English
Related papers

Related papers: Reading Between the Code Lines: On the Use of Self…

200 papers

Mobile application security has been one of the major areas of security research in the last decade. Numerous application analysis tools have been proposed in response to malicious, curious, or vulnerable apps. However, existing tools, and…

Cryptography and Security · Computer Science 2018-06-29 Richard Bonett , Kaushal Kafle , Kevin Moran , Adwait Nadkarni , Denys Poshyvanyk

Self-admitted technical debt (SATD) impairs scientific software (SSW), yet its prioritization, sentiment, persistence, and propagation remains underexplored. Understanding how SSW developers express, and address SATD is crucial for…

Software Engineering · Computer Science 2026-03-18 Eric L. Melin , Nasir U. Eisty , Gregory R. Watson , Addi Malviya-Thakur

Context: Agile development is in widespread use, even in safety-critical domains. Motivation: However, there is a lack of an ap- propriate safety analysis and verification method in agile development. Objective: In this paper, we…

Software Engineering · Computer Science 2018-04-06 Yang Wang , Stefan Wagner

The implementations of most hardened cryptographic libraries use defensive programming techniques for side-channel resistance. These techniques are usually specified as guidelines to developers on specific code patterns to use or avoid.…

Cryptography and Security · Computer Science 2025-09-03 Moritz Schneider , Daniele Lain , Ivan Puddu , Nicolas Dutly , Srdjan Capkun

SAST (Static Application Security Testing) tools are among the most widely used techniques in defensive cybersecurity, employed by commercial and non-commercial organizations to identify potential vulnerabilities in software. Despite their…

Cryptography and Security · Computer Science 2026-01-07 Jake Feiglin , Guy Dar

Static Application Security Testing (SAST) tools are integral to modern DevSecOps pipelines, yet tools like CodeQL, Semgrep, and SonarQube remain fundamentally constrained: they require expert-crafted queries, generate excessive false…

Cryptography and Security · Computer Science 2026-02-11 George Tsigkourakos , Constantinos Patsakis

The rapid advancement of Large Language Models (LLMs) presents new opportunities for automated software vulnerability detection, a crucial task in securing modern codebases. This paper presents a comparative study on the effectiveness of…

Software Engineering · Computer Science 2026-01-05 Md Hasan Saju , Maher Muhtadi , Akramul Azim

Static analysis tools come in many forms andconfigurations, allowing them to handle various tasks in a (secure) development process: code style linting, bug/vulnerability detection, verification, etc., and adapt to the specific requirements…

Log-based insider threat detection (ITD) detects malicious user activities by auditing log entries. Recently, large language models (LLMs) with strong common sense knowledge have emerged in the domain of ITD. Nevertheless, diverse activity…

Cryptography and Security · Computer Science 2024-08-20 Chengyu Song , Linru Ma , Jianming Zheng , Jinzhi Liao , Hongyu Kuang , Lin Yang

Software vulnerabilities (SVs) have emerged as a prevalent and critical concern for safety-critical security systems. This has spurred significant advancements in utilizing AI-based methods, including machine learning and deep learning, for…

Software Engineering · Computer Science 2025-10-07 Van Nguyen , Surya Nepal , Tingmin Wu , Xingliang Yuan , Carsten Rudolph

Turing completeness has made Ethereum smart contracts attractive to blockchain developers and attackers alike. To increase code security, many tools can now spot most known vulnerabilities$-$at the cost of production efficiency. Recent…

Cryptography and Security · Computer Science 2024-10-23 Tommaso Oss , Carlos E. Budde

Static code analysis is a powerful approach to detect quality deficiencies such as performance bottlenecks, safety violations or security vulnerabilities already during a software system's implementation. Yet, as current software systems…

Software Engineering · Computer Science 2017-10-23 Eric Bodden

We introduce SAW, a tool for safety analysis of weakly-hard systems, in which traditional hard timing constraints are relaxed to allow bounded deadline misses for improving design flexibility and runtime resiliency. Safety verification is a…

Systems and Control · Electrical Eng. & Systems 2020-05-15 Chao Huang , Kai-Chieh Chang , Chung-Wei Lin , Qi Zhu

Content composition vulnerabilities remain among the most prevalent and persistent classes of security weakness in deployed software. Prior mitigations, including developer training, static analysis tools, and domain-specific template…

Programming Languages · Computer Science 2026-05-19 Mike Samuel , Tom Palmer , Shaw Summa , Robert Grayson

The growing integration of artificial intelligence (AI) and machine learning (ML) in medical systems requires effective measures to address emerging security risks. One such risk is that of adversaries introducing false data through…

We study 10 C/C++ projects that have been using a static analysis security testing tool. We analyze the historical scan reports generated by the tool and study how frequently memory-related alerts appeared. We also studied the subsequent…

Software Engineering · Computer Science 2021-04-12 Nasif Imtiaz , Laurie Williams

It is imperative to safeguard computer applications and information systems against the growing number of cyber-attacks. Automated software testing tools can be developed to quickly analyze many lines of code and detect vulnerabilities by…

Software Engineering · Computer Science 2025-05-20 João Vitorino , Tiago Dias , Tiago Fonseca , Eva Maia , Isabel Praça

Static Application Security Testing (SAST) enables organizations to detect vulnerabilities in code early; however, major SAST platforms do not include visual aids and present little insight on correlations between tainted data chains. We…

Cryptography and Security · Computer Science 2025-05-23 Naeem Budhwani , Mohammad Faghani , Hayden Richard

The integration of open-source third-party library dependencies in Java development introduces significant security risks when these libraries contain known vulnerabilities. Existing Software Composition Analysis (SCA) tools struggle to…

Software Engineering · Computer Science 2025-07-25 Wang Lingxiang , Quanzhi Fu , Wenjia Song , Gelei Deng , Yi Liu , Dan Williams , Ying Zhang

Context: Static Application Security Testing (SAST) and Runtime Application Security Protection (RASP) are important and complementary techniques used for detecting and enforcing application-level security policies in web applications.…

Programming Languages · Computer Science 2021-07-16 Angel Luis Scull Pupo , Jens Nicolay , Elisa Gonzalez Boix