Computers & Security, Journal Year: 2024, Volume and Issue: 148, P. 104113 - 104113
Published: Sept. 14, 2024
Language: Английский
Medical & Biological Engineering & Computing, Journal Year: 2023, Volume and Issue: 62(1), P. 257 - 273
Published: Oct. 4, 2023
Abstract The integration of IoT in healthcare has introduced vulnerabilities medical devices and software, posing risks to patient safety system integrity. This study aims bridge the research gap provide valuable insights for addressing their mitigation mechanisms. Software related health systems from 2001 2022 were collected National Vulnerability Database (NVD) systematized by software developed researchers assessed a specialist impact on well-being. analysis revealed electronic records, wireless infusion pumps, endoscope cameras, radiology information as most vulnerable. In addition, critical identified, including poor credential management hard-coded credentials. investigation provides some into consequences products, projecting future security issues 2025, offers suggestions, highlights trends attacks life support are also provided. industry needs significant improvements protecting cyberattacks. Securing communication channels network schema adopting secure practices is necessary. collaboration, regulatory adherence, continuous monitoring crucial. Industries, researchers, stakeholders can utilize these findings enhance safeguard safety. Graphical abstract
Language: Английский
Citations
24
Journal of Systems and Software, Journal Year: 2024, Volume and Issue: 214, P. 112014 - 112014
Published: Feb. 29, 2024
Language: Английский
Citations
11
ACM Transactions on Software Engineering and Methodology, Journal Year: 2025, Volume and Issue: unknown
Published: Feb. 12, 2025
Modern code generation tools utilizing AI models like Large Language Models (LLMs) have gained increased popularity due to their ability produce functional code. However, usage presents security challenges, often resulting in insecure merging into the base. Thus, evaluating quality of generated code, especially its security, is crucial. While prior research explored various aspects generation, focus on has been limited, mostly examining produced controlled environments rather than open source development scenarios. To address this gap, we conducted an empirical study, analyzing snippets by GitHub Copilot and two other (i.e., CodeWhisperer Codeium) from projects. Our analysis identified 733 snippets, revealing a high likelihood weaknesses, with 29.5% Python 24.2% JavaScript affected. These issues span 43 Common Weakness Enumeration (CWE) categories, including significant ones CWE-330: Use Insufficiently Random Values , CWE-94: Improper Control Generation Code CWE-79: Cross-site Scripting . Notably, eight those CWEs are among 2023 CWE Top-25, highlighting severity. We further examined using Chat fix Copilot-generated providing warning messages static tools, up 55.5% can be fixed. finally provide suggestions for mitigating
Language: Английский
Citations
1
Applied Soft Computing, Journal Year: 2025, Volume and Issue: unknown, P. 113091 - 113091
Published: April 1, 2025
Language: Английский
Citations
1
Published: Nov. 7, 2022
Automated source code generation is currently a popular machine-learning-based task. It can be helpful for software developers to write functionally correct from given context. However, just like human developers, model produce vulnerable code, which the mistakenly use. For this reason, evaluating security of must. In paper, we describe SecurityEval, an evaluation dataset fulfill purpose. contains 130 samples 75 vulnerability types, are mapped Common Weakness Enumeration (CWE). We also demonstrate using our evaluate one open-source (i.e., InCoder) and closed-source GitHub Copilot).
Language: Английский
Citations
31
Published: March 11, 2024
Artificial intelligence (AI) has witnessed an exponential increase in its use various applications. Recently, the academic community started to research and inject new AI-based approaches provide solutions traditional software engineering problems. However, a comprehensive holistic understanding of current status is missing. To close above gap, synthetic knowledge synthesis was used induce landscape contemporary literature on AI engineering. The resulted 15 categories five themes, namely natural language processing engineering, artificial management development life cycle, machine learning fault/defect prediction effort estimation, employment deep intelligent code management, mining repositories improve quality. most productive country China (n=2042), followed by United States (n=1193), India (n=934), Germany (n=445), Canada (n=381). A high percentage (n=47.4%) papers were funded, showing strong interest this topic. convergence can significantly reduce needed resources, quality, user experience, well-being developers.
Language: Английский
Citations
5
ACM Computing Surveys, Journal Year: 2024, Volume and Issue: 57(3), P. 1 - 36
Published: Oct. 11, 2024
In recent years, numerous Machine Learning (ML) models, including Deep (DL) and classic ML have been developed to detect software vulnerabilities. However, there is a notable lack of comprehensive systematic surveys that summarize, classify, analyze the applications these models in vulnerability detection. This absence may lead critical research areas being overlooked or under-represented, resulting skewed understanding current state art To close this gap, we propose literature review characterizes different properties ML-based detection systems using six major Research Questions (RQs). Using custom web scraper, our approach involves extracting set studies from four widely used online digital libraries: ACM Digital Library, IEEE Xplore, ScienceDirect, Google Scholar. We manually analyzed extracted filter out irrelevant work unrelated detection, followed by creating taxonomies addressing RQs. Our analysis indicates significant upward trend applying techniques for over past few with many published years. Prominent conference venues include International Conference on Software Engineering (ICSE), Symposium Reliability (ISSRE), Mining Repositories (MSR) conference, Foundations (FSE), whereas Information Technology (IST), Computers & Security (C&S), Journal Systems (JSS) are leading journal venues. results reveal 39.1% subject use hybrid sources, 37.6% utilize benchmark data Code-based most commonly type among studies, source code predominant subtype. Graph-based token-based input representations popular techniques, accounting 57.2% 24.6% respectively. Among embedding graph token vector frequently 32.6% 29.7% studies. Additionally, 88.4% DL recurrent neural networks subcategories, only 7.2% models. types covered CWE-119, CWE-20, CWE-190 frequent ones. terms tools Keras TensorFlow backend PyTorch libraries model-building tools, 42 each. addition, Joern tool representation, 24 Finally, summarize challenges future directions context providing valuable insights researchers practitioners field.
Language: Английский
Citations
5
Information, Journal Year: 2024, Volume and Issue: 15(6), P. 354 - 354
Published: June 14, 2024
Artificial intelligence (AI) has witnessed an exponential increase in use various applications. Recently, the academic community started to research and inject new AI-based approaches provide solutions traditional software-engineering problems. However, a comprehensive holistic understanding of current status needs be included. To close above gap, synthetic knowledge synthesis was used induce landscape contemporary literature on AI software engineering. The resulted 15 categories 5 themes—namely, natural language processing engineering, artificial management development life cycle, machine learning fault/defect prediction effort estimation, employment deep intelligent engineering code management, mining repositories improve quality. most productive country China (n = 2042), followed by United States 1193), India 934), Germany 445), Canada 381). A high percentage 47.4%) papers were funded, showing strong interest this topic. convergence can significantly reduce required resources, quality, enhance user experience, well-being developers.
Language: Английский
Citations
4
Information and Software Technology, Journal Year: 2025, Volume and Issue: unknown, P. 107709 - 107709
Published: March 1, 2025
Language: Английский
Citations
0
Communications in computer and information science, Journal Year: 2025, Volume and Issue: unknown, P. 494 - 507
Published: Jan. 1, 2025
Language: Английский
Citations
0