Systematic mapping study on domain-specific language development tools
Abstract Domain-specific languages (DSL) are programming or modeling languages
devoted to a given application domain. There are many tools used to support the …
devoted to a given application domain. There are many tools used to support the …
Do users write more insecure code with AI assistants?
AI code assistants have emerged as powerful tools that can aid in the software development
life-cycle and can improve developer productivity. Unfortunately, such assistants have also …
life-cycle and can improve developer productivity. Unfortunately, such assistants have also …
Automatic detection of Java cryptographic API misuses: Are we there yet?
The Java platform provides various cryptographic APIs to facilitate secure coding. However,
correctly using these APIs is challenging for developers who lack cybersecurity training …
correctly using these APIs is challenging for developers who lack cybersecurity training …
The seven sins: Security smells in infrastructure as code scripts
Practitioners use infrastructure as code (IaC) scripts to provision servers and development
environments. While developing IaC scripts, practitioners may inadvertently introduce …
environments. While developing IaC scripts, practitioners may inadvertently introduce …
Your firmware has arrived: A study of firmware update vulnerabilities
Embedded devices are increasingly ubiquitous in our society. Firmware updates are one of
the primary mechanisms to mitigate vulnerabilities in embedded systems. However, the …
the primary mechanisms to mitigate vulnerabilities in embedded systems. However, the …
“They're not that hard to mitigate”: What cryptographic library developers think about timing attacks
Timing attacks are among the most devastating side-channel attacks, allowing remote
attackers to retrieve secret material, including cryptographic keys, with relative ease. In …
attackers to retrieve secret material, including cryptographic keys, with relative ease. In …
Cryptoguard: High precision detection of cryptographic vulnerabilities in massive-sized java projects
Cryptographic API misuses, such as exposed secrets, predictable random numbers, and
vulnerable certificate verification, seriously threaten software security. The vision of …
vulnerable certificate verification, seriously threaten software security. The vision of …
An observational investigation of reverse {Engineers'} processes
Reverse engineering is a complex process essential to software-security tasks such as
vulnerability discovery and malware analysis. Significant research and engineering effort …
vulnerability discovery and malware analysis. Significant research and engineering effort …
Context-, flow-, and field-sensitive data-flow analysis using synchronized pushdown systems
Precise static analyses are context-, field-and flow-sensitive. Context-and field-sensitivity are
both expressible as context-free language (CFL) reachability problems. Solving both CFL …
both expressible as context-free language (CFL) reachability problems. Solving both CFL …
Understanding security mistakes developers make: Qualitative analysis from build it, break it, fix it
Secure software development is a challenging task requiring consideration of many possible
threats and mitigations. This paper investigates how and why programmers, despite a …
threats and mitigations. This paper investigates how and why programmers, despite a …