Automated detection of software vulnerabilities is a fundamental problem in software
security. Existing program analysis techniques either suffer from high false positives or false …

Software developers are key players in the security ecosystem as they produce code that
runs on millions of devices. Yet we continue to see insecure code being developed and …

Large language models (large LMs) are increasingly trained on massive codebases and
used to generate code. However, LMs lack awareness of security and are found to …

We interviewed developers currently employed in industry to explore real-life software
security practices during each stage of the development lifecycle. This paper explores steps …

Vulnerabilities persist despite existing software security initiatives and best practices. This
paper focuses on the human factors of software security, including human behaviour and …

Identifying security vulnerabilities in software is a critical task that requires significant human
effort. Currently, vulnerability discovery is often the responsibility of software testers before …

Static analysis tools support developers in detecting potential coding issues, such as bugs
or vulnerabilities. Research on static analysis emphasizes its technical challenges but also …

The demand for automated security analysis techniques, such as static analysis based
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …

The usable security community is increasingly considering how to improve security decision-
making not only for end users, but also for information technology professionals, including …

Reverse engineering is a complex process essential to software-security tasks such as
vulnerability discovery and malware analysis. Significant research and engineering effort …