English
Related papers

Related papers: Underproduction: An Approach for Measuring Risk in…

200 papers

We introduce a large-scale dataset of the complete texts of free/open source software (FOSS) license variants. To assemble it we have collected from the Software Heritage archive-the largest publicly available archive of FOSS source code…

Software Engineering · Computer Science 2022-04-04 Stefano Zacchiroli

Open source software (OSS) vulnerabilities threaten the security of software systems that use OSS. Vulnerability databases provide valuable information (e.g., vulnerable version and patch) to mitigate OSS vulnerabilities. There arises a…

Software Engineering · Computer Science 2023-10-03 Congying Xu , Bihuan Chen , Chenhao Lu , Kaifeng Huang , Xin Peng , Yang Liu

Bugs are prevalent in software development. To improve software quality, bugs are filed using a bug tracking system. Properties of a reported bug would consist of a headline, description, project, product, component that is affected by the…

Software Engineering · Computer Science 2020-01-29 Amit Kumar , Manohar Madanu , Hari Prakash , Lalitha Jonnavithula , Srinivasa Rao Aravilli

As modern software extensively uses free open source packages as dependencies, developers have to regularly pull in new third-party code through frequent updates. However, without a proper review of every incoming change, vulnerable and…

Software Engineering · Computer Science 2022-11-08 Nasif Imtiaz , Laurie Williams

Preprocessors support the diversification of software products with #ifdefs, but also require additional effort from developers to maintain and understand variable code. We conjecture that #ifdefs cause developers to produce more vulnerable…

Software Engineering · Computer Science 2016-05-24 Gabriel Ferreira , Momin Malik , Christian Kästner , Jürgen Pfeffer , Sven Apel

A Software Bill of Materials (SBOM) is becoming an essential tool for effective software dependency management. An SBOM is a list of components used in software, including details such as component names, versions, and licenses. Using…

Software Engineering · Computer Science 2025-04-10 Rio Kishimoto , Tetsuya Kanda , Yuki Manabe , Katsuro Inoue , Shi Qiu , Yoshiki Higo

Open-source software (OSS) dependencies are a dominant component of modern software code bases. Using proven and well-tested OSS components lets developers reduce development time and cost while improving quality. However, heavy reliance on…

Software Engineering · Computer Science 2026-02-02 Stefan Schott , Serena Elisa Ponta , Wolfram Fischer , Jonas Klauke , Eric Bodden

Bug tracking tools are vital for managing bugs in any open source as well as proprietary commercial projects. Considering the significance of using an appropriate bug tracking tool, we assess the features offered by 31 open source bug…

Software Engineering · Computer Science 2017-06-22 Sai Anirudh Karre , Anveshi Shukla , Y. Raghu Reddy

As modern software development increasingly relies on reusable libraries and components, managing dependencies has become critical for ensuring software stability and security. However, challenges such as outdated dependencies, missed…

Software Engineering · Computer Science 2025-04-01 Barisha Chowdhury , Md Fazle Rabbi , S. M. Mahedy Hasan , Minhaz F. Zibran

Maintaining software is an ongoing process that stretches beyond the initial release. Stable software versions continuously evolve to fix bugs, add improvements, address security issues, and ensure compatibility. This ongoing support…

Software Engineering · Computer Science 2025-11-13 Jarin Tasnim , Debasish Chakroborti , Chanchal K. Roy , Kevin A. Schneider

Human error research on overconfidence supports the benefits of early visibility of defects and disciplined development. If risk to the enterprise is to be reduced, individuals need to become aware of the reality of the quality of their…

Human-Computer Interaction · Computer Science 2008-03-25 Patrick O'Beirne

In Open Source Software, resources of any project are open for reuse by introducing dependencies or copying the resource itself. In contrast to dependency-based reuse, the infrastructure to systematically support copy-based reuse appears to…

Software Engineering · Computer Science 2025-01-30 Mahmoud Jahanshahi , David Reid , Audris Mockus

Context: Open-source ecosystems rely on sustained package maintenance. When maintenance slows or stops, Technical Lag (TL), the gap between installed and latest dependency versions accumulates, creating security and sustainability risks.…

Software Engineering · Computer Science 2026-03-12 Shane K. Panter , Nasir U. Eisty

Large organizations have diverse product offerings to meet various business needs. To increase revenue, its common these days to offer software products as integrated product suite(s) rather than individual products. Creating and…

Software Engineering · Computer Science 2017-10-03 Sai Anirudh Karre , Y. Raghu Reddy

Open-source software (OSS) greatly facilitates program development for developers. However, the high number of vulnerabilities in open-source software is a major concern, including in Golang, a relatively new programming language. In…

Software Engineering · Computer Science 2024-01-18 Jinchang Hu , Lyuye Zhang , Chengwei Liu , Sen Yang , Song Huang , Yang Liu

Understanding how software defects manifest and evolve in production environments is critical for improving reliability. While previous research has largely focused on pre-release defects, the nature of residual faults, i.e., those escaping…

Software Engineering · Computer Science 2026-04-30 Domenico Cotroneo , Giuseppe De Rosa , Cristina Improta , Benedetta Gaia Varriale

In recent years, defect prediction has received a great deal of attention in the empirical software engineering world. Predicting software defects before the maintenance phase is very important not only to decrease the maintenance costs but…

Software Engineering · Computer Science 2018-08-31 Ahmet Okutan

Phabricator is a modern code collaboration tool used by popular projects like FreeBSD and Mozilla. However, unlike the other well-known code review environments, such as Gerrit or GitHub, there is no readily accessible public code review…

Software Engineering · Computer Science 2022-12-01 Gunnar Kudrjavets , Nachiappan Nagappan , Ayushi Rastogi

Python applications depend on third-party native libraries that may be vendored within package distributions or installed on the host system. When vulnerabilities are discovered in these native libraries, determining which Python packages…

The popularity of open-source software (OSS) projects has grown significantly over the last few years with more organizations relying on them. As these projects become larger, the need for higher quality also increases. DevOps practices…