The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
We present a new automated method for efficient detection of security vulnerabilities in binary programs. This method starts with a bounded symbolic execution of the target program so as to explore as many paths as possible. Constraints of the explored paths are collected and solved for inputs. The inputs will then be fed to the following interleaved coverage-based fuzzing and concolic execution....
As continuous delivery and continuous integration practices become more prevalent in industry, the need for education in these areas grows. Introducing these topics introduces complexities due to the learning curve of the involved tools and the amount of time available for teaching these topics. Furthermore, there has been limited research into effective teaching practices for incorporating continuous...
Background: While bug bounty programs are not new in software development, an increasing number of companies, as well as open source projects, rely on external parties to perform the security assessment of their software for reward. However, there is relatively little empirical knowledge about the characteristics of bug bounty program contributors. Aim: This paper aims to understand those contributors...
Context: Software engineering repositories contain a wealth of textual information such as source code comments, developers' discussions, commit messages and bug reports. These free form text descriptions can contain both direct and implicit references to security concerns. Goal: Derive an approach to extract security concerns from textual information that can yield several benefits, such as bug management...
Background: Merge conflicts are a common occurrence in software development. Researchers have shown the negative impact of conflicts on the resulting code quality and the development workflow. Thus far, no one has investigated the effect of bad design (code smells) on merge conflicts. Aims: We posit that entities that exhibit certain types of code smells are more likely to be involved in a merge conflict...
Currently, open source projects receive various kinds of issues daily, because of the extreme openness of Issue Tracking System (ITS) in GitHub. ITS is a labor-intensive and time-consuming task of issue categorization for project managers. However, a contributor is only required a short textual abstract to report an issue in GitHub. Thus, most traditional classification approaches based on detailed...
[Background]: There are more bugs in real-world programs than human programmers can realistically address. Several approaches have been proposed to aid debugging. A recent research direction that has been increasingly gaining interest to address the reduction of costs associated with defect repair is automatic program repair. Recent work has shown that some kind of bugs are more suitable for automatic...
Measuring quality of test suites is one of the major challenges of software testing. Code coverage identifies tested and untested parts of code and is frequently used to approximate test suite quality. Multiple previous studies have investigated the relationship between coverage ratio and test suite quality, without a clear consent in the results. In this work we study whether covered code contains...
While some prior research work exists on characteristics of software faults (i.e., bugs) and failures, very little work has been published on analysis of software applications vulnerabilities. This paper aims to contribute towards filling that gap by presenting an empirical investigation of application vulnerabilities. The results are based on data extracted from issue tracking systems of two NASA...
The decisional capability of robotic systems has expended significantly in recent years. Their validation typically implies expensive and laborious test campaigns in the field. Part of the validation could use simulation means, but there is currently no systematic method to test robots in virtual worlds. This work aims to provide such a method. We discuss the challenges regarding the definition of...
Software rejuvenation is a simple but powerful method for improving the availability of computer systems. Software rejuvenation refreshes the running states of an application by restarting it. This method faces a challenge to apply it to a new type of applications, in-memory databases (DBs). Compared to stateless applications such as web servers, rejuvenating in-memory DBs is significantly expensive...
Understanding the types of defects is of practical interest, which could help developers adopt proper measures in current and future software releases. As the amount of bug reports increasing, manual classification brings a heavy burden to developers. In this paper, we propose a word2vec based framework of multi-granularity automatic classification for bug reports based on fault triggers. Except classifying...
Software change histories are results of incremental updates made by developers. As a side-effect of the software development process, version history is a surprisingly useful source of information for understanding, maintaining and reusing software. However, traditional commit-based sequential organization of version histories lacks semantic structure and thus are insufficient for many development...
Monitoring the results of software reliability growth models (SRGMs) helps evaluate project's situations. SRGMs are used to measure the reliability of software by analyzing the relations between the number of detected bugs and the detected time to predict the number of remaining bugs within the software. For example, development managers apply a SRGM to the number of detected bugs and the detected...
Version control systems (VCSs) have almost become the de facto standard for the management of open-source projects and the development of their source code. In VCSs, source code which can potentially be vulnerable is introduced to a system through what are so called commits. Vulnerable commits force the system into an insecure state. The farreaching impact of vulnerabilities attests to the importance...
Program understanding plays a pivotal role in software maintenance and evolution: a deep understanding of code is the stepping stone for most software-related activities, such as bug fixing or testing. Being able to measure the understandability of a piece of code might help in estimating the effort required for a maintenance activity, in comparing the quality of alternative implementations, or even...
Deadlocks are critical problems afflicting parallel applications, causing software to hang with no further progress. Existing detection tools suffer not only from significant recording performance overhead, but also from excessive memory and/or storage overhead. In addition, they may generate numerous false alarms. Subsequently, after problems have been reported, tremendous manual effort is required...
Mobile app testing is challenging since each test needs to be executed in a variety of operating contexts including heterogeneous devices, various wireless networks and different locations. Crowdsourcing enables a mobile app test to be distributed as a crowdsourced task to leverage crowd workers to accomplish the test. However, high test quality and expected test context coverage are difficult to...
Software Reliability Classes (SRCs) have been developed in order to compare the field reliability performance of a sequence of software releases for a cluster of similar hardware products. A specific cluster is characterized by the type of market the hardware supports, and the software releases for the cluster have similar functionality, complexity, size, and customer expectations. SRCs are a normalized...
This work presents a demonstrator for safety-critical applications based on a low-cost FPGA platform. The main goal of the demonstrator is to show the features and benefits of a fault-injection tool for FPGAs called FIJI (Fault Injection Instrumenter) that was developed by the authors of this paper. Besides, the demonstrator should illustrate typical sources of hardware/software faults as well as...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.