English
Related papers

Related papers: Analysis of Commit Signing on Github

200 papers

GitHub is one of the most widely used public code development platform. However, the code hosted publicly on the platform is vulnerable to commit spoofing that allows an adversary to introduce malicious code or commits into the repository…

Software Engineering · Computer Science 2025-04-29 Anupam Sharma , Sreyashi Karmakar , Gayatri Priyadarsini Kancherla , Abhishek Bichhawat

Quantum computing is rapidly advancing, but quantum software development faces significant challenges, including a steep learning curve, high hardware error rates, and a lack of mature engineering practices. This study conducts a…

Software Engineering · Computer Science 2025-10-02 Krishna Upadhyay , Vinaik Chhetri , A. B. Siddique , Umar Farooq

Identity-based software signing tools aim to make software artifact provenance verifiable while reducing the operational burden of long-lived key management. However, there is limited cross-tool longitudinal evidence about which usability…

Software Engineering · Computer Science 2026-03-19 Kelechi G. Kalu , Hieu Tran , Santiago Torres-Arias , Sooyeon Jeong , James C. Davis

The availability of open-source projects facilitates developers to contribute and collaborate on a wide range of projects. As a result, the developer community contributing to such open-source projects is also increasing. Many of the…

Software Engineering · Computer Science 2021-03-02 Akhila Sri Manasa Venigalla , Sridhar Chimalakonda

In open-source projects, anyone can contribute, so it is important to have an active continuous integration and continuous delivery (CI/CD) pipeline in addition to a protocol for reporting security concerns, especially in projects that are…

Software Engineering · Computer Science 2023-10-16 Jessy Ayala , Joshua Garcia

Security issue reports are the primary means of informing development teams of security risks in projects, but little is known about current practices. We aim to understand the characteristics of these reports in open-source projects and…

Cryptography and Security · Computer Science 2021-12-21 Noah Bühlmann , Mohammad Ghafari

Continuous integration is a software engineering practice of frequently merging all developer working copies with a shared main branch, e.g., several times a day. With the advent of GitHub, a platform well known for its "social coding"…

Software Engineering · Computer Science 2015-12-08 Bogdan Vasilescu , Stef van Schuylenburg , Jules Wulms , Alexander Serebrenik , Mark G. J. van den Brand

While many forms of financial support are currently available, there are still many complaints about inadequate financing from software maintainers. In May 2019, GitHub, the world's most active social coding platform, launched the Sponsor…

Human-Computer Interaction · Computer Science 2021-11-29 Xunhui Zhang , Tao Wang , Yue Yu , Qiubing Zeng , Zhixing Li , Huaimin Wang

In 2017, GitHub was the first online open source platform to show security alerts to its users. It has since introduced further security interventions to help developers improve the security of their open source software. In this study, we…

Cryptography and Security · Computer Science 2023-09-27 Felix Fischer , Jonas Höbenreich , Jens Grossklags

GitHub commits, which record the code changes with natural language messages for description, play a critical role for software developers to comprehend the software evolution. To promote the development of the open-source software…

Software Engineering · Computer Science 2023-01-24 Shangqing Liu , Yanzhou Li , Xiaofei Xie , Yang Liu

In the first half of 2025, coding agents have emerged as a category of development tools that have very quickly transitioned to the practice. Unlike ''traditional'' code completion LLMs such as Copilot, agents like Cursor, Claude Code, or…

Software Engineering · Computer Science 2026-04-09 Romain Robbes , Théo Matricon , Thomas Degueule , Andre Hora , Stefano Zacchiroli

The demand for quick and reliable DevOps operations pushed distributors of repository platforms to implement workflows. Workflows allow automating code management operations directly on the repository hosting the software. However, this…

Cryptography and Security · Computer Science 2022-11-11 Giacomo Benedetti , Luca Verderame , Alessio Merlo

Version control systems for source code, such as Git, are key tools in modern software development environments. Many developers use online services, such as GitHub or GitLab, for collaborative software development. While software projects…

Cryptography and Security · Computer Science 2022-11-15 Alexander Krause , Jan H. Klemmer , Nicolas Huaman , Dominik Wermke , Yasemin Acar , Sascha Fahl

Blockchain is a distributed ledger technique that guarantees the traceability of transactions. Blockchain is adopted in multiple domains like finance (e.g., cryptocurrency), healthcare, security, and supply chain. In the open-source…

Cryptography and Security · Computer Science 2022-05-18 Ajoy Das , Gias Uddin , Guenther Ruhe

Besides a git-based version control system, GitHub integrates several social coding features. Particularly, GitHub users can star a repository, presumably to manifest interest or satisfaction with an open source project. However, the real…

Software Engineering · Computer Science 2019-03-20 Hudson Borges , Marco Tulio Valente

Developer contribution guidelines are used in social coding sites like GitHub to explain and shape the process a project expects contributors to follow. They set standards for all participants and "save time and hassle caused by improperly…

Software Engineering · Computer Science 2019-08-08 Omar Elazhary , Margaret-Anne Storey , Neil Ernst , Andy Zaidman

Many researchers assume that, for software analytics, "more data is better." We write to show that, at least for learning defect predictors, this may not be true. To demonstrate this, we analyzed hundreds of popular GitHub projects. These…

Software Engineering · Computer Science 2021-02-10 N. C. Shrikanth , Suvodeep Majumder , Tim Menzies

Many software products are composed of components integrated from other teams or external parties. Each additional link in a software product's supply chain increases the risk of the injection of malicious behavior. To improve supply chain…

Software Engineering · Computer Science 2025-03-31 Kelechi G. Kalu , Tanya Singla , Chinenye Okafor , Santiago Torres-Arias , James C. Davis

In this paper, we investigate the strategies adopted by Solidity developers to fix security vulnerabilities in smart contracts. Vulnerabilities are categorized using the DASP TOP 10 taxonomy, and fixing strategies are extracted from GitHub…

A fundamental unit of work in programming is the code contribution ("commit") that a developer makes to the code base of the project in work. An author's commit frequency describes how often that author commits. Knowing the distribution of…

Software Engineering · Computer Science 2014-08-22 Carsten Kolassa , Dirk Riehle , Michel A. Salim
‹ Prev 1 2 3 10 Next ›