English
Related papers

Related papers: Reading Between the Code Lines: On the Use of Self…

200 papers

Augmenting missing key aspects in Textual Vulnerability Descriptions (TVDs) is crucial for effective vulnerability analysis. For instance, in TVDs, key aspects include Attack Vector, Vulnerability Type, among others. These key aspects help…

Software Engineering · Computer Science 2024-12-17 Linyi Han , Shidong Pan , Zhenchang Xing , Jiamou Sun , Sofonias Yitagesu , Xiaowang Zhang , Zhiyong Feng

In Rust, unsafe code is the sole source of potential undefined behaviors. To avoid misuse, Rust developers should clarify the safety properties for each unsafe API. However, the community currently lacks a key standard for safety…

Programming Languages · Computer Science 2026-04-28 Zihao Rao , Jiping Zhou , Hongliang Tian , Xin Wang , Hui Xu

This work presents ATLAS, an LLM-driven framework that bridges standardized threat modeling and property-based formal verification for System-on-Chip (SoC) security. Starting from vulnerability knowledge bases such as Common Weakness…

Cryptography and Security · Computer Science 2026-04-24 Ishraq Tashdid , Kimia Tasnia , Alexander Garcia , Jonathan Valamehr , Sazadur Rahman

Static analysis tools are commonly used to detect defects before the code is released. Previous research has focused on their overall effectiveness and their ability to detect defects. However, little is known about the usage patterns of…

Software Engineering · Computer Science 2023-11-14 Georgios Liargkovas , Evangelia Panourgia , Diomidis Spinellis

Static analysis tools (SATs) are widely adopted in both academia and industry for improving software quality, yet their practical use is often hindered by high false positive rates, especially in large-scale enterprise systems. These false…

Software Engineering · Computer Science 2026-01-28 Xueying Du , Jiayi Feng , Yi Zou , Wei Xu , Jie Ma , Wei Zhang , Sisi Liu , Xin Peng , Yiling Lou

Searching for clues, gathering evidence, and reviewing case files are all techniques used by criminal investigators to draw sound conclusions and avoid wrongful convictions. Similarly, in software engineering (SE) research, we can develop…

Software Engineering · Computer Science 2023-09-19 Marvin Muñoz Barón , Marvin Wyrich , Daniel Graziotin , Stefan Wagner

Failure detection protocols---a fundamental building block for crafting fault-tolerant distributed systems---are in many cases described by their authors making use of informal pseudo-codes of their conception. Often these pseudo-codes use…

Distributed, Parallel, and Cluster Computing · Computer Science 2015-04-15 Vincenzo De Florio , Chris Blondia

Today's small and medium-sized enterprises (SMEs) in the software industry are faced with major challenges. While having to work efficiently using limited resources they have to perform quality assurance on their code to avoid the risk of…

Software Engineering · Computer Science 2016-11-24 Mario Gleirscher , Dmitriy Golubitskiy , Maximilian Irlbeck , Stefan Wagner

LLM-based coding agents are rapidly being deployed in software development, yet their safety implications remain poorly understood. These agents, while capable of accelerating software development, may exhibit unsafe behaviors during normal…

Artificial Intelligence · Computer Science 2025-08-26 Matous Kozak , Roshanak Zilouchian Moghaddam , Siva Sivaraman

Blockchain smart contracts have emerged as a transformative force in the digital realm, spawning a diverse range of compelling applications. Since solidity smart contracts across various domains manage trillions of dollars in virtual coins,…

Distributed, Parallel, and Cluster Computing · Computer Science 2024-12-12 Zhiyuan Wei , Xianhao Zhang , Jing Sun , Zijian Zhang , Liehuang Zhu

We present the Code Documentation and Analysis Tool (CoDAT). CoDAT is a tool designed to maintain consistency between the various levels of code documentation, e.g. if a line in a code sketch is changed, the comment that documents the…

Software Engineering · Computer Science 2024-07-17 Paul Attie , Anas Obeidat , Nathaniel Oh , Ian Yelle

Context: Software vulnerabilities pose a significant threat to modern software systems, as evidenced by the growing number of reported vulnerabilities and cyberattacks. These escalating trends underscore the urgent need for effective…

Software Engineering · Computer Science 2025-07-01 Siyu Chen , Jiongyi Yang , Xiang Chen , Menglin Zheng , Minnan Wei , Xiaolin Ju

Code obfuscation is widely adopted in modern software development to protect intellectual property and hinder reverse engineering, but it also provides attackers with a powerful means to conceal malicious logic inside otherwise legitimate…

Cryptography and Security · Computer Science 2026-04-02 Francesco Pagano , Lorenzo Pisu , Leonardo Regano , Davide Maiorca , Alessio Merlo , Giorgio Giacinto

Static analysis remains one of the most popular approaches for detecting and correcting poor or vulnerable program code. It involves the examination of code listings, test results, or other documentation to identify errors, violations of…

Artificial Intelligence · Computer Science 2021-08-27 Fitzroy D. Nembhard , Marco M. Carvalho

The rapid adoption of blockchain technology highlighted the importance of ensuring the security of smart contracts due to their critical role in automated business logic execution on blockchain platforms. This paper provides an empirical…

Software Engineering · Computer Science 2026-05-19 Francesco Salzano , Cosmo Kevin Antenucci , Simone Scalabrino , Giovanni Rosa , Rocco Oliveto , Remo Pareschi

Static analyzers are tool sets which are proving to be indispensable to modern programmers. These enable the programmers to detect possible errors and security defects present in the current code base within the implementation phase of the…

Software Engineering · Computer Science 2019-05-14 Eljose E Sajan , Yunpeng Zhang , Liang-Chieh Cheng

Though many deep learning (DL)-based vulnerability detection approaches have been proposed and indeed achieved remarkable performance, they still have limitations in the generalization as well as the practical usage. More precisely,…

Software Engineering · Computer Science 2023-08-23 Chao Ni , Xin Yin , Kaiwen Yang , Dehai Zhao , Zhenchang Xing , Xin Xia

Knowledge-based systems reason over some knowledge base. Hence, an important issue for such systems is how to acquire the knowledge needed for their inference. This paper assesses active learning methods for acquiring knowledge for "static…

Software Engineering · Computer Science 2020-10-23 Xueqi Yang , Zhe Yu , Junjie Wang , Tim Menzies

Web services are becoming business-critical components, often deployed with critical software bugs that can be maliciously explored. Web vulnerability scanners allow the detection of security vulnerabilities in web services by stressing the…

Cryptography and Security · Computer Science 2022-12-26 Osejobe Ehichoya , Chinwuba Christian Nnaemeka

In this work, we provide a metric to calculate the most significant software security weaknesses as defined by an aggregate metric of the frequency, exploitability, and impact of related vulnerabilities. The Common Weakness Enumeration…

Cryptography and Security · Computer Science 2021-04-13 Carlos Cardoso Galhardo , Peter Mell , Irena Bojanova , Assane Gueye