ACM SIGPLAN Notices
Hipikat: A Project Memory for Software Development
IEEE Transactions on Software Engineering
Automatic Mining of Source Code Repositories to Improve Bug Finding Techniques
IEEE Transactions on Software Engineering
DynaMine: finding common error patterns by mining software revision histories
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
The Top Ten List: Dynamic Fault Prediction
ICSM '05 Proceedings of the 21st IEEE International Conference on Software Maintenance
Software Defect Association Mining and Defect Correction Effort Prediction
IEEE Transactions on Software Engineering
CP-Miner: Finding Copy-Paste and Related Bugs in Large-Scale Software Code
IEEE Transactions on Software Engineering
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Data Mining Static Code Attributes to Learn Defect Predictors
IEEE Transactions on Software Engineering
Tracking Code Clones in Evolving Software
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Predicting Faults from Cached History
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Mining API patterns as partial orders from source code: from usage scenarios to specifications
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Detecting object usage anomalies
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Context-based detection of clone-related bugs
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Proceedings of the 30th international conference on Software engineering
Discovering Neglected Conditions in Software by Mining Dependence Graphs
IEEE Transactions on Software Engineering
Prioritizing software security fortification throughcode-level metrics
Proceedings of the 4th ACM workshop on Quality of protection
Automated Support for Propagating Bug Fixes
ISSRE '08 Proceedings of the 2008 19th International Symposium on Software Reliability Engineering
Accurate and Efficient Structural Characteristic Feature Extraction for Clone Detection
FASE '09 Proceedings of the 12th International Conference on Fundamental Approaches to Software Engineering: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Mining exception-handling rules as sequence association rules
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Graph-based mining of multiple object usage patterns
Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Recurring bug fixes in object-oriented programs
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Detecting recurring and similar software vulnerabilities
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
The beauty and the beast: vulnerabilities in red hat’s packages
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
Operation-based, fine-grained version control model for tree-based representation
FASE'10 Proceedings of the 13th international conference on Fundamental Approaches to Software Engineering
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
CBCD: cloned buggy code detector
Proceedings of the 34th International Conference on Software Engineering
Hi-index | 0.00 |
Software security vulnerabilities are discovered on an almost daily basis and have caused substantial damage. Aiming at supporting early detection and resolution for them, we have conducted an empirical study on thousands of vulnerabilities and found that many of them are recurring due to software reuse. Based on the knowledge gained from the study, we developed SecureSync, an automatic tool to detect recurring software vulnerabilities on the systems that reuse source code or libraries. The core of SecureSync includes two techniques to represent and compute the similarity of vulnerable code across different systems. The evaluation for 60 vulnerabilities on 176 releases of 119 open-source software systems shows that SecureSync is able to detect recurring vulnerabilities with high accuracy and to identify 90 releases having potentially vulnerable code that are not reported or fixed yet, even in mature systems. A couple of cases were actually confirmed by their developers.