English
Related papers

Related papers: Reading Between the Code Lines: On the Use of Self…

200 papers

Modern enterprises increasingly adopt diverse technology stacks with various programming languages, posing significant challenges for static application security testing (SAST). Existing taint analysis tools are predominantly designed for…

Software Engineering · Computer Science 2026-04-03 Yayi Wang , Shenao Wang , Jian Zhao , Shaosen Shi , Ting Li , Yan Cheng , Lizhong Bian , Kan Yu , Yanjie Zhao , Haoyu Wang

Software security vulnerabilities can lead to severe consequences, making early detection essential. Although code review serves as a critical defense mechanism against security flaws, relevant feedback remains scarce due to limited…

Software Engineering · Computer Science 2026-01-06 Zixiao Zhao , Yanjie Jiang , Hui Liu , Kui Liu , Lu Zhang

Software is prone to security vulnerabilities. Program analysis tools to detect them have limited effectiveness in practice due to their reliance on human labeled specifications. Large language models (or LLMs) have shown impressive code…

Cryptography and Security · Computer Science 2025-04-08 Ziyang Li , Saikat Dutta , Mayur Naik

Developers rely on online tutorials to learn web application security, but tutorial quality varies. We reviewed 132 free security tutorials to examine topic coverage, authorship, and technical depth. Our analysis shows that most tutorials…

Cryptography and Security · Computer Science 2026-03-24 Bhagya Chembakottu , Martin P. Robillard

Despite their ability to aid developers in detecting potential defects early in the software development life cycle, static analysis tools often suffer from precision issues (i.e., high false positive rates of reported alarms). To improve…

Software Engineering · Computer Science 2024-01-22 Yuwei Zhang , Ying Xing , Ge Li , Zhi Jin

Trusted Execution Environments (TEEs) provide hardware-enforced isolation that protects sensitive code and data from untrusted software. Despite their strong security guarantees, analyzing TEE applications remains challenging due to the…

Software Engineering · Computer Science 2026-05-22 Chengyan Ma , Jieke Shi , Ruidong Han , Ye Liu , Yuqing Niu , David Lo

To meet project timelines or budget constraints, developers intentionally deviate from writing optimal code to feasible code in what is known as incurring Technical Debt (TD). Furthermore, as part of planning their correction, developers…

Software Engineering · Computer Science 2022-03-14 Anthony Peruma , Eman Abdullah AlOmar , Christian D. Newman , Mohamed Wiem Mkaouer , Ali Ouni

The automation of code review has been tackled by several researchers with the goal of reducing its cost. The adoption of deep learning in software engineering pushed the automation to new boundaries, with techniques imitating developers in…

Software Engineering · Computer Science 2024-01-11 Rosalia Tufano , Ozren Dabić , Antonio Mastropaolo , Matteo Ciniselli , Gabriele Bavota

Software built on poor structural patterns often shows higher exposure to security defects. When code differs from established best practices, verification and maintenance become increasingly difficult, thereby raising the risk of…

Cryptography and Security · Computer Science 2026-01-26 Masoud Jamshidiyan Tehrani

Despite their remarkable success, large language models (LLMs) have shown limited ability on safety-critical code tasks such as vulnerability detection. Typically, static analysis (SA) tools, like CodeQL, CodeGuru Security, etc., are used…

Cryptography and Security · Computer Science 2025-09-15 Ira Ceka , Feitong Qiao , Anik Dey , Aastha Valecha , Gail Kaiser , Baishakhi Ray

Context: Today's safety critical systems are increasingly reliant on software. Software becomes responsible for most of the critical functions of systems. Many different safety analysis techniques have been developed to identify hazards of…

Software Engineering · Computer Science 2016-12-02 Asim Abdulkhaleq , Stefan Wagner

Automatic Program translation has enormous application value and hence has been attracting significant interest from AI researchers. However, we observe that current program translation models still make elementary syntax errors,…

Software Engineering · Computer Science 2023-10-24 Mengnan Qi , Yufan Huang , Maoquan Wang , Yongqiang Yao , Zihan Liu , Bin Gu , Colin Clement , Neel Sundaresan

Testing is a relevant activity for the development life-cycle of Safety Critical Embedded systems. In particular, much effort is spent for analysis and classification of test logs from SCADA subsystems, especially when failures occur. The…

Software Engineering · Computer Science 2014-05-14 Alessio Venticinque , Nicola Mazzocca , Salvatore Venticinque , Massimo Ficco

With the rapid advancements in Natural Language Processing (NLP), large language models (LLMs) like GPT-4 have gained significant traction in diverse applications, including security vulnerability scanning. This paper investigates the…

Cryptography and Security · Computer Science 2025-06-19 Madjid G. Tehrani , Eldar Sultanow , William J. Buchanan , Mahkame Houmani , Christel H. Djaha Fodja

Security issues in shipped code can lead to unforeseen device malfunction, system crashes or malicious exploitation by crackers, post-deployment. These vulnerabilities incur a cost of repair and foremost risk the credibility of the company.…

Artificial Intelligence · Computer Science 2021-04-20 Anshul Tanwar , Hariharan Manikandan , Krishna Sundaresan , Prasanna Ganesan , Sathish Kumar Chandrasekaran , Sriram Ravi

Security Application Programming Interfaces (APIs) are crucial for ensuring software security. However, their misuse introduces vulnerabilities, potentially leading to severe data breaches and substantial financial loss. Complex API design,…

Cryptography and Security · Computer Science 2025-05-15 Zahra Mousavi , Chadni Islam , M. Ali Babar , Alsharif Abuadbba , Kristen Moore

Code analysis is fundamental in Software Engineering, supporting debugging, optimization, and security assessment. Human developers approach it through syntax parsing, static semantics inference, and dynamic reasoning. Traditional tools are…

Software Engineering · Computer Science 2026-05-22 Wei Ma , Zhihao Lin , Shangqing Liu , Qiang Hu , Ye Liu , Wenhan Wang , Cen Zhang , Liming Nie , Li Li , Yang Liu , Lingxiao Jiang

Reducing cost and time required to build high quality software is a major goal for software developers. Building tools and techniques that can help achieve such a goal is the chief aim for Automated Software Engineering (ASE) researchers.…

Software Engineering · Computer Science 2018-03-28 Shipra Sharma , Balwinder Sodhi

Context: Security Vulnerabilities (SVs) pose many serious threats to software systems. Developers usually seek solutions to addressing these SVs on developer Question and Answer (Q&A) websites. However, there is still little known about…

Software Engineering · Computer Science 2021-09-10 Triet H. M. Le , Roland Croft , David Hin , M. Ali Babar

Static Application Security Testing (SAST) tools are integral to modern software development, yet their adoption is undermined by excessive false positives that weaken developer trust and demand costly manual triage. We present ZeroFalse, a…