LibDB.pdf
1 MB
#Sec_code_review
"LibDB: An Effective and Efficient Framework for Detecting Third-Party Libraries in Binaries", 2022.
Third-party libraries (TPLs) are important components of modern
software systems. They are reused frequently during software de velopment . Open-source repository platforms and package management systems are the major sources of third-party libraries.
However, security issues of the third-party code continue to arise.
Vulnerabilities in well-known third-party libraries, such as the
Heartbleed bug, could bring security threats to millions of devices. In addition, non-compliant reuse, which is a violation of legal software licenses, could lead to costly commercial disputes. Unfortunately, many developers do not pay sufficient attention to the code that is imported from third-party libraries.
]-> Datasets and source code:
https://github.com/DeepSoftwareAnalytics/LibDB
📚
"LibDB: An Effective and Efficient Framework for Detecting Third-Party Libraries in Binaries", 2022.
Third-party libraries (TPLs) are important components of modern
software systems. They are reused frequently during software de velopment . Open-source repository platforms and package management systems are the major sources of third-party libraries.
However, security issues of the third-party code continue to arise.
Vulnerabilities in well-known third-party libraries, such as the
Heartbleed bug, could bring security threats to millions of devices. In addition, non-compliant reuse, which is a violation of legal software licenses, could lead to costly commercial disputes. Unfortunately, many developers do not pay sufficient attention to the code that is imported from third-party libraries.
]-> Datasets and source code:
https://github.com/DeepSoftwareAnalytics/LibDB
📚
FlowDroid.pdf
1.2 MB
#Mobile_Security
#Sec_code_review
"Demystifying Hidden Sensitive Operations in Android apps", 2022.
]-> FlowDroid Static Data Flow Analysis Tool:
https://github.com/secure-software-engineering/FlowDroid
Android is the most adopted mobile operating systems in terms of users, applications and developers . However, its popularity means that legitimate developers must co-exist with malware writers.
#Sec_code_review
"Demystifying Hidden Sensitive Operations in Android apps", 2022.
]-> FlowDroid Static Data Flow Analysis Tool:
https://github.com/secure-software-engineering/FlowDroid
Android is the most adopted mobile operating systems in terms of users, applications and developers . However, its popularity means that legitimate developers must co-exist with malware writers.
Static_C_Code_Analyzers.pdf
811.3 KB
#Threat_Research
#Sec_code_review
"An Empirical Study on the Effectiveness of Static C Code Analyzers for Vulnerability Detection", 2022.
📰
📚
#Sec_code_review
"An Empirical Study on the Effectiveness of Static C Code Analyzers for Vulnerability Detection", 2022.
📰
📚