The Java platform provides various cryptographic APIs to facilitate secure coding. However,
correctly using these APIs is challenging for developers who lack cybersecurity training …

The demand for automated security analysis techniques, such as static analysis based
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …

The increasing trend of using Large Language Models (LLMs) for code generation raises
the question of their capability to generate trustworthy code. While many researchers are …

This paper conducted a novel study to explore the capabilities of ChatGPT, a state-of-the-art
LLM, in static analysis tasks such as static bug detection and false positive warning removal …

We introduce SkipAnalyzer, the first large language model (LLM)-powered embodied agent
for static code analysis. It can detect bugs, filter false positive warnings, and patch the …

Many developers rely on Large Language Models (LLMs) to facilitate software development.
Nevertheless, these models have exhibited limited capabilities in the security domain. We …

The Java libraries JCA and JSSE offer cryptographic APIs to facilitate secure coding. When
developers misuse some of the APIs, their code becomes vulnerable to cyber-attacks. To …

The correct adoption of cryptography APIs is challenging for mainstream developers, often
resulting in widespread API misuse. Meanwhile, cryptography misuse detectors have …

Misuse of cryptographic (crypto) APIs is a noteworthy cause of security vulnerabilities. For
this reason, static analyzers were recently proposed for detecting crypto API misuses. They …

Similarities between natural languages and programming languages have prompted
researchers to apply neural network models to software problems, such as code generation …