English
Related papers

Related papers: Mining Threat Intelligence about Open-Source Proje…

200 papers

Open source projects play a significant role in software production. Most of the software projects reuse and build upon the existing open source projects and libraries. While reusing is a time and cost-saving strategy, some of the key…

Software Engineering · Computer Science 2022-08-03 Javad Ghofrani , Paria Heravi , Kambiz A. Babaei , Mohammad Soorati

With the rise of the library ecosystem (such as NPM for JavaScript and PyPI for Python), a developer has access to a multitude of library packages that they can adopt as dependencies into their application.Prior work has found that these…

Software Engineering · Computer Science 2024-07-02 Supatsara Wattanakriengkrai , Christoph Treude , Raula Gaikovina Kula

Software libraries are central to the functionality, security, and maintainability of modern code. As developers increasingly turn to Large Language Models (LLMs) to assist with programming tasks, understanding how these models recommend…

Software Engineering · Computer Science 2025-08-08 Jasmine Latendresse , SayedHassan Khatoonabadi , Emad Shihab

The use of packaged libraries can significantly shorten the software development cycle by improving the quality and readability of code. In this paper, we present a recommendation engine called Librarian for open source libraries. A…

Software Engineering · Computer Science 2023-02-08 Lili Tao , Alexandru-Petre Cazan , Senad Ibraimoski , Sean Moran

Open source software development, particularly within institutions such as universities and research laboratories, is often decentralized and difficult to track. Although academic teams produce many impactful scientific tools, their…

Software Engineering · Computer Science 2026-02-27 Juanita Gomez , Emily Lovell , Stephanie Lieggi , Alvaro A. Cardenas , James Davis

There is no denying the fact that with the widespread usage of computers and the Internet in our daily lives, security of information and data has gained increased attention. Information stored in electronic form is more susceptible to…

Cryptography and Security · Computer Science 2016-10-04 Muhammad Farooq-i-Azam

All computer programs have flaws, some of which can be exploited to gain unauthorized access to computer systems. We conducted a field study on publicly reported vulnerabilities affecting three open source software projects in widespread…

Software Engineering · Computer Science 2019-12-05 Raul Barbosa , Frederico Cerveira , Luis Goncalo , Henrique Madeira

The popularity of Python has risen rapidly over the past 15 years. It is a major language in some of the most exciting technologies today. This popularity has led to a large ecosystem of third-party packages available via the pip package…

Cryptography and Security · Computer Science 2021-02-15 Aadesh Bagmar , Josiah Wedgwood , Dave Levin , Jim Purtilo

Open source projects often maintain open bug repositories during development and maintenance, and the reporters often point out straightly or implicitly the reasons why bugs occur when they submit them. The comments about a bug are very…

Software Engineering · Computer Science 2011-03-21 Deqing Wang , Mengxiang Lin , Hui Zhang , Hongping Hu

Open-source software serves as a foundation for the internet and the cyber supply chain, but its exploitation is becoming increasingly prevalent. While advances in vulnerability detection for OSS have been significant, prior research has…

Cryptography and Security · Computer Science 2024-12-02 Zhuoran Tan , Christos Anagnosstopoulos , Jeremy Singer

Software vulnerabilities have a large negative impact on the software systems that we depend on daily. Reports on software vulnerabilities always paint a grim picture, with some reports showing that 83% of organizations depend on vulnerable…

Software Engineering · Computer Science 2020-09-22 Mahmoud Alfadel , Diego Elias Costa , Mouafak Mokhallalati , Emad Shihab , Bram Adams

Using libraries in applications has helped developers reduce the costs of reinventing already existing code. However, an increase in diverse technology stacks and third-party library usage has led developers to inevitably switch…

Software Engineering · Computer Science 2023-03-17 Kanchanok Kannee , Raula Gaikovina Kula , Supatsara Wattanakriengkrai , Kenichi Matsumoto

Security policies, such as SECURITY.md files, are now common in open-source projects. They help guide responsible vulnerability reporting and build trust among users and contributors. Despite their growing use, it is still unclear how these…

Due to non-experts also developing security relevant applications it is necessary to support them too. Some improvements in the current research may not reach or impact these developers. Nonetheless these developers use security libraries.…

Cryptography and Security · Computer Science 2016-03-24 Kai Mindermann

With the increasing usage of open-source software (OSS) components, vulnerabilities embedded within them are propagated to a huge number of underlying applications. In practice, the timely application of security patches in downstream…

Cryptography and Security · Computer Science 2023-01-09 Xinda Wang , Shu Wang , Pengbin Feng , Kun Sun , Sushil Jajodia , Sanae Benchaaboun , Frank Geck

The paper presents a traceability analysis of how over 84 thousand vulnerabilities have propagated across 28 open source software ecosystems. According to the results, the propagation sequences have been complex in general, although GitHub,…

Software Engineering · Computer Science 2025-09-17 Jukka Ruohonen , Qusai Ramadan

Increasing numbers of software vulnerabilities are discovered every year whether they are reported publicly or discovered internally in proprietary code. These vulnerabilities can pose serious risk of exploit and result in system…

Large language models (LLMs) are increasingly embedded in open-source software (OSS) ecosystems, creating complex interactions among natural language prompts, probabilistic model outputs, and execution-capable components. However, it…

Cryptography and Security · Computer Science 2026-04-16 Fariha Tanjim Shifat , Hariswar Baburaj , Ce Zhou , Jaydeb Sarker , Mia Mohammad Imran

The increasing popularity of certain programming languages has spurred the creation of ecosystem-specific package repositories and package managers. Such repositories (e.g., npm, PyPI) serve as public databases that users can query to…

Cryptography and Security · Computer Science 2023-10-09 Piergiorgio Ladisa , Merve Sahin , Serena Elisa Ponta , Marco Rosa , Matias Martinez , Olivier Barais

A risk in adopting third-party dependencies into an application is their potential to serve as a doorway for malicious code to be injected (most often unknowingly). While many initiatives from both industry and research communities focus on…

Software Engineering · Computer Science 2023-09-11 Supatsara Wattanakriengkrai , Raula Gaikovina Kula , Christoph Treude , Kenichi Matsumoto