Saved in:
Bibliographic Details
Main Authors: Qian, Zhuoyun, Zhong, Fangtian, Hu, Qin, Jiang, Yili, Huang, Jiaqi, Ren, Mengfei, Yu, Jiguo
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2503.20244
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910894503493632
author Qian, Zhuoyun
Zhong, Fangtian
Hu, Qin
Jiang, Yili
Huang, Jiaqi
Ren, Mengfei
Yu, Jiguo
author_facet Qian, Zhuoyun
Zhong, Fangtian
Hu, Qin
Jiang, Yili
Huang, Jiaqi
Ren, Mengfei
Yu, Jiguo
contents Modern software systems are developed in diverse programming languages and often harbor critical vulnerabilities that attackers can exploit to compromise security. These vulnerabilities have been actively targeted in real-world attacks, causing substantial harm to users and cyberinfrastructure. Since many of these flaws originate from the code itself, a variety of techniques have been proposed to detect and mitigate them prior to software deployment. However, a comprehensive comparative study that spans different programming languages, program representations, bug types, and analysis techniques is still lacking. As a result, the relationships among programming languages, abstraction levels, vulnerability types, and detection approaches remain fragmented, and the limitations and research gaps across the landscape are not clearly understood. This article aims to bridge that gap by systematically examining widely used programming languages, levels of program representation, categories of vulnerabilities, and mainstream detection techniques. The survey provides a detailed understanding of current practices in vulnerability discovery, highlighting their strengths, limitations, and distinguishing characteristics. Furthermore, it identifies persistent challenges and outlines promising directions for future research in the field of software security.
format Preprint
id arxiv_https___arxiv_org_abs_2503_20244
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Software Vulnerability Analysis Across Programming Language and Program Representation Landscapes: A Survey
Qian, Zhuoyun
Zhong, Fangtian
Hu, Qin
Jiang, Yili
Huang, Jiaqi
Ren, Mengfei
Yu, Jiguo
Cryptography and Security
Modern software systems are developed in diverse programming languages and often harbor critical vulnerabilities that attackers can exploit to compromise security. These vulnerabilities have been actively targeted in real-world attacks, causing substantial harm to users and cyberinfrastructure. Since many of these flaws originate from the code itself, a variety of techniques have been proposed to detect and mitigate them prior to software deployment. However, a comprehensive comparative study that spans different programming languages, program representations, bug types, and analysis techniques is still lacking. As a result, the relationships among programming languages, abstraction levels, vulnerability types, and detection approaches remain fragmented, and the limitations and research gaps across the landscape are not clearly understood. This article aims to bridge that gap by systematically examining widely used programming languages, levels of program representation, categories of vulnerabilities, and mainstream detection techniques. The survey provides a detailed understanding of current practices in vulnerability discovery, highlighting their strengths, limitations, and distinguishing characteristics. Furthermore, it identifies persistent challenges and outlines promising directions for future research in the field of software security.
title Software Vulnerability Analysis Across Programming Language and Program Representation Landscapes: A Survey
topic Cryptography and Security
url https://arxiv.org/abs/2503.20244