A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is
Cho et al.  use a combination of symbolic and concrete execution to build an abstract model of the analyzed application and find vulnerabilities in several open-source projects. ... In theory, security audits should find and remove the vulnerabilities before the code ever gets deployed. ... In order to support code reviewers in finding vulnerabilities, tools and methodologies that flag potentially dangerous code are used to narrow down the search. ...doi:10.1145/2810103.2813604 dblp:conf/ccs/PerlD0AYRFA15 fatcat:g2rz32rz3nayjk6jkafhompcuu
In this work we conduct a large-scale empirical study of security patches, investigating more than 4,000 bug fixes for over 3,000 vulnerabilities that affected a diverse set of 682 open-source software ... Among our findings we identify that: security patches have a lower footprint in code bases than non-security bug patches; a third of all security issues were introduced more than 3 years prior to remediation ... The opinions expressed in this paper do not necessarily reflect those of the research sponsors. ...doi:10.1145/3133956.3134072 dblp:conf/ccs/LiP17 fatcat:4bhj2vfafze3rnx22siqhbw2jq
In practice, patching is prioritized following the nature of the code change that is committed in the code repository. ... In this paper, we propose a Co-Training-based approach to catch security patches as part of an automatic monitoring service of code repositories. ... The study further reports that 25% of open source software projects completely silently fix vulnerabilities without disclosing them to any official repository. ...arXiv:2001.09148v1 fatcat:5lkslbrzhjdgpibbsio2mnlulu
In this report, we describe the review protocol that will guide the systematic review of the literature in metrics-based discovery of vulnerabilities. ... The protocol have been developed in adherence with the guidelines for performing Systematic Literature Reviews in Software Engineering prescribed by Kitchenham and Charters. ... in Open-Source Projects to Assist Code Audits  QGS14 To Fear or Not to Fear That is the Question: Code Characteristics of a Vulnerable Function with an Existing Exploit  Table 3 : 3 Data ...arXiv:1902.03331v1 fatcat:6mdoslrpynebhlpft6k3dsmgai