Third-party library dependency for large-scale SCA in the C/C++ ecosystem: How far are we?
Existing software composition analysis (SCA) techniques for the C/C++ ecosystem tend to
identify the reused components through feature matching between target software project …
identify the reused components through feature matching between target software project …
Asteria-Pro: Enhancing Deep Learning-based Binary Code Similarity Detection by Incorporating Domain Knowledge
Widespread code reuse allows vulnerabilities to proliferate among a vast variety of firmware.
There is an urgent need to detect these vulnerable codes effectively and efficiently. By …
There is an urgent need to detect these vulnerable codes effectively and efficiently. By …
Improving Security Tasks Using Compiler Provenance Information Recovered At the Binary-Level
The complex optimizations supported by modern compilers allow for compiler provenance
recovery at many levels. For instance, it is possible to identify the compiler family and …
recovery at many levels. For instance, it is possible to identify the compiler family and …
VMUD: Detecting Recurring Vulnerabilities with Multiple Fixing Functions via Function Selection and Semantic Equivalent Statement Matching
The widespread use of open-source software (OSS) has led to extensive code reuse,
making vulnerabilities in OSS significantly pervasive. The vulnerabilities due to code reuse …
making vulnerabilities in OSS significantly pervasive. The vulnerabilities due to code reuse …
Libam: An area matching framework for detecting third-party libraries in binaries
Third-party libraries (TPLs) are extensively utilized by developers to expedite the software
development process and incorporate external functionalities. Nevertheless, insecure TPL …
development process and incorporate external functionalities. Nevertheless, insecure TPL …
BinaryAI: Binary Software Composition Analysis via Intelligent Binary Source Code Matching
While third-party libraries (TPLs) are extensively reused to enhance productivity during
software development, they can also introduce potential security risks such as vulnerability …
software development, they can also introduce potential security risks such as vulnerability …
Empirical Study for Open Source Libraries in Automotive Software Systems
Y Zhang, Y Ning, C Ma, L Yu, Z Guo - IEEE Access, 2023 - ieeexplore.ieee.org
Open-source software has revolutionized the field of software development, providing a
collaborative and transparent approach that encourages knowledge sharing and innovation …
collaborative and transparent approach that encourages knowledge sharing and innovation …
Effort-Aware Fault-Proneness Prediction Using Non-API-Based Package-Modularization Metrics.
Source code complexity of legacy object-oriented (OO) software has a trickle-down effect
over the key activities of software development and maintenance. Package-based OO …
over the key activities of software development and maintenance. Package-based OO …
BBDetector: A precise and scalable third-party library detection in binary executables with fine-grained function-level features
X Zhu, J Wang, Z Fang, X Yin, S Liu - Applied Sciences, 2022 - mdpi.com
Third-party library (TPL) reuse may introduce vulnerable or malicious code and expose the
software, which exposes them to potential risks. Thus, it is essential to identify third-party …
software, which exposes them to potential risks. Thus, it is essential to identify third-party …
PTDETECTOR: An Automated JavaScript Front-end Library Detector
Identifying what front-end library runs on a web page is challenging. Although many mature
detectors exist on the market, they suffer from false positives and the inability to detect …
detectors exist on the market, they suffer from false positives and the inability to detect …