English
Related papers

Related papers: From Detection to Prevention: Explaining Security-…

200 papers

As the role of Large Language Models (LLM)-based coding assistants in software development becomes more critical, so does the role of the bugs they generate in the overall cybersecurity landscape. While a number of LLM code security…

Computation and Language · Computer Science 2025-11-07 Cyril Vallez , Alexander Sternfeld , Andrei Kucharavy , Ljiljana Dolamic

Large language models (LLMs) have brought significant advancements to code generation and code repair, benefiting both novice and experienced developers. However, their training using unsanitized data from open-source repositories, like…

Software Engineering · Computer Science 2024-07-08 Jiexin Wang , Xitong Luo , Liuwen Cao , Hongkui He , Hailin Huang , Jiayuan Xie , Adam Jatowt , Yi Cai

The significant increase in software production, driven by the acceleration of development cycles over the past two decades, has led to a steady rise in software vulnerabilities, as shown by statistics published yearly by the CVE program.…

Software Engineering · Computer Science 2025-12-11 Dyna Soumhane Ouchebara , Stéphane Dupont

Logging code plays an important role in software systems by recording key events and behaviors, which are essential for debugging and monitoring. However, insecure logging practices can inadvertently expose sensitive information or enable…

Software Engineering · Computer Science 2026-04-23 He Yang Yuan , Xin Wang , Kundi Yao , An Ran Chen , Zishuo Ding , Zhenhao Li

In software development, the predominant emphasis on functionality often supersedes security concerns, a trend gaining momentum with AI-driven automation tools like GitHub Copilot. These tools significantly improve developers' efficiency in…

Achieving web accessibility is essential to building inclusive digital experiences. However, accessibility issues are often identified only after a website has been fully developed, making them difficult to address. This paper introduces a…

Software Engineering · Computer Science 2025-03-14 Elisa Calì , Tommaso Fulcini , Riccardo Coppola , Lorenzo Laudadio , Marco Torchiano

In recent years, the AI wave has grown rapidly in software development. Even novice developers can now design and generate complex framework-constrained software systems based on their high-level requirements with the help of Large Language…

Software Engineering · Computer Science 2025-11-13 Yue Liu , Zhenchang Xing , Shidong Pan , Chakkrit Tantithamthavorn

Recent advancements in generative AI have led to the widespread adoption of large language models (LLMs) in software engineering, addressing numerous long-standing challenges. However, a comprehensive study examining the capabilities of…

Software Engineering · Computer Science 2025-03-04 Ting Zhang , Chengran Yang , Yindu Su , Martin Weyssow , Hung Nguyen , Tan Bui , Hong Jin Kang , Yikun Li , Eng Lieh Ouh , Lwin Khin Shar , David Lo

Software testing and verification are critical for ensuring the reliability and security of modern software systems. Traditionally, formal verification techniques, such as model checking and theorem proving, have provided rigorous…

Software Engineering · Computer Science 2025-03-17 Norbert Tihanyi , Tamas Bisztray , Mohamed Amine Ferrag , Bilel Cherif , Richard A. Dubniczky , Ridhi Jain , Lucas C. Cordeiro

Command injection vulnerabilities are a significant security threat in dynamic languages like Python, particularly in widely used open-source projects where security issues can have extensive impact. With the proven effectiveness of Large…

Software Engineering · Computer Science 2025-05-22 Yuxuan Wang , Jingshu Chen , Qingyang Wang

The prevalence of security vulnerabilities has prompted companies to adopt static application security testing (SAST) tools for vulnerability detection. Nevertheless, these tools frequently exhibit usability limitations, as their generic…

Software vulnerability detection is generally supported by automated static analysis tools, which have recently been reinforced by deep learning (DL) models. However, despite the superior performance of DL-based approaches over rule-based…

Software Engineering · Computer Science 2024-05-03 Yanjing Yang , Xin Zhou , Runfeng Mao , Jinwei Xu , Lanxin Yang , Yu Zhangm , Haifeng Shen , He Zhang

In this paper, we present the first comprehensive empirical study of specialized LLM-based detectors and compare them with traditional static analyzers at the project scale. Specifically, our study evaluates five latest and representative…

Software Engineering · Computer Science 2026-01-28 Fengjie Li , Jiajun Jiang , Dongchi Chen , Yingfei Xiong

Large Language Models (LLMs) are increasingly deployed for code generation in high-stakes software development, yet their limited transparency in security reasoning and brittleness to evolving vulnerability patterns raise critical…

Software Engineering · Computer Science 2026-03-03 Manisha Mukherjee , Vincent J. Hellendoorn

Identifying potentially vulnerable locations in a code base is critical as a pre-step for effective vulnerability assessment; i.e., it can greatly help security experts put their time and effort to where it is needed most. Metric-based and…

Software Engineering · Computer Science 2020-01-22 Xiaoning Du , Bihuan Chen , Yuekang Li , Jianmin Guo , Yaqin Zhou , Yang Liu , Yu Jiang

Vulnerability detection is crucial for maintaining software security, and recent research has explored the use of Language Models (LMs) for this task. While LMs have shown promising results, their performance has been inconsistent across…

Cryptography and Security · Computer Science 2024-12-24 Syafiq Al Atiiq , Christian Gehrmann , Kevin Dahlén

Many developers rely on Large Language Models (LLMs) to facilitate software development. Nevertheless, these models have exhibited limited capabilities in the security domain. We introduce LLMSecGuard, a framework to offer enhanced code…

Software Engineering · Computer Science 2024-05-07 Arya Kavian , Mohammad Mehdi Pourhashem Kallehbasti , Sajjad Kazemi , Ehsan Firouzi , Mohammad Ghafari

With the recent unprecedented advancements in Artificial Intelligence (AI) computing, progress in Large Language Models (LLMs) is accelerating rapidly, presenting challenges in establishing clear guidelines, particularly in the field of…

Cryptography and Security · Computer Science 2024-09-04 Nafis Tanveer Islam , Joseph Khoury , Andrew Seong , Elias Bou-Harb , Peyman Najafirad

Software vulnerabilities are a serious and crucial concern. Typically, in a program or function consisting of hundreds or thousands of source code statements, there are only a few statements causing the corresponding vulnerabilities. Most…

Cryptography and Security · Computer Science 2024-06-13 Van Nguyen , Trung Le , Chakkrit Tantithamthavorn , Michael Fu , John Grundy , Hung Nguyen , Seyit Camtepe , Paul Quirk , Dinh Phung

With the rapid development of blockchain technology, smart contract security has become a critical challenge. Existing smart contract vulnerability detection methods face three main issues: (1) Insufficient quality of datasets, lacking…

Cryptography and Security · Computer Science 2024-11-12 Lei Yu , Shiqi Chen , Hang Yuan , Peng Wang , Zhirong Huang , Jingyuan Zhang , Chenjie Shen , Fengjun Zhang , Li Yang , Jiajia Ma