English
Related papers

Related papers: Mining Threat Intelligence about Open-Source Proje…

200 papers

Open-source software (OSS) is a pillar of modern software development. Its success depends on the dedication of maintainers who work constantly to keep their libraries stable, adapt to changing needs, and support a growing community. Yet,…

Software Engineering · Computer Science 2025-10-20 Rachna Raj , Diego Elias Costa

Security vulnerabilities introduced by applications using third-party dependencies are on the increase, caused by the emergence of large ecosystems of libraries such as the NPM packages for JavaScript. Nowadays, libraries depend on each…

For teams using distributed version control systems, the right collaborative development workflows can help maintaining the long-term quality of project repositories and improving work efficiency. Despite the fact that the workflows are…

Software Engineering · Computer Science 2020-04-28 Panuchart Bunyakiati , Usa Sammapun

Command injection vulnerabilities are a significant security threat in dynamic languages like Python, particularly in widely used open-source projects where security issues can have extensive impact. With the proven effectiveness of Large…

Software Engineering · Computer Science 2025-05-22 Yuxuan Wang , Jingshu Chen , Qingyang Wang

In an increasingly interconnected and data-driven world, the importance of robust security measures cannot be overstated. A knowledge graph constructed with information extracted from the system along with the desired security behavior can…

Cryptography and Security · Computer Science 2023-12-11 M. Xie , T. Rahat , W. Wang , Y. Tian

Bugs are inevitable in software development, and their reporting in open repositories can enhance software transparency and reliability assessment. This study aims to extract information from the issue tracking system Jira and proposes a…

Software Engineering · Computer Science 2024-08-01 Hasan Yagiz Ozkan , Poul Einer Heegaard , Wolfgang Kellerer , Carmen Mas-Machuca

Open-source AI libraries are foundational to modern AI systems, yet they present significant, underexamined risks spanning security, licensing, maintenance, supply chain integrity, and regulatory compliance. We introduce LibVulnWatch, a…

Cryptography and Security · Computer Science 2025-07-01 Zekun Wu , Seonglae Cho , Umar Mohammed , Cristian Munoz , Kleyton Costa , Xin Guan , Theo King , Ze Wang , Emre Kazim , Adriano Koshiyama

Background: Security regressions are vulnerabilities introduced in a previously unaffected software system. They often happen as a result of source code changes (e.g., a bug fix) and can have severe effects. Aims: To increase the…

Software Engineering · Computer Science 2022-07-06 Larissa Braz , Enrico Fregnan , Vivek Arora , Alberto Bacchelli

In Open Source Software, the source code and any other resources available in a project can be viewed or reused by anyone subject to often permissive licensing restrictions. In contrast to some studies of dependency-based reuse supported…

Software Engineering · Computer Science 2024-02-12 Mahmoud Jahanshahi , Audris Mockus

In the rapidly evolving landscape of software development, addressing security vulnerabilities in open-source software (OSS) has become critically important. However, existing research and tools from both academia and industry mainly relied…

Software Engineering · Computer Science 2025-04-01 Lyuye Zhang , Jiahui Wu , Chengwei Liu , Kaixuan Li , Xiaoyu Sun , Lida Zhao , Chong Wang , Yang Liu

Version control systems for source code, such as Git, are key tools in modern software development environments. Many developers use online services, such as GitHub or GitLab, for collaborative software development. While software projects…

Cryptography and Security · Computer Science 2022-11-15 Alexander Krause , Jan H. Klemmer , Nicolas Huaman , Dominik Wermke , Yasemin Acar , Sascha Fahl

Vulnerabilities in open-source software can cause cascading effects in the modern digital ecosystem. It is especially worrying if these vulnerabilities repeat across many projects, as once the adversaries find one of them, they can scale up…

Cryptography and Security · Computer Science 2025-05-27 Jafar Akhoundali , Hamidreza Hamidi , Kristian Rietveld , Olga Gadyatskaya

A tenet of open source software development is to accept contributions from users-developers (typically after appropriate vetting). But should this also include interventions done as part of research on open source development? Following an…

Software Engineering · Computer Science 2023-06-05 Dror G. Feitelson

Git is used as the distributed version control system for many open-source software projects. One Git-based service, GitHub, is the most common code hosting and repository service for open-source software projects. For researchers that…

Software Engineering · Computer Science 2021-01-22 Abdulkadir Şeker , Banu Diri , Halil Arslan , Mehmet Fatih Amasyalı

In Go, the widespread adoption of open-source software has led to a flourishing ecosystem of third-party dependencies, which are often integrated into critical systems. However, the reuse of dependencies introduces significant supply chain…

Cryptography and Security · Computer Science 2025-09-05 Carmine Cesarano , Vivi Andersson , Roberto Natella , Martin Monperrus

The migration process between different third-party libraries is hard, complex and error-prone. Typically, during a library migration, developers need to find methods in the new library that are most adequate in replacing the old methods of…

Software Engineering · Computer Science 2019-06-07 Hussein Alrubaye , Mohamed Wiem Mkaouer , Ali Ouni

While open-source software has enabled significant levels of reuse to speed up software development, it has also given rise to the dreadful dependency hell that all software practitioners face on a regular basis. This article provides a…

Software Engineering · Computer Science 2024-11-21 Tom Mens , Alexandre Decan

In software development, developers extensively utilize third-party libraries to avoid implementing existing functionalities. When a new third-party library vulnerability is disclosed, project maintainers need to determine whether their…

Software Engineering · Computer Science 2023-12-18 Zirui Chen , Xing Hu , Xin Xia , Yi Gao , Tongtong Xu , David Lo , Xiaohu Yang

Security patches in open-source software, providing security fixes to identified vulnerabilities, are crucial in protecting against cyberattacks. Despite the National Vulnerability Database (NVD) publishes identified vulnerabilities, a vast…

Cryptography and Security · Computer Science 2021-06-08 Yaqin Zhou , Jing Kai Siow , Chenyu Wang , Shangqing Liu , Yang Liu

Developers often build software on top of third-party libraries (Libs) to improve productivity, but these libraries may contain vulnerabilities that enable supply chain attacks. Existing tools detect vulnerable dependencies, yet developers…

Cryptography and Security · Computer Science 2026-03-31 Ying Zhang , Wenjia Song , Zhengjie Ji , Danfeng , Yao , Na Meng
‹ Prev 1 4 5 6 7 8 10 Next ›