Programs are implemented in a variety of languages and contain serious vulnerabilities
which might be exploited to cause security breaches. These vulnerabilities have been …

Static code analysis is often used to scan source code for security vulnerabilities. Given the
wide range of existing solutions implementing different analysis techniques, it is very …

The vast majority of security breaches encountered today are a direct result of insecure
code. Consequently, the protection of computer systems critically depends on the rigorous …

Work on automating vulnerability discovery has long been hampered by a shortage of
ground-truth corpora with which to evaluate tools and techniques. This lack of ground truth …

The identification of security-critical vulnerabilities is a key for protecting computer systems.
Being able to perform this process at the binary level is very important given that many …

With embedded devices becoming more pervasive and entrenched in society, it is
paramount to keep these systems secure. A threat plaguing these systems consists of …

Identifying potentially vulnerable locations in a code base is critical as a pre-step for effective
vulnerability assessment; ie, it can greatly help security experts put their time and effort to …

Static analysis tools for software defect detection are becoming widely used in practice.
However, there is little public information regarding the experimental evaluation of the …

Static analysis tools can help prevent security incidents, but to do so, they must enable
developers to resolve the defects they detect. Unfortunately, developers often struggle to …

The problem of enforcing correct usage of array and pointer references in C and C++
programs remains unsolved. The approach proposed by Jones and Kelly (extended by …