Llmseceval: A dataset of natural language prompts for security evaluations
C Tony, M Mutas, NED Ferreyra… - 2023 IEEE/ACM 20th …, 2023 - ieeexplore.ieee.org
Large Language Models (LLMs) like Codex are powerful tools for performing code
completion and code generation tasks as they are trained on billions of lines of code from …
completion and code generation tasks as they are trained on billions of lines of code from …
Cryptogo: Automatic detection of go cryptographic api misuses
Cryptographic algorithms act as essential ingredients of all secure systems. However, the
expected security guarantee from cryptographic algorithms often falls short in practice due to …
expected security guarantee from cryptographic algorithms often falls short in practice due to …
Security risks of porting c programs to WebAssembly
WebAssembly is a compilation target for cross-platform applications that is increasingly
being used. In this paper, we investigate whether one can transparently cross-compile C …
being used. In this paper, we investigate whether one can transparently cross-compile C …
Python crypto misuses in the wild
AK Wickert, L Baumgärtner, F Breitfelder… - Proceedings of the 15th …, 2021 - dl.acm.org
Background: Previous studies have shown that up to 99.59% of the Java apps using crypto
APIs misuse the API at least once. However, these studies have been conducted on Java …
APIs misuse the API at least once. However, these studies have been conducted on Java …
LLM security guard for code
A Kavian, MM Pourhashem Kallehbasti… - Proceedings of the 28th …, 2024 - dl.acm.org
Many developers rely on Large Language Models (LLMs) to facilitate software development.
Nevertheless, these models have exhibited limited capabilities in the security domain. We …
Nevertheless, these models have exhibited limited capabilities in the security domain. We …
Hurdles for developers in cryptography
M Hazhirpasand, O Nierstrasz… - 2021 IEEE …, 2021 - ieeexplore.ieee.org
Prior research has shown that cryptography is hard to use for developers. We aim to
understand what cryptography issues developers face in practice. We clustered 91 954 …
understand what cryptography issues developers face in practice. We clustered 91 954 …
How do developers deal with security issue reports on github?
N Bühlmann, M Ghafari - Proceedings of the 37th ACM/SIGAPP …, 2022 - dl.acm.org
Security issue reports are the primary means of informing development teams of security
risks in projects, but little is known about current practices. We aim to understand the …
risks in projects, but little is known about current practices. We aim to understand the …
Fluentcrypto: Cryptography in easy mode
S Kafader, M Ghafari - 2021 IEEE International Conference on …, 2021 - ieeexplore.ieee.org
Research has shown that cryptography concepts are hard to understand for developers, and
secure use of cryptography APIs is challenging for mainstream developers. We have …
secure use of cryptography APIs is challenging for mainstream developers. We have …
Gopher: High-Precision and Deep-Dive Detection of Cryptographic API Misuse in the Go Ecosystem
The complexity of cryptographic APIs and developers' expertise gaps often leads to their
improper use, seriously threatening information security. Existing cryptographic API misuse …
improper use, seriously threatening information security. Existing cryptographic API misuse …
Runtime verification of crypto apis: an empirical study
A Torres, P Costa, L Amaral, J Pastro… - IEEE Transactions …, 2023 - ieeexplore.ieee.org
Misuse of cryptographic (crypto) APIs is a noteworthy cause of security vulnerabilities. For
this reason, static analyzers were recently proposed for detecting crypto API misuses. They …
this reason, static analyzers were recently proposed for detecting crypto API misuses. They …