research
∙
04/11/2023
Journey to the Center of Software Supply Chain Attacks
This work discusses open-source software supply chain attacks and propos...
share
research
∙
08/11/2021
The Used, the Bloated, and the Vulnerable: Reducing the Attack Surface of an Industrial Application
Software reuse may result in software bloat when significant portions of...
research
∙
05/07/2021
Detecting Security Fixes in Open-Source Repositories using Static Code Analyzers
The sources of reliable, code-level information about vulnerabilities th...
research
∙
03/24/2021
Automated Mapping of Vulnerability Advisories onto their Fix Commits in Open Source Repositories
The lack of comprehensive sources of accurate vulnerability data represe...
research
∙
03/04/2021
Secure Software Development in the Era of Fluid Multi-party Open Software and Services
Pushed by market forces, software development has become fast-paced. As ...
research
∙
08/11/2020
Code-based Vulnerability Detection in Node.js Applications: How far are we?
With one of the largest available collection of reusable packages, the J...
research
∙
11/18/2019
Commit2Vec: Learning Distributed Representations of Code Changes
Deep learning methods, which have found successful applications in field...
research
∙
11/18/2019
patch2vec: Distributed Representation of Code Changes
Deep learning methods, which have found successful applications in field...
research
∙
11/15/2019
Exploiting Token and Path-based Representations of Code for Identifying Security-Relevant Commits
Public vulnerability databases such as CVE and NVD account for only 60 s...
research
∙
02/07/2019
A Manually-Curated Dataset of Fixes to Vulnerabilities of Open-Source Software
Advancing our understanding of software vulnerabilities, automating thei...
research
∙
08/29/2018
Vulnerable Open Source Dependencies: Counting Those That Matter
BACKGROUND: Vulnerable dependencies are a known problem in today's open-...
research
∙
07/06/2018
A Practical Approach to the Automatic Classification of Security-Relevant Commits
The lack of reliable sources of detailed information on the vulnerabilit...
research
∙
06/15/2018