Scripting languages are continuously gaining popularity due to their ease of use and the flourishing software ecosystems that surround them. These languages offer crash and memory safety by design, thus, developers do not need to understand and prevent low-level security issues like the ones plaguing the C code. However, scripting languages often allow native extensions, which are a way for custom C/C++ code to be invoked directly from the high-level language. While this feature promises several benefits such as increased performance or the reuse of legacy code, it can also break the language's guarantees, e.g., crash-safety. In this work, we first provide a comparative analysis of the security risks of native extension APIs in three pop...
The massive demand of software systems brought about a growth in efficiency in software creation. As...
Security vulnerabilities that originate from memory-related programming errors are all too common in...
We present SafeDrive, a system for detecting and recovering from type safety violations in software ...
In this book we examine a number of vulnerabilities in C-like languages that can be exploited by att...
Many computing systems today are written in weakly typed languages such as C and C++. These language...
The large transformer-based language models demonstrate excellent performance in natural language pr...
Obtaining secure systems software is notoriously hard. One reason is the continuing use of unsafe la...
Open-source code hosted online at programming portals is present in 99% of commercial software and i...
An empirical study that examines the usage of known vulnerable statements in software systems develo...
The boundary between application and system is becoming increasingly permeable. Extensible database ...
The combination of (1) hard to eradicate low-level vulnerabilities, (2) a large trusted computing ba...
Dynamically-typed languages have improved programming experience in software development, leading to...
Software developers share programming solutions in Q&A sites like Stack Overflow, Stack Exchange, An...
Programs written in C and C++ are susceptible to a number of memory errors, including buffer overflo...
Insecure Programming: How Culpable is a Language’s Syntax? Abstracr-Vulnerabilities in software stem...
The massive demand of software systems brought about a growth in efficiency in software creation. As...
Security vulnerabilities that originate from memory-related programming errors are all too common in...
We present SafeDrive, a system for detecting and recovering from type safety violations in software ...
In this book we examine a number of vulnerabilities in C-like languages that can be exploited by att...
Many computing systems today are written in weakly typed languages such as C and C++. These language...
The large transformer-based language models demonstrate excellent performance in natural language pr...
Obtaining secure systems software is notoriously hard. One reason is the continuing use of unsafe la...
Open-source code hosted online at programming portals is present in 99% of commercial software and i...
An empirical study that examines the usage of known vulnerable statements in software systems develo...
The boundary between application and system is becoming increasingly permeable. Extensible database ...
The combination of (1) hard to eradicate low-level vulnerabilities, (2) a large trusted computing ba...
Dynamically-typed languages have improved programming experience in software development, leading to...
Software developers share programming solutions in Q&A sites like Stack Overflow, Stack Exchange, An...
Programs written in C and C++ are susceptible to a number of memory errors, including buffer overflo...
Insecure Programming: How Culpable is a Language’s Syntax? Abstracr-Vulnerabilities in software stem...
The massive demand of software systems brought about a growth in efficiency in software creation. As...
Security vulnerabilities that originate from memory-related programming errors are all too common in...
We present SafeDrive, a system for detecting and recovering from type safety violations in software ...