English
Related papers

Related papers: The Popularity Hypothesis in Software Security: A …

200 papers

GitHub recommends that projects adopt a security file that outlines vulnerability reporting procedures. However, the effectiveness and operational challenges of such files are not yet fully understood. This study aims to clarify the…

Software Engineering · Computer Science 2025-10-17 Rintaro Kanaji , Brittany Reid , Yutaro Kashiwa , Raula Gaikovina Kula , Hajimu Iida

The choice of password composition policy to enforce on a password-protected system represents a critical security decision, and has been shown to significantly affect the vulnerability of user-chosen passwords to guessing attacks. In…

Cryptography and Security · Computer Science 2024-03-18 Saul Johnson , João F. Ferreira , Alexandra Mendes , Julien Cordry

Open-source software is widely used in commercial applications. Pair that with the fact that when choosing open-source software for a new problem, developers often use social proof as a cue. These two facts raise concerns that bad actors…

Computers and Society · Computer Science 2026-03-10 Lucas Shen , Gaurav Sood

Open-source projects are essential to software development, but publicly disclosing vulnerabilities without fixes increases the risk of exploitation. The Open Source Security Foundation (OpenSSF) addresses this issue by promoting robust…

Secure software is a cornerstone to safe and resilient digital ecosystems. It offers strong foundation to protect users' sensitive data and guard against cyber-threats. The rapidly increasing landscape of digital economy has encouraged…

Cryptography and Security · Computer Science 2023-07-13 Irum Rauf , Tamara Lopez , Thein Tun , Marian Petre , Bashar Nuseibeh

With the advent of open source software, a veritable treasure trove of previously proprietary software development data was made available. This opened the field of empirical software engineering research to anyone in academia. Data that is…

Software Engineering · Computer Science 2022-04-19 Adam Tutko , Austin Z. Henley , Audris Mockus

Stack Overflow (SO) is the most popular online Q&A site for developers to share their expertise in solving programming issues. Given multiple answers to certain questions, developers may take the accepted answer, the answer from a person…

Software Engineering · Computer Science 2019-01-08 Mengsu Chen , Felix Fischer , Na Meng , Xiaoyin Wang , Jens Grossklags

Open-Source Projects and Libraries are being used in software development while also bearing multiple security vulnerabilities. This use of third party ecosystem creates a new kind of attack surface for a product in development. An…

Software Engineering · Computer Science 2018-08-15 Lorenzo Neil , Sudip Mittal , Anupam Joshi

GitHub is the world's largest collection of open source software. Therefore, it is important both to software developers and users to compare and track the popularity of GitHub repositories. In this paper, we propose a framework to assess…

Software Engineering · Computer Science 2017-03-22 Hudson Borges , Marco Tulio Valente , Andre Hora , Jailton Coelho

Open source software (OSS) vulnerabilities threaten the security of software systems that use OSS. Vulnerability databases provide valuable information (e.g., vulnerable version and patch) to mitigate OSS vulnerabilities. There arises a…

Software Engineering · Computer Science 2023-10-03 Congying Xu , Bihuan Chen , Chenhao Lu , Kaifeng Huang , Xin Peng , Yang Liu

Identifying security issues early is encouraged to reduce the latent negative impacts on software systems. Code review is a widely-used method that allows developers to manually inspect modified code, catching security issues during a…

Software Engineering · Computer Science 2024-05-10 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Software vulnerabilities have a large negative impact on the software systems that we depend on daily. Reports on software vulnerabilities always paint a grim picture, with some reports showing that 83% of organizations depend on vulnerable…

Software Engineering · Computer Science 2020-09-22 Mahmoud Alfadel , Diego Elias Costa , Mouafak Mokhallalati , Emad Shihab , Bram Adams

Information security isn't just about software and hardware -- it's at least as much about policies and processes. But the research community overwhelmingly focuses on the former over the latter, while gaping policy and process problems…

Cryptography and Security · Computer Science 2024-03-25 Arvind Narayanan , Kevin Lee

The latest advancements in large language models (LLMs) have sparked interest in their potential for software vulnerability detection. However, there is currently a lack of research specifically focused on vulnerabilities in the PHP…

Cryptography and Security · Computer Science 2024-10-11 Di Cao , Yong Liao , Xiuwei Shang

Reusing third-party libraries increases productivity and saves time and costs for developers. However, the downside is the presence of vulnerabilities in those libraries, which can lead to catastrophic outcomes. For instance, Apache Log4J…

Software Engineering · Computer Science 2024-11-20 Yi Wen Heng , Zeyang Ma , Haoxiang Zhang , Zhenhao Li , Tse-Hsun , Chen

Software developers attempt to reproduce software bugs to understand their erroneous behaviours and to fix them. Unfortunately, they often fail to reproduce (or fix) them, which leads to faulty, unreliable software systems. However, to…

Software Engineering · Computer Science 2021-08-12 Mohammad Masudur Rahman , Foutse Khomh , Marco Castelluccio

Open source software ecosystems consist of thousands of interdependent libraries, which users can combine to great effect. Recent work has pointed out two kinds of risks in these systems: that technical problems like bugs and…

Software Engineering · Computer Science 2022-05-11 William Schueller , Johannes Wachs

Third-party library dependencies are commonplace in today's software development. With the growing threat of security vulnerabilities, applying security fixes in a timely manner is important to protect software systems. As such, the…

Software Engineering · Computer Science 2022-05-18 Ayano Ikegami , Raula Gaikovina Kula , Bodin Chinthanet , Vittunyuta Maeprasart , Ali Ouni , Takashi Ishio , Kenichi Matsumoto

Python is very popular because it can be used for a wider audience of developers, data scientists, machine learning experts and so on. Like other programming languages, there are beginner to advanced levels of writing Python code. However,…

Software Engineering · Computer Science 2024-10-11 Indira Febriyanti , Youmei Fan , Kazumasa Shimari , Kenichi Matsumoto , Raula Gaikovina Kula

Software ecosystems built around programming languages have greatly facilitated software development. At the same time, their security has increasingly been acknowledged as a problem. To this end, the paper examines the previously…

Cryptography and Security · Computer Science 2025-08-29 Jukka Ruohonen , Mubashrah Saddiqa