilities that affect open-source software (OSS) are scarce, which hinders a broad adoption of advanced tools that provide code-level detection and assessment of vulnerable OSS…

Software Engineering · Computer Science 2021-05-10 Therese Fehrer , Rocío Cabrera Lozoya , Antonino Sabetta , Dario Di Nucci , Damian A. Tamburri

As large language models (LLMs) are increasingly adopted for code vulnerability detection, their reliability and robustness across diverse vulnerability types have become a pressing concern. In traditional adversarial settings, code…

Cryptography and Security · Computer Science 2025-12-19 Xiao Li , Yue Li , Hao Wu , Yue Zhang , Yechao Zhang , Fengyuan Xu , Sheng Zhong

Open-source projects are essential to software development, but publicly disclosing vulnerabilities without fixes increases the risk of exploitation. The Open Source Security Foundation (OpenSSF) addresses this issue by promoting robust…

Vulnerability detection is crucial to protect software security. Nowadays, deep learning (DL) is the most promising technique to automate this detection task, leveraging its superior ability to extract patterns and representations within…

Software Engineering · Computer Science 2026-02-13 Yuejun Guo , Qiang Hu , Qiang Tang , Yves Le Traon

The Open Source Software movement has been growing exponentially for a number of years with no signs of slowing. Driving this growth is the widespread availability of libraries and frameworks that provide many functionalities. Developers…

Software Engineering · Computer Science 2022-06-22 Stan Zajdel , Diego Elias Costa , Hafedh Mili

Code obfuscation is widely adopted in modern software development to protect intellectual property and hinder reverse engineering, but it also provides attackers with a powerful means to conceal malicious logic inside otherwise legitimate…

Cryptography and Security · Computer Science 2026-04-02 Francesco Pagano , Lorenzo Pisu , Leonardo Regano , Davide Maiorca , Alessio Merlo , Giorgio Giacinto

With the increasing usage of open-source software (OSS) components, vulnerabilities embedded within them are propagated to a huge number of underlying applications. In practice, the timely application of security patches in downstream…

Cryptography and Security · Computer Science 2023-01-09 Xinda Wang , Shu Wang , Pengbin Feng , Kun Sun , Sushil Jajodia , Sanae Benchaaboun , Frank Geck

Deep learning (DL) models of code have recently reported great progress for vulnerability detection. In some cases, DL-based models have outperformed static analysis tools. Although many great models have been proposed, we do not yet have a…

Software Engineering · Computer Science 2023-02-14 Benjamin Steenhoek , Md Mahbubur Rahman , Richard Jiles , Wei Le

The rapid advancement of Large Language Models (LLMs) has enhanced software development processes, minimizing the time and effort required for coding and enhancing developer productivity. However, despite their potential benefits, code…

Cryptography and Security · Computer Science 2025-04-30 Swaroop Dora , Deven Lunkad , Naziya Aslam , S. Venkatesan , Sandeep Kumar Shukla