[HTML][HTML] Just-in-time software vulnerability detection: Are we there yet?

F Lomio, E Iannone, A De Lucia, F Palomba… - Journal of Systems and …, 2022 - Elsevier
Background: Software vulnerabilities are weaknesses in source code that might be exploited
to cause harm or loss. Previous work has proposed a number of automated machine …

Asleep at the keyboard? assessing the security of github copilot's code contributions

H Pearce, B Ahmad, B Tan… - … IEEE Symposium on …, 2022 - ieeexplore.ieee.org
There is burgeoning interest in designing AI-based systems to assist humans in designing
computing systems, including tools that automatically generate computer code. The most …

Examining zero-shot vulnerability repair with large language models

H Pearce, B Tan, B Ahmad, R Karri… - … IEEE Symposium on …, 2023 - ieeexplore.ieee.org
Human developers can produce code with cybersecurity bugs. Can emerging 'smart'code
completion tools help repair those bugs? In this work, we examine the use of large language …

Space odyssey: An experimental software security analysis of satellites

J Willbold, M Schloegel, M Vögele… - … IEEE Symposium on …, 2023 - ieeexplore.ieee.org
Satellites are an essential aspect of our modern society and have contributed significantly to
the way we live today, most notable through modern telecommunications, global positioning …

MiniTracker: Large-Scale Sensitive Information Tracking in Mini Apps

W Li, B Yang, H Ye, L Xiang, Q Tao… - … on Dependable and …, 2023 - ieeexplore.ieee.org
Running on host mobile applications, mini apps have gained increasing popularity these
days for its convenience in installation and usage. However, being easy to use allows mini …

[HTML][HTML] Devaic: A tool for security assessment of ai-generated code

D Cotroneo, R De Luca, P Liguori - Information and Software Technology, 2025 - Elsevier
Context: AI code generators are revolutionizing code writing and software development, but
their training on large datasets, including potentially untrusted source code, raises security …

Using Semgrep OSS to Find OWASP Top 10 Weaknesses in PHP Applications: A Case Study

L Kree, R Helmke, E Winter - … Conference on Detection of Intrusions and …, 2024 - Springer
Given PHP's continuous success, it remains an important task to ensure security in its
applications. While code reviews are a common measure to catch bugs during development …

Adopting Trusted Types in ProductionWeb Frameworks to Prevent DOM-Based Cross-Site Scripting: A Case Study

P Wang, BÁ Guðmundsson… - 2021 IEEE European …, 2021 - ieeexplore.ieee.org
Cross-site scripting (XSS) is a common security vulnerability found in web applications.
DOM-based XSS, one of the variants, is becoming particularly more prevalent with the boom …

A socio-technical perspective on software vulnerabilities: A causal analysis

C Paradis, R Kazman, M Konrad - Information and Software Technology, 2024 - Elsevier
Context: Software development organizations are composed of people working together
towards a common goal. These people are connected in networks. The effectiveness of …

A Mixed-Methods Study of Open-Source Software Maintainers On Vulnerability Management and Platform Security Features

J Ayala, YJ Tung, J Garcia - arXiv preprint arXiv:2409.07669, 2024 - arxiv.org
In open-source software (OSS), software vulnerabilities have significantly increased.
Although researchers have investigated the perspectives of vulnerability reporters and OSS …