2022

Automated Identification of Libraries from Vulnerability Data:Can We Do Better?

Software engineers depend heavily on software libraries and have to update their dependencies once vulnerabilities are found in them. Software Composition Analysis (SCA) helps developers identify vulnerable libraries used by an application. A key …

Analyzing Offline Social Engagements: AnEmpirical Study of Meetup Events Related to Software Development

Software developers use a variety of social media channels and tools in order to keep themselves up to date, collaborate with other developers, and find projects to contribute to. Meetup is one of such social media used by software developers to …

HERMES: Using Commit-Issue Linking to Detect Vulnerability-Fixing Commits

Software projects today rely on many third-party libraries, and therefore, are exposed to vulnerabilities in these libraries. When a library vulnerability is fixed, users are notified and advised to upgrade to a new version of the library. However, …