Automated detection of software vulnerabilities is a fundamental problem in software
security. Existing program analysis techniques either suffer from high false positives or false …

Software developers are key players in the security ecosystem as they produce code that
runs on millions of devices. Yet we continue to see insecure code being developed and …

Large language models (large LMs) are increasingly trained on massive codebases and
used to generate code. However, LMs lack awareness of security and are found to …

We interviewed developers currently employed in industry to explore real-life software
security practices during each stage of the development lifecycle. This paper explores steps …

Vulnerabilities persist despite existing software security initiatives and best practices. This
paper focuses on the human factors of software security, including human behaviour and …

Identifying security vulnerabilities in software is a critical task that requires significant human
effort. Currently, vulnerability discovery is often the responsibility of software testers before …

Recently, Automated Vulnerability Localization (AVL) has attracted much attention, aiming to
facilitate diagnosis by pinpointing the lines of code responsible for discovered …

Static analysis tools support developers in detecting potential coding issues, such as bugs
or vulnerabilities. Research on static analysis emphasizes its technical challenges but also …

Automatically locating vulnerable statements in source code is crucial to assure software
security and alleviate developers' debugging efforts. This becomes even more important in …

Context: Kubernetes has emerged as the de-facto tool for automated container
orchestration. Business and government organizations are increasingly adopting …