Identifying challenges for oss vulnerability scanners-a study & test suite
The use of vulnerable open-source dependencies is a known problem in today's software
development. Several vulnerability scanners to detect known-vulnerable dependencies …
development. Several vulnerability scanners to detect known-vulnerable dependencies …
Java decompiler diversity and its application to meta-decompilation
During compilation from Java source code to bytecode, some information is irreversibly lost.
In other words, compilation and decompilation of Java code is not symmetric. Consequently …
In other words, compilation and decompilation of Java code is not symmetric. Consequently …
STUBBER: compiling source code into bytecode without dependencies for java code clone detection
A lot of clone detection tools for Java have been introduced in recent years. On the one
hand, many of these tools work on Java source code and can thus be conveniently …
hand, many of these tools work on Java source code and can thus be conveniently …
On the security blind spots of software composition analysis
J Dietrich, S Rasheed, A Jordan, T White - Proceedings of the 2024 …, 2023 - dl.acm.org
Modern software heavily relies on the use of components. Those components are usually
published in central repositories, and managed by build systems via dependencies. Due to …
published in central repositories, and managed by build systems via dependencies. Due to …
Java Bytecode Normalization for Code Similarity Analysis
Analyzing the similarity of two code fragments has many applications, including code clone,
vulnerability and plagiarism detection. Most existing approaches for similarity analysis work …
vulnerability and plagiarism detection. Most existing approaches for similarity analysis work …
Software system comparison with semantic source code embeddings
S Karakatič, A Miloševič, T Heričko - Empirical Software Engineering, 2022 - Springer
This paper presents a novel approach for comparing software systems by calculating the
robust Hausdorff distance between semantic source code embeddings of individual software …
robust Hausdorff distance between semantic source code embeddings of individual software …
A novel code representation for detecting Java code clones using high-level and abstract compiled code representations
FH Quradaa, S Shahzad, R Saeed, MM Sufyan - Plos one, 2024 - journals.plos.org
In software development, it's common to reuse existing source code by copying and pasting,
resulting in the proliferation of numerous code clones—similar or identical code fragments …
resulting in the proliferation of numerous code clones—similar or identical code fragments …
UPCY: Safely Updating Outdated Dependencies
Recent research has shown that developers hesitate to update dependencies and mistrust
automated approaches such as Dependabot, since they are afraid of introducing …
automated approaches such as Dependabot, since they are afraid of introducing …
SootUp: A Redesign of the Soot Static Analysis Framework
Since its inception two decades ago, Soot has become one of the most widely used open-
source static analysis frameworks. Over time it has been extended with the contributions of …
source static analysis frameworks. Over time it has been extended with the contributions of …
IntJect: Vulnerability Intent Bug Seeding
B Petit, A Khanfir, E Soremekun… - 2022 IEEE 22nd …, 2022 - ieeexplore.ieee.org
Studying and exposing software vulnerabilities is important to ensure software security,
safety, and reliability. Software engineers often inject vulnerabilities into their programs to …
safety, and reliability. Software engineers often inject vulnerabilities into their programs to …