English

Tracing Vulnerability Propagation Across Open Source Software Ecosystems

Software Engineering 2025-09-17 v2 Cryptography and Security

Abstract

The paper presents a traceability analysis of how over 84 thousand vulnerabilities have propagated across 28 open source software ecosystems. According to the results, the propagation sequences have been complex in general, although GitHub, Debian, and Ubuntu stand out. Furthermore, the associated propagation delays have been lengthy, and these do not correlate well with the number of ecosystems involved in the associated sequences. Nor does the presence or absence of particularly ecosystems in the sequences yield clear, interpretable patterns. With these results, the paper contributes to the overlapping knowledge bases about software ecosystems, traceability, and vulnerabilities.

Keywords

Cite

@article{arxiv.2505.04307,
  title  = {Tracing Vulnerability Propagation Across Open Source Software Ecosystems},
  author = {Jukka Ruohonen and Qusai Ramadan},
  journal= {arXiv preprint arXiv:2505.04307},
  year   = {2025}
}

Comments

Proceedings of the 37th International Conference on Testing Software and Systems (ICTSS 2025), Limassol, Springer, pp. 325-332

R2 v1 2026-06-28T23:24:19.106Z