Automated detection of software vulnerabilities is a fundamental problem in software
security. Existing program analysis techniques either suffer from high false positives or false …

Automated program repair Page 1 56 COMMUNICATIONS OF THE ACM | DECEMBER 2019
| VOL. 62 | NO. 12 review articles ALEX IS A software developer, a recent hire at the company …

Static code analysis is often used to scan source code for security vulnerabilities. Given the
wide range of existing solutions implementing different analysis techniques, it is very …

Static analysis tools are widely used for vulnerability detection as they understand programs
with complex behavior and millions of lines of code. Despite their popularity, static analysis …

Lessons from building static analysis tools at Google Page 1 58 COMMUNICATIONS OF THE
ACM | APRIL 2018 | VOL. 61 | NO. 4 Lessons from Building Static Analysis Tools at Google …

Program Analysis has been a rich and fruitful field of research for many decades, and
countless high quality program analysis tools have been produced by academia. Though …

Defect prediction is proposed to assist practitioners effectively prioritize limited Software
Quality Assurance (SQA) resources on the most risky files that are likely to have post-release …

Real software, the kind working programmers produce by the kLOC to solve real-world
problems, tends to be" natural", like speech or natural language; it tends to be highly …

We interviewed developers currently employed in industry to explore real-life software
security practices during each stage of the development lifecycle. This paper explores steps …

Vulnerabilities persist despite existing software security initiatives and best practices. This
paper focuses on the human factors of software security, including human behaviour and …