English
Related papers

Related papers: Vulnerable Open Source Dependencies: Counting Thos…

200 papers

Library dependencies in software ecosystems play a crucial role in the development of software. As newer releases of these libraries are published, developers may opt to pin their dependencies to a particular version. While pinning may have…

Software Engineering · Computer Science 2025-12-22 Vasudev Vikram , Yuvraj Agarwal , Rohan Padhye

Open-source software supply chain security relies heavily on assessing affected versions of library vulnerabilities. While prior studies have leveraged exploits for verifying vulnerability affected versions, they point out a key limitation…

Software Engineering · Computer Science 2026-03-30 Zirui Chen , Qi Zhan , Jiayuan Zhou , Xing Hu , Xin Xia , Xiaohu Yang

Understanding vulnerability propagation is essential for assessing how vulnerabilities spread across components of a software package. This supports more accurate impact analysis and enhances threat detection and mitigation. In this paper,…

Cryptography and Security · Computer Science 2026-04-21 Michael Robinson , Sajal Halder , Muhammad Ejaz Ahmed , Muhammad Ikram , Seyit Camtepe , Hyoungshick Kim

Relying on dependency packages accelerates software development, but it also increases the exposure to security vulnerabilities that may be present in dependencies. While developers have full control over which dependency packages (and…

Software Engineering · Computer Science 2023-10-13 Abbas Javan Jafari , Diego Elias Costa , Ahmad Abdellatif , Emad Shihab

In open-source software (OSS), software vulnerabilities have significantly increased. Although researchers have investigated the perspectives of vulnerability reporters and OSS contributor security practices, understanding the perspectives…

Software Engineering · Computer Science 2025-02-04 Jessy Ayala , Yu-Jye Tung , Joshua Garcia

Python applications depend on third-party native libraries that may be vendored within package distributions or installed on the host system. When vulnerabilities are discovered in these native libraries, determining which Python packages…

Security vulnerabilities introduced by applications using third-party dependencies are on the increase, caused by the emergence of large ecosystems of libraries such as the NPM packages for JavaScript. Nowadays, libraries depend on each…

Much of the current software depends on open-source components, which in turn have complex dependencies on other open-source libraries. Vulnerabilities in open source therefore have potentially huge impacts. The goal of this work is to get…

Software Engineering · Computer Science 2023-05-10 Tobias Dam , Sebastian Neumaier

Third-party libraries are a central building block to develop software systems. However, outdated third-party libraries are commonly used, and developers are usually less aware of the potential risks. Therefore, a quantitative and holistic…

Software Engineering · Computer Science 2020-02-26 Ying Wang , Bihuan Chen , Kaifeng Huang , Bowen Shi , Congying Xu , Xin Peng , Yang Liu , Yijian Wu

On average, 71% of the code in typical Java projects comes from open-source software (OSS) dependencies, making OSS dependencies the dominant component of modern software code bases. This high degree of OSS reliance comes with a…

Software Engineering · Computer Science 2025-10-23 Stefan Schott , Serena Elisa Ponta , Wolfram Fischer , Jonas Klauke , Eric Bodden

Third-party library dependencies are commonplace in today's software development. With the growing threat of security vulnerabilities, applying security fixes in a timely manner is important to protect software systems. As such, the…

Software Engineering · Computer Science 2022-05-18 Ayano Ikegami , Raula Gaikovina Kula , Bodin Chinthanet , Vittunyuta Maeprasart , Ali Ouni , Takashi Ishio , Kenichi Matsumoto

This study investigates vulnerabilities within the Maven ecosystem by analyzing a comprehensive dataset of 14,459,139 releases. Our analysis reveals the most critical weaknesses that pose significant threats to developers and their projects…

Software Engineering · Computer Science 2025-03-31 Costain Nachuma , Md Mosharaf Hossan , Asif Kamal Turzo , Minhaz F. Zibran

Modern software systems are often built by leveraging code written by others in the form of libraries and packages to accelerate their development. While there are many benefits to using third-party packages, software projects often become…

Software Engineering · Computer Science 2022-08-30 Jasmine Latendresse , Suhaib Mujahid , Diego Elias Costa , Emad Shihab

Open source software ecosystems consist of thousands of interdependent libraries, which users can combine to great effect. Recent work has pointed out two kinds of risks in these systems: that technical problems like bugs and…

Software Engineering · Computer Science 2022-05-11 William Schueller , Johannes Wachs

Open source software (OSS) vulnerabilities threaten the security of software systems that use OSS. Vulnerability databases provide valuable information (e.g., vulnerable version and patch) to mitigate OSS vulnerabilities. There arises a…

Software Engineering · Computer Science 2023-10-03 Congying Xu , Bihuan Chen , Chenhao Lu , Kaifeng Huang , Xin Peng , Yang Liu

While open-source software has enabled significant levels of reuse to speed up software development, it has also given rise to the dreadful dependency hell that all software practitioners face on a regular basis. This article provides a…

Software Engineering · Computer Science 2024-11-21 Tom Mens , Alexandre Decan

Existing innovation metrics inadequately capture software innovation, creating blind spots for researchers and policymakers seeking to understand and foster technological innovation in an increasingly software-defined economy. This paper…

Software Engineering · Computer Science 2025-07-01 Eva Maxfield Brown , Cailean Osborne , Peter Cihon , Moritz Böhmecke-Schwafert , Kevin Xu , Mirko Boehm , Knut Blind

Each year, thousands of software vulnerabilities are discovered and reported to the public. Unpatched known vulnerabilities are a significant security risk. It is imperative that software vendors quickly provide patches once vulnerabilities…

Cryptography and Security · Computer Science 2017-07-26 Benjamin L. Bullough , Anna K. Yanchenko , Christopher L. Smith , Joseph R. Zipkin

Reusing third-party libraries increases productivity and saves time and costs for developers. However, the downside is the presence of vulnerabilities in those libraries, which can lead to catastrophic outcomes. For instance, Apache Log4J…

Software Engineering · Computer Science 2024-11-20 Yi Wen Heng , Zeyang Ma , Haoxiang Zhang , Zhenhao Li , Tse-Hsun , Chen

Open-source software (OSS) greatly facilitates program development for developers. However, the high number of vulnerabilities in open-source software is a major concern, including in Golang, a relatively new programming language. In…

Software Engineering · Computer Science 2024-01-18 Jinchang Hu , Lyuye Zhang , Chengwei Liu , Sen Yang , Song Huang , Yang Liu