S Lipp, S Banescu, A Pretschner - Proceedings of the 31st ACM …, 2022 - dl.acm.org
Static code analysis is often used to scan source code for security vulnerabilities. Given the wide range of existing solutions implementing different analysis techniques, it is very …
F Yamaguchi, N Golde, D Arp… - 2014 IEEE symposium on …, 2014 - ieeexplore.ieee.org
The vast majority of security breaches encountered today are a direct result of insecure code. Consequently, the protection of computer systems critically depends on the rigorous …
Work on automating vulnerability discovery has long been hampered by a shortage of ground-truth corpora with which to evaluate tools and techniques. This lack of ground truth …
The identification of security-critical vulnerabilities is a key for protecting computer systems. Being able to perform this process at the binary level is very important given that many …
With embedded devices becoming more pervasive and entrenched in society, it is paramount to keep these systems secure. A threat plaguing these systems consists of …
Dowser is a 'guided'fuzzer that combines taint tracking, program analysis and symbolic execution to find buffer overflow and underflow vulnerabilities buried deep in a program's …
Identifying potentially vulnerable locations in a code base is critical as a pre-step for effective vulnerability assessment; ie, it can greatly help security experts put their time and effort to …
Static analysis tools for software defect detection are becoming widely used in practice. However, there is little public information regarding the experimental evaluation of the …
Static analysis tools can help prevent security incidents, but to do so, they must enable developers to resolve the defects they detect. Unfortunately, developers often struggle to …