English
Related papers

Related papers: Diffploit: Facilitating Cross-Version Exploit Migr…

200 papers

Although using third-party libraries is common practice when writing software, vulnerabilities may be found even in well-known libraries. Detected vulnerabilities are often fixed quickly in the library code. The easiest way to include these…

Software Engineering · Computer Science 2023-05-23 Kristiina Rahkema , Dietmar Pfahl

Large language models (LLMs) are now largely involved in software development workflows, and the code they generate routinely includes third-party library (TPL) imports annotated with specific version identifiers. These version choices can…

Software Engineering · Computer Science 2026-05-08 Chengjie Wang , Jingzheng Wu , Xiang Ling , Tianyue Luo , Chen Zhao

Deep Learning (DL) compilers typically load a DL model and optimize it with intermediate representation.Existing DL compiler testing techniques mainly focus on model optimization stages, but rarely explore bug detection at the model loading…

Software Engineering · Computer Science 2024-08-15 Qingchao Shen , Yongqiang Tian , Haoyang Ma , Junjie Chen , Lili Huang , Ruifeng Fu , Shing-Chi Cheung , Zan Wang

Vulnerabilities in open-source software can cause cascading effects in the modern digital ecosystem. It is especially worrying if these vulnerabilities repeat across many projects, as once the adversaries find one of them, they can scale up…

Cryptography and Security · Computer Science 2025-05-27 Jafar Akhoundali , Hamidreza Hamidi , Kristian Rietveld , Olga Gadyatskaya

Software is prone to bugs and failures. Security bugs are those that expose or share privileged information and access in violation of the software's requirements. Given the seriousness of security bugs, there are centralized mechanisms for…

Software Engineering · Computer Science 2020-12-16 Daito Nakano , Mingyang Yin , Ryosuke Sato , Abram Hindle , Yasutaka Kamei , Naoyasu Ubayashi

Open-Source Software (OSS) vulnerabilities bring great challenges to the software security and pose potential risks to our society. Enormous efforts have been devoted into automated vulnerability detection, among which deep learning…

Cryptography and Security · Computer Science 2024-02-09 Xinchen Wang , Ruida Hu , Cuiyun Gao , Xin-Cheng Wen , Yujia Chen , Qing Liao

Timely resolution and disclosure of vulnerabilities are essential for maintaining the security of open-source software. However, many vulnerabilities remain unreported, unpatched, or undisclosed for extended periods, exposing users to…

Cryptography and Security · Computer Science 2026-03-31 Arjun Sridharkumar , Sara Al Hajj Ibrahim , Jiayuan Zhou , Yuliang Wang , Safwat Hassan , Ahmed E. Hassan , Shurui Zhou

Context: The IoT system infrastructure platform facility vulnerability attack has become the main battlefield of network security attacks. Most of the traditional vulnerability mining methods rely on vulnerability detection tools to realize…

Cryptography and Security · Computer Science 2022-12-06 Wen Zhou

Deep learning (DL) libraries, widely used in AI applications, often contain vulnerabilities like buffer overflows and use-after-free errors. Traditional fuzzing struggles with the complexity and API diversity of DL libraries such as…

Software Engineering · Computer Science 2025-01-09 Kunpeng Zhang , Shuai Wang , Jitao Han , Xiaogang Zhu , Xian Li , Shaohua Wang , Sheng Wen

Python applications depend on third-party native libraries that may be vendored within package distributions or installed on the host system. When vulnerabilities are discovered in these native libraries, determining which Python packages…

Migration guides are a form of software documentation that helps developers address breaking changes introduced in library version updates. Prior studies have examined documents such as release notes, API reference manuals, and patch notes.…

Software Engineering · Computer Science 2026-05-20 Takahiro Monno , Kazumasa Shimari , Tetsuya Kanda , Kazuma Yamasaki , Kenichi Matsumoto

The development of machine learning techniques for discovering software vulnerabilities relies fundamentally on the availability of appropriate datasets. The ideal dataset consists of a large and diverse collection of real-world…

Cryptography and Security · Computer Science 2025-04-29 Sima Arasteh , Georgios Nikitopoulos , Wei-Cheng Wu , Nicolaas Weideman , Aaron Portnoy , Mukund Raghothaman , Christophe Hauser

The source code of successful projects is evolving all the time, resulting in hundreds of thousands of code changes stored in source code repositories. This wealth of data can be useful, e.g., to find changes similar to a planned code…

Software Engineering · Computer Science 2022-11-01 Luca Di Grazia , Paul Bredl , Michael Pradel

Third-party library reuse has become common practice in contemporary software development, as it includes several benefits for developers. Library dependencies are constantly evolving, with newly added features and patches that fix bugs in…

Software Engineering · Computer Science 2017-09-15 Raula Gaikovina Kula , Daniel M. German , Ali Ouni , Takashi Ishio , Katsuro Inoue

Advancing our understanding of software vulnerabilities, automating their identification, the analysis of their impact, and ultimately their mitigation is necessary to enable the development of software that is more secure. While operating…

Software Engineering · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta , Michele Bezzi , Cédric Dangremont

Security vulnerabilities present in a code that has been written in diverse programming languages are among the most critical yet complicated aspects of source code to detect. Static analysis tools based on rule-based patterns usually do…

Cryptography and Security · Computer Science 2025-08-19 Hael Abdulhakim Ali Humran , Ferdi Sonmez

The integration of open-source third-party library dependencies in Java development introduces significant security risks when these libraries contain known vulnerabilities. Existing Software Composition Analysis (SCA) tools struggle to…

Software Engineering · Computer Science 2025-07-25 Wang Lingxiang , Quanzhi Fu , Wenjia Song , Gelei Deng , Yi Liu , Dan Williams , Ying Zhang

Vulnerability fixes in open source software (OSS) usually follow the coordinated vulnerability disclosure model and are silently fixed. This delay can expose OSS users to risks as malicious parties might exploit the software before fixes…

Software Engineering · Computer Science 2024-09-26 Xu Yang , Shaowei Wang , Jiayuan Zhou , Xing Hu

The rapid evolution of software libraries presents a significant challenge for code generation models, which must adapt to frequent version updates while maintaining compatibility with previous versions. Existing code completion benchmarks…

Software Engineering · Computer Science 2024-11-12 Nizar Islah , Justine Gehring , Diganta Misra , Eilif Muller , Irina Rish , Terry Yue Zhuo , Massimo Caccia

Source code vulnerability detection aims to identify inherent vulnerabilities to safeguard software systems from potential attacks. Many prior studies overlook diverse vulnerability characteristics, simplifying the problem into a binary…

Cryptography and Security · Computer Science 2024-04-16 Shangqing Liu , Wei Ma , Jian Wang , Xiaofei Xie , Ruitao Feng , Yang Liu