English
Related papers

Related papers: Build Code is Still Code: Finding the Antidote for…

200 papers

The software build process transforms source code into deployable artifacts, representing a critical yet vulnerable stage in software development. Build infrastructure security poses unique challenges: the complexity of multi-component…

In the software engineering community, deep learning (DL) has recently been applied to many source code processing tasks. Due to the poor interpretability of DL models, their security vulnerabilities require scrutiny. Recently, researchers…

Software Engineering · Computer Science 2022-11-01 Jia Li , Zhuo Li , Huangzhao Zhang , Ge Li , Zhi Jin , Xing Hu , Xin Xia

Computer-based systems have solved several domain problems, including industrial, military, education, and wearable. Nevertheless, such arrangements need high-quality software to guarantee security and safety as both are mandatory for…

The C and C++ programming languages are notoriously insecure yet remain indispensable. Developers therefore resort to a multi-pronged approach to find security issues before adversaries. These include manual, static, and dynamic program…

Cryptography and Security · Computer Science 2018-06-13 Dokyung Song , Julian Lettner , Prabhu Rajasekaran , Yeoul Na , Stijn Volckaert , Per Larsen , Michael Franz

The digital economy runs on Open Source Software (OSS), with an estimated 90\% of modern applications containing open-source components. While this widespread adoption has revolutionized software development, it has also created critical…

Software Engineering · Computer Science 2025-04-25 Piotr Przymus , Thomas Durieux

Fuzzing has proven to be very effective for discovering certain classes of software flaws, but less effective in helping developers process these discoveries. Conventional crash-based fuzzers lack enough information about failures to…

Cryptography and Security · Computer Science 2024-11-04 Allison Naaktgeboren , Sean Noble Anderson , Andrew Tolmach , Greg Sullivan

Code generation large language models (LLMs) are increasingly integrated into modern software development workflows. Recent work has shown that these models are vulnerable to backdoor and poisoning attacks that induce the generation of…

Cryptography and Security · Computer Science 2026-03-19 Shenao Yan , Shimaa Ahmed , Shan Jin , Sunpreet S. Arora , Yiwei Cai , Yizhen Wang , Yuan Hong

The continuous integration and continuous deployment (CI/CD) pipelines are widely adopted on Internet hosting platforms, such as GitHub. With the popularity, the CI/CD pipeline faces various security threats. However, current CI/CD…

Cryptography and Security · Computer Science 2024-02-01 Ziyue Pan , Wenbo Shen , Xingkai Wang , Yutian Yang , Rui Chang , Yao Liu , Chengwei Liu , Yang Liu , Kui Ren

Software systems have grown as an indispensable commodity used across various industries, and almost all essential services depend on them for effective operation. The software is no longer an independent or stand-alone piece of code…

Software Engineering · Computer Science 2025-05-29 Ritwik Murali , Akash Ravi

With the increasing adoption of Continuous Integration and Continuous Deployment pipelines, securing software supply chains has become a critical challenge for modern DevOps teams. This study addresses these challenges by applying a…

Software Engineering · Computer Science 2025-06-10 Sowmiya Dhandapani

Peer code review has been found to be effective in identifying security vulnerabilities. However, despite practicing mandatory code reviews, many Open Source Software (OSS) projects still encounter a large number of post-release security…

Software Engineering · Computer Science 2021-02-16 Rajshakhar Paul , Asif Kamal Turzo , Amiangshu Bosu

Memory corruption vulnerabilities are endemic to unsafe languages, such as C, and they can even be found in safe languages that themselves are implemented in unsafe languages or linked with libraries implemented in unsafe languages. Robust…

Cryptography and Security · Computer Science 2018-02-06 Ana Nora Evans

Information protection is becoming a focal point for designing, creating and implementing software applications within highly integrated technology environments. The use of a safe coding technique in the software development process is…

Software Engineering · Computer Science 2020-12-11 Isaac Chin Eian , Lim Ka Yong , Majesty Yeap Xiao Li , Noor Affan Bin Noor Hasmaddi , Fatima-tuz-Zahra

Deep learning models have gained popularity for conducting various tasks involving source code. However, their black-box nature raises concerns about potential risks. One such risk is a poisoning attack, where an attacker intentionally…

Cryptography and Security · Computer Science 2025-03-18 Ehab Ghannoum , Mohammad Ghafari

In recent years, there has been a growing concern with software integrity, that is, the assurance that software has not been tampered with on the path between developers and users. This path is represented by a software development pipeline…

Cryptography and Security · Computer Science 2022-11-14 B. M. Reichert , R. R. Obelheiro

Neural code models (NCMs) have demonstrated extraordinary capabilities in code intelligence tasks. Meanwhile, the security of NCMs and NCMs-based systems has garnered increasing attention. In particular, NCMs are often trained on…

Software Engineering · Computer Science 2025-02-25 Weisong Sun , Yuchen Chen , Mengzhe Yuan , Chunrong Fang , Zhenpeng Chen , Chong Wang , Yang Liu , Baowen Xu , Zhenyu Chen

Software supply chain frameworks, such as the US NIST Secure Software Development Framework (SSDF), detail what tasks software development organizations are recommended or mandated to adopt to reduce security risk. However, to further…

Software Engineering · Computer Science 2025-07-24 Sivana Hamer , Jacob Bowen , Md Nazmul Haque , Robert Hines , Chris Madden , Laurie Williams

CPUs provide isolation mechanisms like virtualization and privilege levels to protect software. Yet these focus on architectural isolation while typically overlooking microarchitectural side channels, exemplified by Meltdown and Foreshadow.…

Cryptography and Security · Computer Science 2025-07-09 Oleksii Oleksenko , Flavien Solt , Cédric Fournet , Jana Hofmann , Boris Köpf , Stavros Volos

Code obfuscation is widely adopted in modern software development to protect intellectual property and hinder reverse engineering, but it also provides attackers with a powerful means to conceal malicious logic inside otherwise legitimate…

Cryptography and Security · Computer Science 2026-04-02 Francesco Pagano , Lorenzo Pisu , Leonardo Regano , Davide Maiorca , Alessio Merlo , Giorgio Giacinto

With the wave of high-profile supply chain attacks targeting development and client organizations, supply chain security has recently become a focal point. As a result, there is an elevated discussion on securing the development environment…

‹ Prev 1 2 3 10 Next ›