Static analyzers help find bugs early by warning about recurring bug categories. While fixing
these bugs still remains a mostly manual task in practice, we observe that fixes for a specific …

Given how the" patching treadmill" plays a central role for enabling sites to counter emergent
security concerns, it behooves the security community to understand the patch development …

Automated program repair is the problem of automatically fixing bugs in programs in order to
significantly reduce the debugging costs and improve the software quality. To address this …

Well-designed and publicly available datasets of bugs are an invaluable asset to advance
research fields such as fault localization and program repair as they allow directly and fairly …

Software vulnerability is one of the major threats to software security. Once discovered,
vulnerabilities are often fixed by applying security patches. In that sense, security patches …

Subjective judgments in software engineering tasks are of critical importance but can be
difficult to study with conventional means. Medical imaging techniques hold the promise of …

Today's software systems are increasingly relying on the “power of the crowd” to identify new
security vulnerabilities. And yet, it is not well understood how reproducible the crowd …

With the increasing popularity of open-source software, embedded vulnerabilities have been
widely propagating to downstream software. Due to different maintenance policies, software …

Security patches, embedding both vulnerable code and the corresponding fixes, are of great
significance to vulnerability detection and software maintenance. However, the existing …

GitHub and similar platforms have made public collaborative development of software
commonplace. However, a problem arises when this public code must manage …