English
Related papers

Related papers: PatchFinder: A Two-Phase Approach to Security Patc…

200 papers

The identification of vulnerabilities is a continuous challenge in software projects. This is due to the evolution of methods that attackers employ as well as the constant updates to the software, which reveal additional issues. As a…

Cryptography and Security · Computer Science 2023-09-19 Irdin Pekaric , Michael Felderer , Philipp Steinmüller

Software vulnerabilities (SVs) have emerged as a prevalent and critical concern for safety-critical security systems. This has spurred significant advancements in utilizing AI-based methods, including machine learning and deep learning, for…

Software Engineering · Computer Science 2025-10-07 Van Nguyen , Surya Nepal , Tingmin Wu , Xingliang Yuan , Carsten Rudolph

We present a comprehensive dataset of Java vulnerability-fixing commits (VFCs) to advance research in Java vulnerability analysis. Our dataset, derived from thousands of open-source Java projects on GitHub, comprises two variants: JavaVFC…

Software Engineering · Computer Science 2024-09-10 Tan Bui , Yan Naing Tun , Yiran Cheng , Ivana Clairine Irsan , Ting Zhang , Hong Jin Kang

Software vulnerabilities are major risks to software systems. Recently, researchers have proposed many deep learning approaches to detect software vulnerabilities. However, their accuracy is limited in practice. One of the main causes is…

Software Engineering · Computer Science 2025-11-13 Zeru Cheng , Yanjing Yang , He Zhang , Lanxin Yang , Jinghao Hu , Jinwei Xu , Bohan Liu , Haifeng Shen

Open-source software (OSS) is widely reused as it provides convenience and efficiency in software development. Despite evident benefits, unmanaged OSS components can introduce threats, such as vulnerability propagation and license…

Software Engineering · Computer Science 2021-02-12 Seunghoon Woo , Sunghan Park , Seulbae Kim , Heejo Lee , Hakjoo Oh

In the open source software (OSS) ecosystem, there exists a complex software supply chain, where developers upstream and downstream widely borrow and reuse code. This results in the widespread occurrence of recurring defects, missing fixes,…

Cryptography and Security · Computer Science 2024-01-31 Fuwei Wang , Yongzhi Liu , Zhiqiang Dong

Vulnerability detection plays a key role in secure software development. There are many different vulnerability detection tools and techniques to choose from, and insufficient information on which vulnerability detection techniques to use…

Software Engineering · Computer Science 2021-03-10 Sarah Elder

In the domain of security, vulnerabilities frequently remain undetected even after their exploitation. In this work, vulnerabilities refer to publicly disclosed flaws documented in Common Vulnerabilities and Exposures (CVE) reports.…

Cryptography and Security · Computer Science 2025-09-05 Refat Othman , Diaeddin Rimawi , Bruno Rossi , Barbara Russo

Context: Software security patch management purports to support the process of patching known software security vulnerabilities. Given the increasing recognition of the importance of software security patch management, it is important and…

Software Engineering · Computer Science 2021-08-23 Nesara Dissanayake , Asangi Jayatilaka , Mansooreh Zahedi , M. Ali Babar

Open-source software (OSS) pipelines rely on automated static analysis tools to prevent the introduction of vulnerabilities in code. However, there is limited understanding of the efficacy of these tools across the OSS ecosystem over time.…

Cryptography and Security · Computer Science 2026-05-11 Jean-Charles Noirot Ferrand , Kyle Domico , Yohan Beugin , Patrick McDaniel

Thousands of security vulnerabilities are discovered in production software each year, either reported publicly to the Common Vulnerabilities and Exposures database or discovered internally in proprietary code. Vulnerabilities often…

Open-Source Projects and Libraries are being used in software development while also bearing multiple security vulnerabilities. This use of third party ecosystem creates a new kind of attack surface for a product in development. An…

Software Engineering · Computer Science 2018-08-15 Lorenzo Neil , Sudip Mittal , Anupam Joshi

Critical open source software systems undergo significant validation in the form of lengthy fuzz campaigns. The fuzz campaigns typically conduct a biased random search over the domain of program inputs, to find inputs which crash the…

Cryptography and Security · Computer Science 2024-11-22 Yuntong Zhang , Jiawei Wang , Dominic Berzin , Martin Mirchev , Dongge Liu , Abhishek Arya , Oliver Chang , Abhik Roychoudhury

Security is a requirement of utmost importance to produce high-quality software. However, there is still a considerable amount of vulnerabilities being discovered and fixed almost weekly. We hypothesize that developers affect the…

Software Engineering · Computer Science 2021-09-14 Sofia Reis , Rui Abreu , Luis Cruz

Most of the current software security analysis tools assess vulnerabilities in isolation. However, sophisticated software supply chain security threats often stem from cascaded vulnerability and security weakness chains that span dependent…

Software Engineering · Computer Science 2026-01-29 Laura Baird , Armin Moin

Accurately assessing software vulnerabilities is essential for effective prioritization and remediation. While various scoring systems exist to support this task, their differing goals, methodologies and outputs often lead to inconsistent…

Cryptography and Security · Computer Science 2025-08-20 Viktoria Koscinski , Mark Nelson , Ahmet Okutan , Robert Falso , Mehdi Mirakhorli

Much of the current software depends on open-source components, which in turn have complex dependencies on other open-source libraries. Vulnerabilities in open source therefore have potentially huge impacts. The goal of this work is to get…

Software Engineering · Computer Science 2023-05-10 Tobias Dam , Sebastian Neumaier

In this paper, we perform a comprehensive study of 2,470 patched Android vulnerabilities that we collect from different data sources such as Android security bulletins, CVEDetails, Qualcomm Code Aurora, AOSP Git repository, and Linux…

Cryptography and Security · Computer Science 2019-05-24 Sadegh Farhang , Mehmet Bahadir Kirdan , Aron Laszka , Jens Grossklags

Open-source software projects are foundational to modern software ecosystems, with the Linux kernel standing out as a critical exemplar due to its ubiquity and complexity. Although security patches are continuously integrated into the Linux…

Open-source software (OSS) has become increasingly more popular across different domains. However, this rapid development and widespread adoption come with a security cost. The growing complexity and openness of OSS ecosystems have led to…

Cryptography and Security · Computer Science 2025-06-17 Seyed Ali Akhavani , Behzad Ousat , Amin Kharraz