Static code analysis is often used to scan source code for security vulnerabilities. Given the
wide range of existing solutions implementing different analysis techniques, it is very …

Background: Static Application Security Testing (SAST) tools purport to assist developers in
detecting security issues in source code. These tools typically use rule-based approaches to …

Static application security testing (SAST) takes a significant role in the software development
life cycle (SDLC). However, it is challenging to comprehensively evaluate the effectiveness …

It is claimed that integrating agile and security in practice is challenging. There is the notion
that security is a heavy process, requires expertise, and consumes developers' time. These …

Security vulnerability fixes could be a promising research avenue for Automated Program
Repair (APR) techniques. In recent years, APR tools have been thoroughly developed for …

We address the absence of reliable tests on contract analyzers of smart contracts and
present a systematic method to diversify test cases by combining smart-contract-specific …

Understanding the cause, consequences, and severity of a security bug are critical facets of
the overall bug triaging and remediation process. Unfortunately, diagnosing failures is often …

Developing secure software systems is a major challenge in the software industry due to
errors or weaknesses that bring vulnerabilities to the software system. To address this …

In the past years, the CWE-190 integer overflow led to many vulnerabilities. Program
verification techniques such as Abstract Interpretation can show that no such bug is present …

Modern reduced instruction set computer processors are based on a load/store architecture,
where all computations are performed on register operands. Compilers therefore allocate …