English
Related papers

Related papers: Interactive, Effort-Aware Library Version Harmoniz…

200 papers

With the urgent need to secure supply chains among Open Source libraries, attention has focused on mitigating vulnerabilities detected in these libraries. Although awareness has improved recently, most studies still report delays in the…

Software Engineering · Computer Science 2024-06-18 Ruksit Rojpaisarnkit , Hathaichanok Damrongsiri , Christoph Treude , Ali Ouni , Raula Gaikovina Kula

Multi-agent reinforcement learning (MARL) research is inherently computationally expensive and it is often difficult to obtain a sufficient number of experiment samples to test hypotheses and make robust statistical claims. Furthermore,…

Security vulnerabilities introduced by applications using third-party dependencies are on the increase, caused by the emergence of large ecosystems of libraries such as the NPM packages for JavaScript. Nowadays, libraries depend on each…

Context: Refactoring is recognized as an effective practice to maintain evolving software systems. For software libraries, we study how library developers refactor their Application Programming Interfaces (APIs), especially when it impacts…

Software Engineering · Computer Science 2017-10-02 Raula Gaikovina Kula , Ali Ouni , Daniel M. German , Katsuro Inoue

Vulnerabilities from third-party libraries (TPLs) have been unveiled to threaten the Maven ecosystem. Despite patches being released promptly after vulnerabilities are disclosed, the libraries and applications in the community still use the…

Software Engineering · Computer Science 2023-08-08 Lyuye Zhang , Chengwei Liu , Sen Chen , Zhengzi Xu , Lingling Fan , Lida Zhao , Yiran Zhang , Yang Liu

Background: Modern software uses many third-party libraries and frameworks as dependencies. Known vulnerabilities in these dependencies are a potential security risk. Software composition analysis (SCA) tools, therefore, are being…

Software Engineering · Computer Science 2021-09-02 Nasif Imtiaz , Seaver Thorne , Laurie Williams

Software intensively depends on external libraries whose relevance may change during its life cycle. As a consequence, software developers must periodically reconsider the libraries they depend on, and must think about \textit{library…

Software Engineering · Computer Science 2013-06-27 Cédric Teyton , Jean-Rémy Falleri , Marc Palyart , Xavier Blanc

Android apps include third-party native libraries to increase performance and to reuse functionality. Native code is directly executed from apps through the Java Native Interface or the Android Native Development Kit. Android developers add…

Cryptography and Security · Computer Science 2021-03-04 Sumaya Almanee , Arda Unal , Mathias Payer , Joshua Garcia

The rapid evolution of software libraries poses a considerable hurdle for code generation, necessitating continuous adaptation to frequent version updates while preserving backward compatibility. While existing code evolution benchmarks…

Large language models (LLMs) now play a central role in code generation, yet they continue to hallucinate, frequently inventing non-existent libraries. Such library hallucinations are not just benign errors: they can mislead developers,…

Software Engineering · Computer Science 2026-05-20 Lukas Twist , Jie M. Zhang , Mark Harman , Helen Yannakoudakis

As modern software development increasingly relies on reusable libraries and components, managing dependencies has become critical for ensuring software stability and security. However, challenges such as outdated dependencies, missed…

Software Engineering · Computer Science 2025-04-01 Barisha Chowdhury , Md Fazle Rabbi , S. M. Mahedy Hasan , Minhaz F. Zibran

Re-using open-source software (OSS) can avoid reinventing the wheel, but failing to keep it up-to-date can lead to missing new features and persistent bugs or vulnerabilities that have already been resolved. The use of outdated OSS…

Software Engineering · Computer Science 2025-11-11 Rui Lu , Lyuye Zhang , Kaixuan Li , Min Zhang , Yixiang Chen

Large Language Models have advanced automated software development, however, it remains a challenge to correctly infer dependencies, namely, identifying the internal components and external packages required for a repository to successfully…

In response to challenges in software supply chain security, several organisations have created infrastructures to independently build commodity open source projects and release the resulting binaries. Build platform variability can…

Cryptography and Security · Computer Science 2025-04-10 Jens Dietrich , Tim White , Behnaz Hassanshahi , Paddy Krishnan

A fundamental problem in cybersecurity and computer science is determining whether a program is free of bugs and vulnerabilities. Fuzzing, a popular approach to discovering vulnerabilities in programs, has several advantages over…

Cryptography and Security · Computer Science 2026-01-27 Ian Hardgrove , John D. Hastings

With the increasing disclosure of vulnerabilities in open-source software, software composition analysis (SCA) has been widely applied to reveal third-party libraries and the associated vulnerabilities in software projects. Beyond the…

Software Engineering · Computer Science 2023-01-23 Lyuye Zhang , Chengwei Liu , Zhengzi Xu , Sen Chen , Lingling Fan , Lida Zhao , Jiahui Wu , Yang Liu

We propose a system, named ATVHunter, which can pinpoint the precise vulnerable in-app TPL versions and provide detailed information about the vulnerabilities and TPLs. We propose a two-phase detection approach to identify specific TPL…

Software Engineering · Computer Science 2021-11-09 Xian Zhan , Lingling Fan , Sen Chen , Feng Wu , Tianming Liu , Xiapu Luo , Yang Liu

This study investigates the software vulnerability resolution time in the Maven ecosystem, focusing on the influence of CVE severity, library popularity as measured by the number of dependents, and version release frequency. The results…

Software Engineering · Computer Science 2025-04-01 Md Fazle Rabbi , Arifa Islam Champa , Rajshakhar Paul , Minhaz F. Zibran

Modern software development necessitates efficient version-oriented collaboration among developers. While Git is the most popular version control system, it generates unsatisfactory version merging results due to textual-based workflow,…

Software Engineering · Computer Science 2024-07-04 Qingyu Zhang , Junzhe Li , Jiayi Lin , Jie Ding , Lanteng Lin , Chenxiong Qian

Dealing with merge conflicts in version control systems is a challenging task for software developers. Resolving merge conflicts is a time-consuming and error-prone process, which distracts developers from important tasks. Recent work shows…

Software Engineering · Computer Science 2022-08-11 Max Ellis , Sarah Nadi , Danny Dig