Zobrazeno 1 - 10
of 270
pro vyhledávání: '"Martinez, Matias"'
Autor:
Martinez, Matias
The recent surge of open-source large language models (LLMs) enables developers to create AI-based solutions while maintaining control over aspects such as privacy and compliance, thereby providing governance and ownership of the model deployment pro
Externí odkaz:
http://arxiv.org/abs/2408.01050
The growing use of large machine learning models highlights concerns about their increasing computational demands. While the energy consumption of their training phase has received attention, fewer works have considered the inference phase. For ML in
Externí odkaz:
http://arxiv.org/abs/2402.07585
Current software supply chains heavily rely on open-source packages hosted in public repositories. Given the popularity of ecosystems like npm and PyPI, malicious users started to spread malware by publishing open-source packages containing malicious
Externí odkaz:
http://arxiv.org/abs/2310.09571
Autor:
Ladisa, Piergiorgio, Sahin, Merve, Ponta, Serena Elisa, Rosa, Marco, Martinez, Matias, Barais, Olivier
The increasing popularity of certain programming languages has spurred the creation of ecosystem-specific package repositories and package managers. Such repositories (e.g., npm, PyPI) serve as public databases that users can query to retrieve packag
Externí odkaz:
http://arxiv.org/abs/2307.09087
Autor:
Ladisa, Piergiorgio, Ponta, Serena Elisa, Sabetta, Antonino, Martinez, Matias, Barais, Olivier
This work discusses open-source software supply chain attacks and proposes a general taxonomy describing how attackers conduct them. We then provide a list of safeguards to mitigate such attacks. We present our tool "Risk Explorer for Software Supply
Externí odkaz:
http://arxiv.org/abs/2304.05200
Publikováno v:
Proceedings of the 56th Hawaii International Conference on System Sciences, pp. 781-790 (2023)
The evaluation of Deep Learning models has traditionally focused on criteria such as accuracy, F1 score, and related measures. The increasing availability of high computational power environments allows the creation of deeper and more complex models.
Externí odkaz:
http://arxiv.org/abs/2302.00967
Publikováno v:
2024 IEEE/ACM 46th International Conference on Software Engineering: Companion Proceedings (ICSE-Companion '24), April 14--20, 2024, Lisbon, Portugal
Automated program repair (APR) aims to automatize the process of repairing software bugs in order to reduce the cost of maintaining software programs. Moreover, the success (given by the accuracy metric) of APR approaches has increased in recent year
Externí odkaz:
http://arxiv.org/abs/2211.12104
Open-source software supply chain attacks aim at infecting downstream users by poisoning open-source packages. The common way of consuming such artifacts is through package repositories and the development of vetting strategies to detect such attacks
Externí odkaz:
http://arxiv.org/abs/2210.03998
Autor:
Martinez, Matias, Kechagia, Maria, Perera, Anjana, Petke, Justyna, Sarro, Federica, Aleti, Aldeida
Previous studies have shown that Automated Program Repair (APR) techniques suffer from the overfitting problem. Overfitting happens when a patch is run and the test suite does not reveal any error, but the patch actually does not fix the underlying b
Externí odkaz:
http://arxiv.org/abs/2207.11082
Publikováno v:
2023 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, US, 2023 pp. 1509-1526
The widespread dependency on open-source software makes it a fruitful target for malicious actors, as demonstrated by recurring attacks. The complexity of today's open-source supply chains results in a significant attack surface, giving attackers num
Externí odkaz:
http://arxiv.org/abs/2204.04008