Multilingual Source Code Analysis: A Systematic Literature Review

Mushtaq, Zaigham; Rasool, Ghulam; Shehzad, Balawal

doi:10.1109/access.2017.2710421

Cited by 22 publications

(11 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [ 57 ], code flaws and vulnerabilities modeling are focused on using the deep learning-based long short-term memory model, focusing on learning semantic and syntactic features of the code. In [ 58 ], a systematic literature review for multilanguage source code analysis is presented. This study helps explore the focus areas for development like static source code analysis, refactoring, detection of cross-language links, and other vital areas.…”

Section: Learning From Source Codementioning

confidence: 99%

[Retracted] Software Systems Security Vulnerabilities Management by Exploring the Capabilities of Language Models Using NLP

Althar

Samanta

Kaur

et al. 2021

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

Security of the software system is a prime focus area for software development teams. This paper explores some data science methods to build a knowledge management system that can assist the software development team to ensure a secure software system is being developed. Various approaches in this context are explored using data of insurance domain-based software development. These approaches will facilitate an easy understanding of the practical challenges associated with actual-world implementation. This paper also discusses the capabilities of language modeling and its role in the knowledge system. The source code is modeled to build a deep software security analysis model. The proposed model can help software engineers build secure software by assessing the software security during software development time. Extensive experiments show that the proposed models can efficiently explore the software language modeling capabilities to classify software systems’ security vulnerabilities.

show abstract

Section: Learning From Source Codementioning

confidence: 99%

[Retracted] Software Systems Security Vulnerabilities Management by Exploring the Capabilities of Language Models Using NLP

Althar

Samanta

Kaur

et al. 2021

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

show abstract

“…Our small analysis of MicroPython projects shows that for a further exploration of MicroPython applications we need to consider custom implementations of AES in Python and C. This seems to be a common pattern for embedded code where performance is important and low-level code is often shipped as custom C blobs. Thus, we can observe the importance of hybrid analyses approaches [5,10].…”

Section: Micropythonmentioning

confidence: 99%

“…Further, our study of MicroPython projects reveals that developers in the embedded domain tend to use crypto via C code. Thus, revealing the importance of hybrid static analyses, which can track program information, e.g., a call graph, across multiple languages [5,10].…”

Section: Introductionmentioning

confidence: 99%

Python Crypto Misuses in the Wild

Wickert

Baumgärtner

Breitfelder

et al. 2021

Proceedings of the 15th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)

View full text Add to dashboard Cite

Background: Previous studies have shown that up to 99.59 % of the Java apps using crypto APIs misuse the API at least once. However, these studies have been conducted on Java and C, while empirical studies for other languages are missing. For example, a controlled user study with crypto tasks in Python has shown that 68.5 % of the professional developers write a secure solution for a crypto task. Aims: To understand if this observation holds for real-world code, we conducted a study of crypto misuses in Python. Method: We developed a static analysis tool that covers common misuses of 5 different Python crypto APIs. With this analysis, we analyzed 895 popular Python projects from GitHub and 51 MicroPython projects for embedded devices. Further, we compared our results with the findings of previous studies . Results: Our analysis reveals that 52.26 % of the Python projects have at least one misuse. Further, some Python crypto libraries' API design helps developers from misusing crypto functions, which were much more common in studies conducted with Java and C code. Conclusion: We conclude that we can see a positive impact of the good API design on crypto misuses for Python applications. Further, our analysis of MicroPython projects reveals the importance of hybrid analyses. CCS CONCEPTS• Software and its engineering → Software libraries and repositories.

show abstract

“…Both of the approaches that we have investigated (SAST tools and SVP models) are language specific. It is common knowledge that vulnerable code patterns are difficult to translate across programming languages [36,50]. That is why we decided to collect the code datasets for C/C++.…”

Section: Selecting and Extracting Case Study Datasetsmentioning

confidence: 99%

An Empirical Study of Rule-Based and Learning-Based Approaches for Static Application Security Testing

Croft

Newlands

Chen

et al. 2021

Proceedings of the 15th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)

View full text Add to dashboard Cite

Background: Static Application Security Testing (SAST) tools purport to assist developers in detecting security issues in source code. These tools typically use rule-based approaches to scan source code for security vulnerabilities. However, due to the significant shortcomings of these tools (i.e., high false positive rates), learning-based approaches for Software Vulnerability Prediction (SVP) are becoming a popular approach. Aims: Despite the similar objectives of these two approaches, their comparative value is unexplored. We provide an empirical analysis of SAST tools and SVP models, to identify their relative capabilities for source code security analysis. Method: We evaluate the detection and assessment performance of several common SAST tools and SVP models on a variety of vulnerability datasets. We further assess the viability and potential benefits of combining the two approaches. Results: SAST tools and SVP models provide similar detection capabilities, but SVP models exhibit better overall performance for both detection and assessment. Unification of the two approaches is difficult due to lacking synergies. Conclusions: Our study generates 12 main findings which provide insights into the capabilities and synergy of these two approaches. Through these observations we provide recommendations for use and improvement. CCS CONCEPTS• Security and privacy → Software security engineering; • Computing methodologies → Machine learning; • Software and its engineering → Software testing and debugging.

show abstract

Multilingual Source Code Analysis: A Systematic Literature Review

Cited by 22 publications

References 52 publications

[Retracted] Software Systems Security Vulnerabilities Management by Exploring the Capabilities of Language Models Using NLP

[Retracted] Software Systems Security Vulnerabilities Management by Exploring the Capabilities of Language Models Using NLP

Python Crypto Misuses in the Wild

An Empirical Study of Rule-Based and Learning-Based Approaches for Static Application Security Testing

Contact Info

Product

Resources

About