--- title: README emoji: 📚 colorFrom: indigo colorTo: yellow sdk: static pinned: false --- # OSS-Forge **OSS-Forge** is an open research initiative focused on *trustworthy, secure, and transparent AI-assisted software engineering*. We develop and publish: - **static and dynamic analyzers** for AI-generated code - **benchmarks and datasets** for software vulnerabilities, defects, exploits, and shellcode - **evaluation frameworks** for correctness, robustness, and data poisoning - **models and reproducible pipelines** for secure code generation - **experimental tools and artifacts** from peer-reviewed scientific publications Our mission is to build a transparent, verifiable, and secure ecosystem for integrating Large Language Models (LLMs) into software development, especially in safety-critical and security-sensitive contexts. --- ## What You Will Find Here This organization hosts resources from multiple research projects and publications in AI security, software engineering, and code generation. Current categories include: ### Static Analyzers & Security Tools - **DeVAIC** – Fast static analysis for detecting vulnerabilities in Python code - **PatchitPy** – Automated patching of vulnerable Python code via pattern-based transformations - **ACCA** – Automated correctness assessment of AI-generated code using symbolic execution ### Datasets for Security & Software Engineering - **PyResBugs** – 5,007 residual Python bugs with NL descriptions - **Shellcode_IA32** – The largest curated dataset of IA-32 shellcode snippets - **PoisonPy** – Dataset supporting targeted data-poisoning attacks - **Human vs AI Code** – Defects, vulnerabilities, and complexity analysis at scale ### Robustness, Data Quality & Industrial Code Generation - **Residual Bug Generation from Natural Language** – Frameworks for generating realistic residual defects from NL descriptions - **Impact of Data Quality on Code Models** – Empirical studies on robustness, poisoning resilience, and dataset quality - **Industrial Code Generation** – Models for domain-specific code synthesis (e.g., VHDL generation from natural language) Our repositories include code, experimental scripts, datasets, and reproducibility materials. --- ## Research Themes Our work spans four interconnected areas: 1. **Security of AI-generated Code** Vulnerability detection, automated patching, exploit generation, and robustness testing. 2. **Trustworthy LLM Evaluation** Correctness, equivalence checking, symbolic execution, reproducible benchmarks. 3. **Software Engineering with AI** Defect analysis, complexity metrics, orthogonal defect classification (ODC). 4. **Adversarial ML for Code Models** Data poisoning, robustness stress-testing, unsafe pattern injection. All research artifacts are peer-reviewed and associated with publications at DSN, ISSRE, ICPC, IST, EMSE, JSS, AUSE, and other venues. --- ## Publications Powered by These Repositories A non-exhaustive list includes works presented at: - **IEEE/IFIP DSN** - **IEEE ISSRE** - **IEEE/ACM ICPC** - **Empirical Software Engineering (EMSE)** - **Information and Software Technology (IST)** - **Automated Software Engineering (AUSE)** - **Journal of Systems and Software (JSS)** Full references are available inside each corresponding repository. --- ## Contributing We encourage contributions from the research and practitioner community. You can contribute by: - submitting new datasets - improving static analysis rules - adding benchmarks or experimental scripts - reporting issues or proposing new features Please open discussions or pull requests inside the relevant repository. --- ## Contact OSS-Forge is developed by a joint research team from the **University of North Carolina at Charlotte (UNCC)** and the **University of Naples Federico II**. ### Scientific Leadership - Prof. [Domenico Cotroneo](https://webpages.charlotte.edu/dcotrone/) — UNCC ### Core Research Contributors - Dr. [Pietro Liguori](http://wpage.unina.it/pietro.liguori/) — University of Naples Federico II - [Cristina Improta](http://wpage.unina.it/cristina.improta/) — University of Naples Federico II - Ph.D. students and graduate researchers and contributors from the DESSERT Research group — University of Naples Federico II ---