English
Related papers

Related papers: Reading Between the Code Lines: On the Use of Self…

200 papers

Automated static analysis tools (ASATs) have become a major part of the software development workflow. Acting on the generated warnings, i.e., changing the code indicated in the warning, should be part of, at latest, the code review phase.…

Software Engineering · Computer Science 2021-09-09 Alexander Trautsch , Steffen Herbold , Jens Grabowski

Background: Despite the widespread use of automated security defect detection tools, software projects still contain many security defects that could result in serious damage. Such tools are largely context-insensitive and may not cover all…

Software Engineering · Computer Science 2023-07-06 Jiaxin Yu , Liming Fu , Peng Liang , Amjed Tahir , Mojtaba Shahin

The advent of Autonomous Driving Systems (ADS) has marked a significant shift towards intelligent transportation, with implications for public safety and traffic efficiency. While these systems integrate a variety of technologies and offer…

Software Engineering · Computer Science 2025-02-28 Wenyuan Cheng , Zengyang Li , Peng Liang , Ran Mo , Hui Liu

Large Language Models (LLMs) are increasingly embedded in software via APIs like OpenAI, offering powerful AI features without heavy infrastructure. Yet these integrations bring their own form of self-admitted technical debt (SATD). In this…

Software Engineering · Computer Science 2025-09-26 Ahmed Aljohani , Hyunsook Do

Technical Debt (TD) refers to the situation where developers make trade-offs to achieve short-term goals at the expense of long-term code quality, which can have a negative impact on the quality of software systems. In the context of code…

Software Engineering · Computer Science 2022-09-27 Liming Fu , Peng Liang , Zeeshan Rasheed , Zengyang Li , Amjed Tahir , Xiaofeng Han

Automated Static Analysis Tools (ASATs) are part of software development best practices. ASATs are able to warn developers about potential problems in the code. On the one hand, ASATs are based on best practices so there should be a…

Software Engineering · Computer Science 2021-11-19 Alexander Trautsch , Steffen Herbold , Jens Grabowski

Dockerfiles enable the creation of portable container-based execution environments for the application code, and have become an important part of the modern software development process. As Dockerfiles are a form of Infrastructure-as-Code…

Software Engineering · Computer Science 2026-05-21 Wei Minn , Yan Naing Tun , Biniam Fesseha Demissie , Rui'ang Hu , Jiakun Liu , Mariano Ceccato , Lwin Khin Shar , David Lo

Static analysis tools are frequently used to scan the source code and detect deviations from the project coding guidelines. Given their importance, linters are often introduced to classrooms to educate students on how to detect and…

Software Engineering · Computer Science 2023-07-20 Eman Abdullah AlOmar , Salma Abdullah AlOmar , Mohamed Wiem Mkaouer

Technical debt (TD) is a metaphor that is used to communicate the consequences of poor software development practices to non-technical stakeholders. In recent years, it has gained significant attention in agile software development (ASD).…

Software Engineering · Computer Science 2024-01-29 Woubshet Nema Behutiye , Pilar Rodriguez , Markku Oivo , Ayse Tosun

Identifying security issues early is encouraged to reduce the latent negative impacts on software systems. Code review is a widely-used method that allows developers to manually inspect modified code, catching security issues during a…

Software Engineering · Computer Science 2024-05-10 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

The Common Weakness Enumeration (CWE) is a prominent list of software weakness types. This list is used by vulnerability databases to describe the underlying security flaws within analyzed vulnerabilities. This linkage opens the possibility…

Cryptography and Security · Computer Science 2020-06-16 Peter Mell , Assane Gueye

Context: Previous research on software aging is limited with focus on dynamic runtime indicators like memory and performance, often neglecting evolutionary indicators like source code comments and narrowly examining legacy issues within the…

Software Engineering · Computer Science 2025-04-25 Murali Sridharan , Mika Mäntylä , Leevi Rantala

To protect cryptographic implementations from side-channel vulnerabilities, developers must adopt constant-time programming practices. As these can be error-prone, many side-channel detection tools have been proposed. Despite this, such…

Cryptography and Security · Computer Science 2023-10-13 Antoine Geimer , Mathéo Vergnolle , Frédéric Recoules , Lesly-Ann Daniel , Sébastien Bardin , Clémentine Maurice

Static Application Security Testing (SAST) tools using taint analysis are widely viewed as providing higher-quality vulnerability detection results compared to traditional pattern-based approaches. However, performing static taint analysis…

Security code review is a time-consuming and labor-intensive process typically requiring integration with automated security defect detection tools. However, existing security analysis tools struggle with poor generalization, high false…

Software Engineering · Computer Science 2026-05-12 Jiaxin Yu , Peng Liang , Yujia Fu , Amjed Tahir , Mojtaba Shahin , Chong Wang , Yangxiao Cai

Modern software relies on a multitude of automated testing and quality assurance tools to prevent errors, bugs and potential vulnerabilities. This study sets out to provide a head-to-head, quantitative and qualitative evaluation of six…

Software Engineering · Computer Science 2025-08-07 Damian Gnieciak , Tomasz Szandala

Background. Technical debt (TD) has long been one of the key factors influencing the maintainability of software products. It represents technical compromises that sacrifice long-term software quality for potential short-term benefits.…

Software Engineering · Computer Science 2024-07-31 Xiaozhou Li , Matteo Esposito , Andrea Janes , Valentina Lenarduzzi

Web applications continue to be a favorite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high impact vulnerabilities. Static analysis tools are important to…

Cryptography and Security · Computer Science 2022-01-19 Ibéria Medeiros , Nuno Neves , Miguel Correia

Self-admitted technical debt refers to situations where a software developer knows that their current implementation is not optimal and indicates this using a source code comment. In this work, we hypothesize that it is possible to develop…

Software Engineering · Computer Science 2019-10-22 Rungroj Maipradit , Christoph Treude , Hideaki Hata , Kenichi Matsumoto

Automatic Static Analysis Tools (ASATs) are widely used by software developers to diffuse and enforce coding practices. Yet, we know little about the documentation of ASATs, despite it being critical to learn about the coding practices in…

Software Engineering · Computer Science 2024-02-14 Corentin Latappy , Thomas Degueule , Jean-Rémy Falleri , Romain Robbes , Xavier Blanc , Cédric Teyton
‹ Prev 1 3 4 5 6 7 10 Next ›