English
Related papers

Related papers: Does the Vulnerability Threaten Our Projects? Auto…

200 papers

Each year, thousands of software vulnerabilities are discovered and reported to the public. Unpatched known vulnerabilities are a significant security risk. It is imperative that software vendors quickly provide patches once vulnerabilities…

Cryptography and Security · Computer Science 2017-07-26 Benjamin L. Bullough , Anna K. Yanchenko , Christopher L. Smith , Joseph R. Zipkin

Identifying recurring vulnerabilities is crucial for ensuring software security. Clone-based techniques, while widely used, often generate many false alarms due to the existence of similar but patched (SBP) code, which is similar to…

Software Engineering · Computer Science 2026-02-10 Zixuan Tan , Jiayuan Zhou , Xing Hu , Shengyi Pan , Kui Liu , Xin Xia

Vulnerabilities in open-source software can cause cascading effects in the modern digital ecosystem. It is especially worrying if these vulnerabilities repeat across many projects, as once the adversaries find one of them, they can scale up…

Cryptography and Security · Computer Science 2025-05-27 Jafar Akhoundali , Hamidreza Hamidi , Kristian Rietveld , Olga Gadyatskaya

Software vulnerabilities are a serious and crucial concern. Typically, in a program or function consisting of hundreds or thousands of source code statements, there are only a few statements causing the corresponding vulnerabilities. Most…

Cryptography and Security · Computer Science 2024-06-13 Van Nguyen , Trung Le , Chakkrit Tantithamthavorn , Michael Fu , John Grundy , Hung Nguyen , Seyit Camtepe , Paul Quirk , Dinh Phung

Filesystem vulnerabilities persist as a significant threat to Android systems, despite various proposed defenses and testing techniques. The complexity of program behaviors and access control mechanisms in Android systems makes it…

Cryptography and Security · Computer Science 2024-07-17 Yu-Tsung Lee , Hayawardh Vijayakumar , Zhiyun Qian , Trent Jaeger

Large Language Models (LLMs) show promise for Automated Program Repair (APR), yet their effectiveness on security vulnerabilities remains poorly characterized. This study analyzes 319 LLM-generated security patchesacross 64 Java…

Cryptography and Security · Computer Science 2026-03-12 Amir Al-Maamari

Visual Programming Languages (VPLs), coupled with the high-level abstractions that are commonplace in visual programming environments, enable users with less technical knowledge to become proficient programmers. However, the lower skill…

Software Engineering · Computer Science 2021-07-16 Miguel Terra-Neves , João Nadkarni , Miguel Ventura , Pedro Resende , Hugo Veiga , António Alegria

Large language model fine-tuning APIs enable widespread model customization, yet pose significant safety risks. Recent work shows that adversaries can exploit access to these APIs to bypass model safety mechanisms by encoding harmful…

Machine Learning · Computer Science 2025-08-26 Jack Youstra , Mohammed Mahfoud , Yang Yan , Henry Sleight , Ethan Perez , Mrinank Sharma

Background. In modern software development, the use of external libraries and packages is increasingly prevalent, streamlining the software development process and enabling developers to deploy feature-rich systems with little coding. While…

Software Engineering · Computer Science 2024-12-09 Haya Samaana , Diego Elias Costa , Emad Shihab , Ahmad Abdellatif

Java platform and third-party libraries provide various security features to facilitate secure coding. However, misusing these features can cost tremendous time and effort of developers or cause security vulnerabilities in software. Prior…

Cryptography and Security · Computer Science 2017-09-29 Na Meng , Stefan Nagy , Daphne Yao , Wenjie Zhuang , Gustavo Arango Argoty

The Web is replete with tutorial-style content on how to accomplish programming tasks. Unfortunately, even top-ranked tutorials suffer from severe security vulnerabilities, such as cross-site scripting (XSS), and SQL injection (SQLi).…

Cryptography and Security · Computer Science 2017-04-11 Tommi Unruh , Bhargava Shastry , Malte Skoruppa , Federico Maggi , Konrad Rieck , Jean-Pierre Seifert , Fabian Yamaguchi

Program analysis tools often produce large volumes of candidate vulnerability reports that require costly manual review, creating a practical challenge: how can security analysts prioritize the reports most likely to be true…

Cryptography and Security · Computer Science 2025-10-24 Ronghao Ni , Aidan Z. H. Yang , Min-Chien Hsu , Nuno Sabino , Limin Jia , Ruben Martins , Darion Cassel , Kevin Cheang

Software supply chain vulnerabilities arise when attackers exploit weaknesses by injecting vulnerable code into widely used packages or libraries within software repositories. While most existing approaches focus on identifying vulnerable…

Cryptography and Security · Computer Science 2025-06-25 Sajal Halder , Muhammad Ejaz Ahmed , Seyit Camtepe

Web applications continue to be a favorite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high impact vulnerabilities. Static analysis tools are important to…

Cryptography and Security · Computer Science 2022-01-19 Ibéria Medeiros , Nuno Neves , Miguel Correia

The number of vulnerabilities reported in open source software has increased substantially in recent years. Security patches provide the necessary measures to protect software from attacks and vulnerabilities. In practice, it is difficult…

Software Engineering · Computer Science 2024-01-17 Zhiyuan Pan , Xing Hu , Xin Xia , Xian Zhan , David Lo , Xiaohu Yang

Currently, Application Programming Interfaces (APIs) are becoming increasingly popular to facilitate data transfer in a variety of mobile applications. These APIs often process sensitive user information through their endpoints, which are…

Cryptography and Security · Computer Science 2023-10-24 Nate Haris , Kendree Chen , Ann Song , Benjamin Pou

Malicious attacks on open-source software packages are a growing concern. The discovery of the XZ Utils backdoor intensified these concerns because of the potential widespread impact. This study, therefore, explores the challenges of…

Cryptography and Security · Computer Science 2025-07-22 Duc-Ly Vu , Trevor Dunlap , Karla Obermeier-Velazquez , Thanh-Cong Nguyen , Paul Gibert , John Speed Meyers , Santiago Torres-Arias

Software Composition Analysis (SCA) has become pivotal in addressing vulnerabilities inherent in software project dependencies. In particular, reachability analysis is increasingly used in Open-Source Software (OSS) projects to identify…

Software Engineering · Computer Science 2025-06-25 Lyuye Zhang , Jian Zhang , Kaixuan Li , Chong Wang , Chengwei Liu , Jiahui Wu , Sen Chen , Yaowen Zheng , Yang Liu

A key challenge in security analysis is the manual evaluation of potential security weaknesses generated by static application security testing (SAST) tools. Numerous false positives (FPs) in these reports reduce the effectiveness of…

Cryptography and Security · Computer Science 2025-07-15 Jonas Wagner , Simon Müller , Christian Näther , Jan-Philipp Steghöfer , Andreas Both

The prevalent usage of open-source software (OSS) has led to an increased interest in resolving potential third-party security risks by fixing common vulnerabilities and exposures (CVEs). However, even with automated code analysis tools in…

Software Engineering · Computer Science 2022-11-16 Frederik L. Dennig , Eren Cakmak , Henrik Plate , Daniel A. Keim
‹ Prev 1 3 4 5 6 7 10 Next ›