Spain: security patch analysis for binaries towards understanding the pain and pills
Software vulnerability is one of the major threats to software security. Once discovered,
vulnerabilities are often fixed by applying security patches. In that sense, security patches …
vulnerabilities are often fixed by applying security patches. In that sense, security patches …
GraphSPD: Graph-based security patch detection with enriched code semantics
With the increasing popularity of open-source software, embedded vulnerabilities have been
widely propagating to downstream software. Due to different maintenance policies, software …
widely propagating to downstream software. Due to different maintenance policies, software …
Writing acceptable patches: An empirical study of open source project patches
Software developers submit patches to handle tens or even hundreds of bugs reported daily.
However, not all submitted patches can be directly integrated into the code base, since they …
However, not all submitted patches can be directly integrated into the code base, since they …
Patchdb: A large-scale security patch dataset
Security patches, embedding both vulnerable code and the corresponding fixes, are of great
significance to vulnerability detection and software maintenance. However, the existing …
significance to vulnerability detection and software maintenance. However, the existing …
Would static analysis tools help developers with code reviews?
S Panichella, V Arnaoudova… - 2015 IEEE 22nd …, 2015 - ieeexplore.ieee.org
Code reviews have been conducted since decades in software projects, with the aim of
improving code quality from many different points of view. During code reviews, developers …
improving code quality from many different points of view. During code reviews, developers …
Sok:(state of) the art of war: Offensive techniques in binary analysis
Finding and exploiting vulnerabilities in binary code is a challenging task. The lack of high-
level, semantically rich information about data structures and control constructs makes the …
level, semantically rich information about data structures and control constructs makes the …
AutoPaG: towards automated software patch generation with source code root cause identification and repair
Software patch generation is a critical phase in the life-cycle of a software vulnerability. The
longer it takes to generate a patch, the higher the risk a vulnerable system needs to take to …
longer it takes to generate a patch, the higher the risk a vulnerable system needs to take to …
What developers want and need from program analysis: an empirical study
M Christakis, C Bird - Proceedings of the 31st IEEE/ACM international …, 2016 - dl.acm.org
Program Analysis has been a rich and fruitful field of research for many decades, and
countless high quality program analysis tools have been produced by academia. Though …
countless high quality program analysis tools have been produced by academia. Though …
Spi: Automated identification of security patches via commits
Security patches in open source software, providing security fixes to identified
vulnerabilities, are crucial in protecting against cyber attacks. Security advisories and …
vulnerabilities, are crucial in protecting against cyber attacks. Security advisories and …
Spider: Enabling fast patch propagation in related software repositories
Despite the effort of software maintainers, patches to open-source repositories are
propagated from the main codebase to all the related projects (eg, forks) with a significant …
propagated from the main codebase to all the related projects (eg, forks) with a significant …