English
Related papers

Related papers: Can Highlighting Help GitHub Maintainers Track Sec…

200 papers

Timely patching is paramount to safeguard users and maintainers against dire consequences of malicious attacks. In practice, patching is prioritized following the nature of the code change that is committed in the code repository. When such…

Software Engineering · Computer Science 2020-01-27 Arthur D. Sawadogo , Tegawendé F. Bissyandé , Naouel Moha , Kevin Allix , Jacques Klein , Li Li , Yves Le Traon

Software is prone to bugs and failures. Security bugs are those that expose or share privileged information and access in violation of the software's requirements. Given the seriousness of security bugs, there are centralized mechanisms for…

Software Engineering · Computer Science 2020-12-16 Daito Nakano , Mingyang Yin , Ryosuke Sato , Abram Hindle , Yasutaka Kamei , Naoyasu Ubayashi

Software vulnerabilities pose serious risks to modern software ecosystems. While the National Vulnerability Database (NVD) is the authoritative source for cataloging these vulnerabilities, it often lacks explicit links to the corresponding…

Software Engineering · Computer Science 2025-09-10 Huu Hung Nguyen , Anh Tuan Nguyen , Thanh Le-Cong , Yikun Li , Han Wei Ang , Yide Yin , Frank Liauw , Shar Lwin Khin , Ouh Eng Lieh , Ting Zhang , David Lo

The absolute majority of software today is developed collaboratively using collaborative version control tools such as Git. It is a common practice that once a vulnerability is detected and fixed, the developers behind the software issue a…

Cryptography and Security · Computer Science 2023-02-07 Nitzan Farhi , Noam Koenigstein , Yuval Shavitt

Patch reviewing is critical for software development, especially in distributed open-source development, which highly depends on voluntary work, such as Linux. This paper studies the past 10 years of patch reviews of the Linux memory…

Software Engineering · Computer Science 2026-03-27 Chih-En Lin , Attreyee Mukherjee , Ajay Rawat , Ruqi Zhang , Pedro Fonseca

Sophisticated phishing attacks have emerged as a major cybersecurity threat, becoming more common and difficult to prevent. Though machine learning techniques have shown promise in detecting phishing attacks, they function mainly as "black…

Cryptography and Security · Computer Science 2025-03-28 Bryan Lim , Roman Huerta , Alejandro Sotelo , Anthonie Quintela , Priyanka Kumar

Large Language Models (LLMs) are increasingly being integrated into services such as ChatGPT to provide responses to user queries. To mitigate potential harm and prevent misuse, there have been concerted efforts to align the LLMs with human…

Cryptography and Security · Computer Science 2024-12-30 Xiaomeng Hu , Pin-Yu Chen , Tsung-Yi Ho

Open-source code is pervasive. In this setting, embedded vulnerabilities are spreading to downstream software at an alarming rate. While such vulnerabilities are generally identified and addressed rapidly, inconsistent maintenance policies…

Cryptography and Security · Computer Science 2024-11-27 Xunzhu Tang , Zhenghan Chen , Kisub Kim , Haoye Tian , Saad Ezzini , Jacques Klein

Open-source software (OSS) vulnerabilities are increasingly prevalent, emphasizing the importance of security patches. However, in widely used security platforms like NVD, a substantial number of CVE records still lack trace links to…

Software Engineering · Computer Science 2024-07-25 Kaixuan Li , Jian Zhang , Sen Chen , Han Liu , Yang Liu , Yixiang Chen

App reviews reflect various user requirements that can aid in planning maintenance tasks. Recently, proposed approaches for automatically classifying user reviews rely on machine learning algorithms. A previous study demonstrated that…

Software Engineering · Computer Science 2025-07-15 Yasaman Abedini , Abbas Heydarnoori

Mapping National Vulnerability Database (NVD) records to vulnerability-fixing commits (VFCs) is crucial for vulnerability analysis but challenging due to sparse explicit links in NVD references. This study explores this mapping's…

Version control systems are commonly used to manage open-source software, in which each commit may introduce new vulnerabilities or fix existing ones. Researchers have developed various tools for detecting vulnerabilities in code commits,…

Software Engineering · Computer Science 2025-01-08 Zhaonan Wu , Yanjie Zhao , Chen Wei , Zirui Wan , Yue Liu , Haoyu Wang

The increasing reliance of software projects on third-party libraries has raised concerns about the security of these libraries due to hidden vulnerabilities. Managing these vulnerabilities is challenging due to the time gap between fixes…

Software Engineering · Computer Science 2023-09-06 Son Nguyen , Thanh Trong Vu , Hieu Dinh Vo

Context: Contemporary code review tools are a popular choice for software quality assurance. Using these tools, reviewers are able to post a linkage between two patches during a review discussion. Large development teams that use a…

Software Engineering · Computer Science 2021-06-07 Dong Wang , Raula Gaikovina Kula , Takashi Ishio , Kenichi Matsumoto

The increasing difficulty to distinguish language-model-generated from human-written text has led to the development of detectors of machine-generated text (MGT). However, in many contexts, a black-box prediction is not sufficient, it is…

Machine Learning · Computer Science 2026-01-21 Loris Schoenegger , Yuxi Xia , Benjamin Roth

Linux kernel stable versions serve the needs of users who value stability of the kernel over new features. The quality of such stable versions depends on the initiative of kernel developers and maintainers to propagate bug fixing patches to…

Software Engineering · Computer Science 2019-11-12 Thong Hoang , Julia Lawall , Yuan Tian , Richard J Oentaryo , David Lo

Self-Admitted Technical Debt (SATD) is a special form of technical debt in which developers intentionally record their hacks in the code by adding comments for attention. Here, we focus on issue-related "On-hold SATD", where developers…

Code Sensitivity refers to the ability of Code LLMs to recognize and respond to details changes in problem descriptions. While current code benchmarks and instruction data focus on difficulty and diversity, sensitivity is overlooked. We…

Computation and Language · Computer Science 2025-05-21 Xianzhen Luo , Qingfu Zhu , Zhiming Zhang , Mingzheng Xu , Tianhao Cheng , Yixuan Wang , Zheng Chu , Shijie Xuyang , Zhiyuan Ma , YuanTao Fan , Wanxiang Che

Security advisories are the primary channel of communication for discovered vulnerabilities in open-source software, but they often lack crucial information. Specifically, 63% of vulnerability database reports are missing their patch links,…

Cryptography and Security · Computer Science 2023-11-06 Trevor Dunlap , Elizabeth Lin , William Enck , Bradley Reaves

Large-scale generative models enabled the development of AI-powered code completion tools to assist programmers in writing code. However, much like other AI-powered tools, AI-powered code completions are not always accurate, potentially…

Human-Computer Interaction · Computer Science 2024-11-12 Helena Vasconcelos , Gagan Bansal , Adam Fourney , Q. Vera Liao , Jennifer Wortman Vaughan
‹ Prev 1 2 3 10 Next ›