Eric Bodden
YOU?
Author Swipe
View article: An empirical study of large language models for type and call graph analysis in Python and JavaScript
An empirical study of large language models for type and call graph analysis in Python and JavaScript Open
Large Language Models (LLMs) are increasingly being explored for their potential in software engineering, particularly in static analysis tasks. In this study, we investigate the potential of current LLMs to enhance call-graph analysis and…
View article: Program Feature-Based Benchmarking for Fuzz Testing
Program Feature-Based Benchmarking for Fuzz Testing Open
Fuzzing is a powerful software testing technique renowned for its effectiveness in identifying software vulnerabilities. Traditional fuzzing evaluations typically focus on overall fuzzer performance across a set of target programs, yet few…
View article: Pick Your Call Graphs Well: On Scaling IFDS-Based Data-Flow Analyses
Pick Your Call Graphs Well: On Scaling IFDS-Based Data-Flow Analyses Open
43
View article: Assessor View: Introducing Tool Support for Android Privacy Assessments
Assessor View: Introducing Tool Support for Android Privacy Assessments Open
Android apps collecting data from users must comply with legal frameworks toensure data protection. This requirement has become even more important since the implementation of the General Data Protection Regulation (GDPR) by the European U…
View article: TypeEvalPy: A Micro-benchmarking Framework for Python Type Inference Tools
TypeEvalPy: A Micro-benchmarking Framework for Python Type Inference Tools Open
GitHub link: https://github.com/secure-software-engineering/TypeEvalPy A Micro-benchmarking Framework for Python Type Inference Tools 📌 Features: 📜 Contains 154 code snippets to test and benchmark. 🏷 Offers 845 type annotations across a di…
View article: Software Security Analysis in 2030 and Beyond: A Research Roadmap
Software Security Analysis in 2030 and Beyond: A Research Roadmap Open
As our lives, our businesses, and indeed our world economy become increasingly reliant on the secure operation of many interconnected software systems, the software engineering research community is faced with unprecedented research challe…
View article: A Study of Privacy-Related Data Collected by Android Apps
A Study of Privacy-Related Data Collected by Android Apps Open
Many Android apps collect data from users, and the European Union's General Data Protection Regulation (GDPR) mandates clear disclosures of such data collection. However, apps often use third-party code, complicating accurate disclosures. …
View article: Visualizing and Understanding the Internals of Fuzzing
Visualizing and Understanding the Internals of Fuzzing Open
2199
View article: An Empirical Study of Large Language Models for Type and Call Graph Analysis in Python and JavaScript
An Empirical Study of Large Language Models for Type and Call Graph Analysis in Python and JavaScript Open
Large Language Models (LLMs) are increasingly being explored for their potential in software engineering, particularly in static analysis tasks. In this study, we investigate the potential of current LLMs to enhance call-graph analysis and…
View article: Software Security Analysis in 2030 and Beyond: A Research Roadmap
Software Security Analysis in 2030 and Beyond: A Research Roadmap Open
As our lives, our businesses, and indeed our world economy become increasingly reliant on the secure operation of many interconnected software systems, the software engineering research community is faced with unprecedented research challe…
View article: Visualization Task Taxonomy to Understand the Fuzzing Internals (Registered Report)
Visualization Task Taxonomy to Understand the Fuzzing Internals (Registered Report) Open
13
View article: Advancing Android Privacy Assessments with Automation
Advancing Android Privacy Assessments with Automation Open
Android apps collecting data from users must comply with legal frameworks to ensure data protection. This requirement has become even more important since the implementation of the General Data Protection Regulation (GDPR) by the European …
View article: Do Android App Developers Accurately Report Collection of Privacy-Related Data?
