English
Related papers

Related papers: Impact assessment for vulnerabilities in open-sour…

200 papers

[Context] Open Source Software (OSS) is nowadays used and integrated in most of the commercial products. However, the selection of OSS projects for integration is not a simple process, mainly due to a of lack of clear selection models and…

Software Engineering · Computer Science 2022-02-07 Xiaozhou Li , Sergio Moreschini , Zheying Zhang , Davide Taibi

Open-source software (OSS) greatly facilitates program development for developers. However, the high number of vulnerabilities in open-source software is a major concern, including in Golang, a relatively new programming language. In…

Software Engineering · Computer Science 2024-01-18 Jinchang Hu , Lyuye Zhang , Chengwei Liu , Sen Yang , Song Huang , Yang Liu

CONTEXT: Applying vulnerability detection techniques is one of many tasks using the limited resources of a software project. OBJECTIVE: The goal of this research is to assist managers and other decision-makers in making informed choices…

Software Engineering · Computer Science 2022-08-03 Sarah Elder , Nusrat Zahan , Rui Shu , Monica Metro , Valeri Kozarev , Tim Menzies , Laurie Williams

Continuous integration (CI) tools integrate code changes by automatically compiling, building, and executing test cases upon submission of code changes. Use of CI tools is getting increasingly popular, yet how proprietary projects reap the…

Software Engineering · Computer Science 2018-09-17 Akond Rahman , Amritanshu Agrawal , Rahul Krishna , Alexander Sobran

In the world of open-source software (OSS), the number of known vulnerabilities has tremendously increased. The GitHub Advisory Database contains advisories for security risks in GitHub-hosted OSS projects. As of 09/25/2023, there are…

Cryptography and Security · Computer Science 2025-01-30 Jessy Ayala , Yu-Jye Tung , Joshua Garcia

Open Source Software (OSS) Projects are gaining popularity worldwide. Studies by many researchers show that the important key success factor is modularity of the source code. This paper presents the revised Modularity Index which is a…

Software Engineering · Computer Science 2013-09-24 Andi Wahju Rahardjo Emanuel , Daniel Jahja Surjawan

In modern software development workflows, the open-source software supply chain contributes significantly to efficient and convenient engineering practices. With increasing system complexity, using open-source software as third-party…

Software Engineering · Computer Science 2025-11-18 Zihe Yan , Kai Luo , Haoyu Yang , Yang Yu , Zhuosheng Zhang , Guancheng Li

The rise of user-contributed Open Source Software (OSS) ecosystems demonstrate their prevalence in the software engineering discipline. Libraries work together by depending on each other across the ecosystem. From these ecosystems emerges a…

Software Engineering · Computer Science 2017-09-15 Raula Gaikovina Kula , Ali Ouni , Daniel M. German , Katsuro Inoue

Re-using open-source software (OSS) can avoid reinventing the wheel, but failing to keep it up-to-date can lead to missing new features and persistent bugs or vulnerabilities that have already been resolved. The use of outdated OSS…

Software Engineering · Computer Science 2025-11-11 Rui Lu , Lyuye Zhang , Kaixuan Li , Min Zhang , Yixiang Chen

Runtime introspection of dependencies, i.e., the ability to observe which dependencies are currently used during program execution, is fundamental for Software Supply Chain security. Yet, Java has no support for it. We solve this problem…

Software Engineering · Computer Science 2026-04-15 Serena Cofano , Daniel Williams , Aman Sharma , Martin Monperrus

Open-source software (OSS) is a critical part of the software supply chain. Recent social engineering attacks against OSS development teams have enabled attackers to become code contributors and later inject malicious code or…

Software Engineering · Computer Science 2021-07-05 Luiz Giovanini , Daniela Oliveira , Huascar Sanchez , Deborah Shands

Modularity is a desirable characteristic for software systems. In this article we propose to use a quantitative method from complex network sciences to estimate the coherence between the modularity of the dependency network of large open…

Software Engineering · Computer Science 2013-03-04 Marcelo Serrano Zanetti , Frank Schweitzer

Background: Modern software uses many third-party libraries and frameworks as dependencies. Known vulnerabilities in these dependencies are a potential security risk. Software composition analysis (SCA) tools, therefore, are being…

Software Engineering · Computer Science 2021-09-02 Nasif Imtiaz , Seaver Thorne , Laurie Williams

Existing innovation metrics inadequately capture software innovation, creating blind spots for researchers and policymakers seeking to understand and foster technological innovation in an increasingly software-defined economy. This paper…

Software Engineering · Computer Science 2025-07-01 Eva Maxfield Brown , Cailean Osborne , Peter Cihon , Moritz Böhmecke-Schwafert , Kevin Xu , Mirko Boehm , Knut Blind

Modern programming languages (e.g., Java and C#) provide features to separate error-handling code from regular code, seeking to enhance software comprehensibility and maintainability. Nevertheless, the way exception handling (EH) code is…

Software Engineering · Computer Science 2021-05-04 Luan P. Lima , Lincoln S. Rocha , Carla I. M. Bezerra , Matheus Paixao

Java platform and third-party libraries provide various security features to facilitate secure coding. However, misusing these features can cost tremendous time and effort of developers or cause security vulnerabilities in software. Prior…

Cryptography and Security · Computer Science 2017-09-29 Na Meng , Stefan Nagy , Daphne Yao , Wenjie Zhuang , Gustavo Arango Argoty

Nowadays the technological progress allows us to have highly flexible solutions, easily accessible with lower levels of investment, which leads to many companies adopting SaaS (Software-as-a-Service) to support their business processes.…

Software Engineering · Computer Science 2014-06-12 Virginia Maria Araujo , Jose Ayude Vazquez , Manuel Perez Cota

High-availability of software systems requires automated handling of crashes in presence of errors. Failure-oblivious computing is one technique that aims to achieve high availability. We note that failure-obliviousness has not been studied…

Software Engineering · Computer Science 2021-11-12 Thomas Durieux , Youssef Hamadi , Zhongxing Yu , Benoit Baudry , Martin Monperrus

Open-source software (OSS) is foundational to modern digital infrastructure, yet this context for group work continues to struggle to ensure sufficient contributions in many critical cases. This literature review explores how artificial…

Software Engineering · Computer Science 2026-02-10 S M Rakib UI Karim , Wenyi Lu , Sean Goggins

In this paper we discuss the impact of open source on both the security and transparency of a software system. We focus on the more technical aspects of this issue, combining and extending arguments developed over the years. We stress that…

Cryptography and Security · Computer Science 2021-08-23 Jaap-Henk Hoepman , Bart Jacobs