Understanding the Reproducibility of Crowd-reported Security Vulnerabilities
暂无分享,去创建一个
Gang Wang | Bing Mao | Xinyu Xing | Limin Yang | Hang Hu | Dongliang Mu | Alejandro Cuevas | G. Wang | Xinyu Xing | Dongliang Mu | Bing Mao | A. Cuevas | Limin Yang | Hang Hu
[1] Philip J. Guo,et al. "Not my bug!" and other reasons for software bug report reassignments , 2011, CSCW.
[2] Yi Yang,et al. Towards Efficient Heap Overflow Discovery , 2017, USENIX Security Symposium.
[3] Peng Liu,et al. An Empirical Study of Web Vulnerability Discovery Ecosystems , 2015, CCS.
[4] David Lo,et al. A Deeper Look into Bug Fixes: Patterns, Replacements, Deletions, and Additions , 2016, 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR).
[5] Philip J. Guo,et al. Characterizing and predicting which bugs get fixed: an empirical study of Microsoft Windows , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.
[6] Zhou Li,et al. Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence , 2016, CCS.
[7] Peng Liu,et al. Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts , 2017, USENIX Security Symposium.
[8] David A. Wagner,et al. Control-Flow Bending: On the Effectiveness of Control-Flow Integrity , 2015, USENIX Security Symposium.
[9] Xiangyu Zhang,et al. A2C: Self Destructing Exploit Executions via Input Perturbation , 2017, NDSS 2017.
[10] Bernhard Plattner,et al. Large-scale vulnerability analysis , 2006, LSAD '06.
[11] John Johansen,et al. PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities , 2003, USENIX Security Symposium.
[12] Yuanyuan Zhou,et al. aComment: mining annotations from comments and code to detect interrupt related concurrency bugs , 2011, 2011 33rd International Conference on Software Engineering (ICSE).
[13] Jun Xu,et al. Non-Control-Data Attacks Are Realistic Threats , 2005, USENIX Security Symposium.
[14] Wen Xu,et al. Own Your Android! Yet Another Universal Root , 2015, WOOT.
[15] Miryung Kim,et al. An empirical study of supplementary bug fixes , 2012, 2012 9th IEEE Working Conference on Mining Software Repositories (MSR).
[16] David Brumley,et al. AEG: Automatic Exploit Generation , 2011, NDSS.
[17] Zhendong Su,et al. An Empirical Study on Real Bug Fixes , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.
[18] Elissa M. Redmiles,et al. Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes , 2018, 2018 IEEE Symposium on Security and Privacy (SP).
[19] Zhenkai Liang,et al. Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks , 2016, 2016 IEEE Symposium on Security and Privacy (SP).
[20] Miguel Castro,et al. Securing software by enforcing data-flow integrity , 2006, OSDI '06.
[21] Thomas Zimmermann,et al. What Makes a Good Bug Report? , 2008, IEEE Transactions on Software Engineering.
[22] Abeer Alhuzali,et al. Automatic Exploit Generation for Web Applications , 2018 .
[23] Tudor Dumitras,et al. FeatureSmith: Automatically Engineering Features for Malware Detection by Mining the Security Literature , 2016, CCS.
[24] Miguel Castro,et al. Preventing Memory Error Exploits with WIT , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).
[25] Crispan Cowan,et al. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.
[26] Peng Liu,et al. CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump , 2016, CCS.
[27] Leyla Bilge,et al. The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching , 2015, 2015 IEEE Symposium on Security and Privacy.
[28] Yuming Zhou,et al. How Do Developers Fix Cross-Project Correlated Bugs? A Case Study on the GitHub Scientific Python Ecosystem , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE).
[29] Milo M. K. Martin,et al. SoftBound: highly compatible and complete spatial memory safety for c , 2009, PLDI '09.
[30] Gabriele Bavota,et al. Detecting missing information in bug descriptions , 2017, ESEC/SIGSOFT FSE.
[31] Vern Paxson,et al. A Large-Scale Empirical Study of Security Patches , 2017, CCS.
[32] Gina Venolia,et al. The secret life of bugs: Going past the errors and omissions in software repositories , 2009, 2009 IEEE 31st International Conference on Software Engineering.
[33] Stuart E. Schechter,et al. Milk or Wine: Does Software Security Improve with Age? , 2006, USENIX Security Symposium.
[34] Xiangyu Zhang,et al. Self Destructing Exploit Executions via Input Perturbation , 2017, Network and Distributed System Security Symposium.