English
Related papers

Related papers: Automatic Diversity in the Software Supply Chain

200 papers

JSON is an essential file and data format in do-mains that span scientific computing, web APIs or configuration management. Its popularity has motivated significant software development effort to build multiple libraries to process JSON…

Software Engineering · Computer Science 2021-08-30 Nicolas Harrand , Thomas Durieux , David Broman , Benoit Baudry

Modern software systems are increasingly dependent on third-party libraries. It is widely recognized that using mature and well-tested third-party libraries can improve developers' productivity, reduce time-to-market, and produce more…

Software Engineering · Computer Science 2016-12-07 Mohamed Aymen Saied , Ali Ouni , Houari Sahraoui , Raula Gaikovina Kula , Katsuro Inoue , David Lo

A multitude of agent-oriented software engineering frameworks exist, most of which are developed by the academic multi-agent systems community. However, these frameworks often impose programming paradigms on their users that are challenging…

Multiagent Systems · Computer Science 2020-03-11 Timotheus Kampik , Juan Carlos Nieves

The widespread dependency on open-source software makes it a fruitful target for malicious actors, as demonstrated by recurring attacks. The complexity of today's open-source supply chains results in a significant attack surface, giving…

Cryptography and Security · Computer Science 2023-07-19 Piergiorgio Ladisa , Henrik Plate , Matias Martinez , Olivier Barais

Software intensively depends on external libraries whose relevance may change during its life cycle. As a consequence, software developers must periodically reconsider the libraries they depend on, and must think about \textit{library…

Software Engineering · Computer Science 2013-06-27 Cédric Teyton , Jean-Rémy Falleri , Marc Palyart , Xavier Blanc

Using libraries in applications has helped developers reduce the costs of reinventing already existing code. However, an increase in diverse technology stacks and third-party library usage has led developers to inevitably switch…

Software Engineering · Computer Science 2023-03-17 Kanchanok Kannee , Raula Gaikovina Kula , Supatsara Wattanakriengkrai , Kenichi Matsumoto

As a mixed result of intensive dependency on third-party libraries, flexible mechanism to declare dependencies, and increased number of modules in a project, multiple versions of the same third-party library are directly depended in…

Software Engineering · Computer Science 2020-02-26 Kaifeng Huang , Bihuan Chen , Bowen Shi , Ying Wang , Congying Xu , Xin Peng

Third-party libraries are essential in software development as they prevent the need for developers to recreate existing functionalities. However, vulnerabilities within these libraries pose significant risks to dependent projects.…

Software Engineering · Computer Science 2025-04-01 Zirui Chen , Xing Hu , Puhua Sun , Xin Xia , Xiaohu Yang

Web developers routinely rely on third-party Java-Script libraries such as jQuery to enhance the functionality of their sites. However, if not properly maintained, such dependencies can create attack vectors allowing a site to be…

Cryptography and Security · Computer Science 2020-02-17 Tobias Lauinger , Abdelberi Chaabane , Sajjad Arshad , William Robertson , Christo Wilson , Engin Kirda

Modern software systems rely on dependency networks of reusable libraries, where breaking changes propagate and cause downstream consumers to fail. Despite growing research across ecosystems, no comprehensive synthesis exists. We conduct a…

Software Engineering · Computer Science 2026-05-26 Juntao Chen , Tingting Bi , Yanlin Wang , Patanamon Thongtanunam

Third-party libraries like Log4j accelerate software application development but introduce substantial risk. Vulnerabilities in these libraries have led to Software Supply Chain (SSC) attacks that compromised resources within the host…

Cryptography and Security · Computer Science 2024-12-23 Paschal C. Amusuo , Kyle A. Robinson , Tanmay Singla , Huiyun Peng , Aravind Machiry , Santiago Torres-Arias , Laurent Simon , James C. Davis

Third-party libraries are a central building block to develop software systems. However, outdated third-party libraries are commonly used, and developers are usually less aware of the potential risks. Therefore, a quantitative and holistic…

Software Engineering · Computer Science 2020-02-26 Ying Wang , Bihuan Chen , Kaifeng Huang , Bowen Shi , Congying Xu , Xin Peng , Yang Liu , Yijian Wu

While new technologies emerge, human errors always looming. Software supply chain is increasingly complex and intertwined, the security of a service has become paramount to ensuring the integrity of products, safeguarding data privacy, and…

Cryptography and Security · Computer Science 2025-01-22 Vasileios Alevizos , George A Papakostas , Akebu Simasiku , Dimitra Malliarou , Antonis Messinis , Sabrina Edralin , Clark Xu , Zongliang Yue

JSON is a widely used format for data exchange between applications. In the Java ecosystem, JSON libraries serve as fundamental toolkits for processing JSON data, powering real-world applications such as web services, Android apps, or data…

Software Engineering · Computer Science 2025-12-05 Sinan Wang , Zhiyuan Zhong , Shaojin Wen , Yepang Liu

A software supply chain attack is characterized by the injection of malicious code into a software package in order to compromise dependent systems further down the chain. Recent years saw a number of supply chain attacks that leverage the…

Cryptography and Security · Computer Science 2020-05-20 Marc Ohm , Henrik Plate , Arnold Sykosch , Michael Meier

An increase in diverse technology stacks and third-party library usage has led developers to inevitably switch technologies. To assist these developers, maintainers have started to release their libraries to multiple technologies, i.e., a…

The migration process between different third-party libraries is hard, complex and error-prone. Typically, during a library migration, developers need to find methods in the new library that are most adequate in replacing the old methods of…

Software Engineering · Computer Science 2019-06-07 Hussein Alrubaye , Mohamed Wiem Mkaouer , Ali Ouni

Java projects frequently rely on package managers such as Maven to manage complex webs of external dependencies. While these tools streamline development, they also introduce subtle risks to the software supply chain. In this paper, we…

Cryptography and Security · Computer Science 2025-10-31 Frank Reyes , Federico Bono , Aman Sharma , Benoit Baudry , Martin Monperrus

Context: Refactoring is recognized as an effective practice to maintain evolving software systems. For software libraries, we study how library developers refactor their Application Programming Interfaces (APIs), especially when it impacts…

Software Engineering · Computer Science 2017-10-02 Raula Gaikovina Kula , Ali Ouni , Daniel M. German , Katsuro Inoue

Modern software development depends on APIs to reuse code and increase productivity. As most software systems, these libraries and frameworks also evolve, which may break existing clients. However, the main reasons to introduce breaking…

Software Engineering · Computer Science 2018-08-09 Aline Brito , Laerte Xavier , Andre Hora , Marco Tulio Valente
‹ Prev 1 2 3 10 Next ›