English
Related papers

Related papers: GoSurf: Identifying Software Supply Chain Attack V…

200 papers

Retrieval-Augmented Code Generation (RACG) is increasingly adopted to enhance Large Language Models for software development, yet its security implications remain dangerously underexplored. This paper conducts the first systematic…

Cryptography and Security · Computer Science 2025-12-29 Tian Li , Bo Lin , Shangwen Wang , Yusong Tan

In recent years, various software supply chain (SSC) attacks have posed significant risks to the global community. Severe consequences may arise if developers integrate insecure code snippets that are vulnerable to SSC attacks into their…

Cryptography and Security · Computer Science 2025-09-25 Xiaofan Li , Xing Gao

The proliferation of agentic AI coding assistants, including Claude Code, GitHub Copilot, Cursor, and emerging skill-based architectures, has fundamentally transformed software development workflows. These systems leverage Large Language…

Cryptography and Security · Computer Science 2026-01-27 Narek Maloyan , Dmitry Namiot

Recently, the number of malicious open-source packages in package repositories has been increasing dramatically. While major security scanners focus on identifying known Common Vulnerabilities and Exposures (CVEs) in open-source packages,…

Cryptography and Security · Computer Science 2025-11-20 Thanh-Cong Nguyen , Ngoc-Thanh Nguyen , Van-Giau Ung , Duc-Ly Vu

Deep neural networks are vulnerable to a range of adversaries. A particularly pernicious class of vulnerabilities are backdoors, where model predictions diverge in the presence of subtle triggers in inputs. An attacker can implant a…

Machine Learning · Computer Science 2022-12-20 Goutham Ramakrishnan , Aws Albarghouthi

Supply chain attacks have emerged as a prominent cybersecurity threat in recent years. Reproducible and bootstrappable builds have the potential to reduce such attacks significantly. In combination with independent, exhaustive and periodic…

Cryptography and Security · Computer Science 2025-05-29 Joshua Drexel , Esther Hänggi , Iyán Méndez Veiga

The Web is replete with tutorial-style content on how to accomplish programming tasks. Unfortunately, even top-ranked tutorials suffer from severe security vulnerabilities, such as cross-site scripting (XSS), and SQL injection (SQLi).…

Cryptography and Security · Computer Science 2017-04-11 Tommi Unruh , Bhargava Shastry , Malte Skoruppa , Federico Maggi , Konrad Rieck , Jean-Pierre Seifert , Fabian Yamaguchi

Software applications are subject to an increasing number of attacks, resulting in data breaches and financial damage. Many solutions have been considered to help mitigate these attacks, such as the integration of attack-awareness…

Cryptography and Security · Computer Science 2020-07-20 Tolga Ünlü , Lynsay A. Shepherd , Natalie Coull , Colin McLean

Web applications continue to be a favorite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high impact vulnerabilities. Static analysis tools are important to…

Cryptography and Security · Computer Science 2022-01-19 Ibéria Medeiros , Nuno Neves , Miguel Correia

Detecting security vulnerabilities in open-source software is a critical task that is highly regarded in the related research communities. Several approaches have been proposed in the literature for detecting vulnerable codes and…

Cryptography and Security · Computer Science 2025-07-25 Nima Atashin , Behrouz Tork Ladani , Mohammadreza Sharbaf

Package confusion attacks such as typosquatting threaten software supply chains. Attackers make packages with names that syntactically or semantically resemble legitimate ones, tricking engineers into installing malware. While prior work…

Cryptography and Security · Computer Science 2025-08-05 Wenxin Jiang , Berk Çakar , Mikola Lysenko , James C. Davis

TypeScript has rapidly become a popular language for modern web development, yet its effect on software faults remains poorly understood. This paper presents the first large-scale empirical study of bugs in real-world TypeScript projects.…

Software Engineering · Computer Science 2026-01-30 TianYi Tang , Saba Alimadadi , Nick Sumner

Open-source software (OSS) is a critical part of the software supply chain. Recent social engineering attacks against OSS development teams have enabled attackers to become code contributors and later inject malicious code or…

Software Engineering · Computer Science 2021-07-05 Luiz Giovanini , Daniela Oliveira , Huascar Sanchez , Deborah Shands

Software vulnerabilities remain a significant risk factor in achieving security objectives within software development organizations. This is especially true where either proprietary or open-source software (OSS) is included in the…

Software Engineering · Computer Science 2025-09-23 James J. Cusick

Large Language Models for code (LLMs4Code) are increasingly used to generate software artifacts, including library and package recommendations in languages such as Go. However, recent evidence shows that LLMs frequently hallucinate package…

Software Engineering · Computer Science 2025-12-10 Md Nazmul Haque , Elizabeth Lin , Lawrence Arkoh , Biruk Tadesse , Bowen Xu

Go is a popular concurrent programming language thanks to its ability to efficiently combine concurrency and systems programming. In Go programs, a number of concurrency bugs can be caused by a mixture of data races and communication…

Programming Languages · Computer Science 2021-11-22 Julia Gabet , Nobuko Yoshida

Runtime introspection of dependencies, i.e., the ability to observe which dependencies are currently used during program execution, is fundamental for Software Supply Chain security. Yet, Java has no support for it. We solve this problem…

Software Engineering · Computer Science 2026-04-15 Serena Cofano , Daniel Williams , Aman Sharma , Martin Monperrus

Open source software ecosystems consist of thousands of interdependent libraries, which users can combine to great effect. Recent work has pointed out two kinds of risks in these systems: that technical problems like bugs and…

Software Engineering · Computer Science 2022-05-11 William Schueller , Johannes Wachs

In recent years, large language models (LLMs) have made significant progress in the field of code generation. However, as more and more users rely on these models for software development, the security risks associated with code generation…

Artificial Intelligence · Computer Science 2024-08-21 Shangxi Wu , Jitao Sang

Exploit proof-of-concepts (PoCs) for known vulnerabilities are widely shared in the security community. They help security analysts to learn from each other and they facilitate security assessments and red teaming tasks. In the recent…

Cryptography and Security · Computer Science 2023-06-08 Soufian El Yadmani , Robin The , Olga Gadyatskaya