Do Android App Developers Accurately Report Collection of Privacy-Related Data? Open
Many Android applications collect data from users. The European Union's General Data Protection Regulation (GDPR) requires vendors to faithfully disclose which data their apps collect. This task is complicated because many apps use third-p…
View article: Static analysis driven enhancements for comprehension in machine learning notebooks
Static analysis driven enhancements for comprehension in machine learning notebooks Open
Jupyter notebooks have emerged as the predominant tool for data scientists to develop and share machine learning solutions, primarily using Python as the programming language. Despite their widespread adoption, a significant fraction of th…
View article: Toward an Android Static Analysis Approach for Data Protection
Toward an Android Static Analysis Approach for Data Protection Open
65
View article: TypeEvalPy: A Micro-benchmarking Framework for Python Type Inference Tools
TypeEvalPy: A Micro-benchmarking Framework for Python Type Inference Tools Open
In light of the growing interest in type inference research for Python, both researchers and practitioners require a standardized process to assess the performance of various type inference techniques. This paper introduces TypeEvalPy, a c…
View article: The Emergence of Large Language Models in Static Analysis: A First Look through Micro-Benchmarks
The Emergence of Large Language Models in Static Analysis: A First Look through Micro-Benchmarks Open
The application of Large Language Models (LLMs) in software engineering, particularly in static analysis tasks, represents a paradigm shift in the field. In this paper, we investigate the role that current LLMs can play in improving callgr…
View article: Symbol-Specific Sparsification of Interprocedural Distributive Environment Problems
Symbol-Specific Sparsification of Interprocedural Distributive Environment Problems Open
Previous work has shown that one can often greatly speed up static analysis by computing data flows not for every edge in the program's control-flow graph but instead only along definition-use chains. This yields a so-called sparse static …
View article: Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability
Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability Open
Context: Static analyses are well-established to aid in understanding bugs or vulnerabilities during the development process or in large-scale studies. A low false-positive rate is essential for the adaption in practice and for precise res…
View article: The Emergence of Large Language Models in Static Analysis: A First Look through Micro-Benchmarks
The Emergence of Large Language Models in Static Analysis: A First Look through Micro-Benchmarks Open
The application of Large Language Models (LLMs) in software engineering, particularly in static analysis tasks, represents a paradigm shift in the field. In this paper, we investigate the role that current LLMs can play in improving callgr…
View article: Toward an Android Static Analysis Approach for Data Protection
Toward an Android Static Analysis Approach for Data Protection Open
Android applications collecting data from users must protect it according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the General Data Protection Regulation (GDPR…
View article: Symbol-Specific Sparsification of Interprocedural Distributive Environment Problems
Symbol-Specific Sparsification of Interprocedural Distributive Environment Problems Open
Previous work has shown that one can often greatly speed up static analysis by computing data flows not for every edge in the program's control-flow graph but instead only along definition-use chains. This yields a so-called sparse static …
View article: Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability
Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability Open
Context: Static analyses are well-established to aid in understanding bugs or vulnerabilities during the development process or in large-scale studies. A low false positive rate is essential for the adaption in practice and for precise res…
View article: Ernst Denert Software Engineering Award 2022
Ernst Denert Software Engineering Award 2022 Open
The Ernst Denert Award is already existing since 1992, which does not only honor the award winners but also the software engineering field in total. Software engineering is a vivid and intensively extending field that regularly spawns new …
View article: Detecting Security-Relevant Methods using Multi-label Machine Learning
Detecting Security-Relevant Methods using Multi-label Machine Learning Open
To detect security vulnerabilities, static analysis tools need to be\nconfigured with security-relevant methods. Current approaches can automatically\nidentify such methods using binary relevance machine learning approaches.\nHowever, they…
View article: SootUp: A Redesign of the Soot Static Analysis Framework
SootUp: A Redesign of the Soot Static Analysis Framework Open
Since its inception two decades ago, Soot has become one of the most widely used open-source static analysis frameworks. Over time it has been extended with the contributions of countless researchers. Yet, at the same time, the requirement…
View article: Ernst Denert Award for Software Engineering 2022
Ernst Denert Award for Software Engineering 2022 Open
This open access book provides an overview of the dissertations of the five nominees for the Ernst Denert Award for Software Engineering in 2022. The prize, kindly sponsored by the Gerlind & Ernst Denert Stiftung, is awarded for excellent …
View article: slash: A Technique for Static Configuration-Logic Identification
slash: A Technique for Static Configuration-Logic Identification Open
Researchers have recently devised tools for debloating software and detecting configuration errors. Several of these tools rely on the observation that programs are composed of an initialization phase followed by a main-computation phase. …
View article: Securing Your Crypto-API Usage Through Tool Support - A Usability Study
Securing Your Crypto-API Usage Through Tool Support - A Usability Study Open
Developing secure software is essential for protecting passwords and other sensitive data. Despite the abundance of cryptographic libraries available to developers, prior work has shown that developers often unknowingly misuse the provided…