English
Related papers

Related papers: License Incompatibilities in Software Ecosystems

200 papers

The modern software development landscape heavily relies on transitive dependencies. They enable seamless integration of third-party libraries. However, they also introduce security challenges. Transitive vulnerabilities that arise from…

Software Engineering · Computer Science 2025-04-08 Piotr Przymus , Mikołaj Fejzer , Jakub Narębski , Krzysztof Rykaczewski , Krzysztof Stencel

Background: Modern software uses many third-party libraries and frameworks as dependencies. Known vulnerabilities in these dependencies are a potential security risk. Software composition analysis (SCA) tools, therefore, are being…

Software Engineering · Computer Science 2021-09-02 Nasif Imtiaz , Seaver Thorne , Laurie Williams

Software packages developed and distributed through package managers extensively depend on other packages. These dependencies are regularly updated, for example to add new features, resolve bugs or fix security issues. In order to take full…

Software Engineering · Computer Science 2018-06-14 Alexandre Decan , Tom Mens , Eleni Constantinou

As a mixed result of intensive dependency on third-party libraries, flexible mechanism to declare dependencies, and increased number of modules in a project, multiple versions of the same third-party library are directly depended in…

Software Engineering · Computer Science 2020-02-26 Kaifeng Huang , Bihuan Chen , Bowen Shi , Ying Wang , Congying Xu , Xin Peng

Popular (re)use of third-party open-source software (OSS) is evidence of the impact of hosting repositories like maven on software development today. Updating libraries is crucial, with recent studies highlighting the associated…

Software Engineering · Computer Science 2017-09-15 Raula Gaikovina Kula , Coen De Roover , Daniel M. German , Takashi Ishio , Katsuro Inoue

Distributions of open source software packages dedicated to specific programming languages facilitate software development by allowing software projects to depend on the functionality provided by such reusable packages. The health of a…

Software Engineering · Computer Science 2021-04-13 Alexandre Decan , Tom Mens

BACKGROUND: Vulnerable dependencies are a known problem in today's open-source software ecosystems because OSS libraries are highly interconnected and developers do not always update their dependencies. AIMS: In this paper we aim to present…

Software Engineering · Computer Science 2018-08-30 Ivan Pashchenko , Henrik Plate , Serena Elisa Ponta , Antonino Sabetta , Fabio Massacci

Software libraries are central to the functionality, security, and maintainability of modern code. As developers increasingly turn to Large Language Models (LLMs) to assist with programming tasks, understanding how these models recommend…

Software Engineering · Computer Science 2025-08-08 Jasmine Latendresse , SayedHassan Khatoonabadi , Emad Shihab

To comply with high productivity demands, software developers reuse free open-source software (FOSS) code to avoid reinventing the wheel when incorporating software features. The reliance on FOSS reuse has been shown to improve productivity…

Software Engineering · Computer Science 2025-06-19 Haya Samaana , Diego Elias Costa , Ahmad Abdellatif , Emad Shihab

Security policies, such as SECURITY.md files, are now common in open-source projects. They help guide responsible vulnerability reporting and build trust among users and contributors. Despite their growing use, it is still unclear how these…

Modern software heavily relies on the use of components. Those components are usually published in central repositories, and managed by build systems via dependencies. Due to issues around vulnerabilities, licenses and the propagation of…

Software Engineering · Computer Science 2023-10-11 Jens Dietrich , Shawn Rasheed , Alexander Jordan , Tim White

Open-source software (OSS) has become increasingly more popular across different domains. However, this rapid development and widespread adoption come with a security cost. The growing complexity and openness of OSS ecosystems have led to…

Cryptography and Security · Computer Science 2025-06-17 Seyed Ali Akhavani , Behzad Ousat , Amin Kharraz

Build automation tools and package managers have a profound influence on software development. They facilitate the reuse of third-party libraries, support a clear separation between the application's code and its external dependencies, and…

Software Engineering · Computer Science 2023-05-08 César Soto-Valero , Nicolas Harrand , Martin Monperrus , Benoit Baudry

Modern software systems are expected to be secure and contain all the latest features, even when new versions of software are released multiple times an hour. Each system may include many interacting packages. The problem of installing…

Software Engineering · Computer Science 2018-11-15 Ran Ben Basat , Maayan Goldstein , Itai Segall

Package managers such as NPM have become essential for software development. The NPM repository hosts over 2 million packages and serves over 43 billion downloads every week. Unfortunately, the NPM dependency solver has several…

Software Engineering · Computer Science 2023-08-25 Donald Pinckney , Federico Cassano , Arjun Guha , Jon Bell , Massimiliano Culpo , Todd Gamblin

The same defect can be rediscovered by multiple clients, causing unplanned outages and leading to reduced customer satisfaction. In the case of popular open source software, high volume of defects is reported on a regular basis. A large…

Software Engineering · Computer Science 2017-06-14 Mefta Sadat , Ayse Basar Bener , Andriy V. Miranskyy

All computer programs have flaws, some of which can be exploited to gain unauthorized access to computer systems. We conducted a field study on publicly reported vulnerabilities affecting three open source software projects in widespread…

Software Engineering · Computer Science 2019-12-05 Raul Barbosa , Frederico Cerveira , Luis Goncalo , Henrique Madeira

The paper presents a traceability analysis of how over 84 thousand vulnerabilities have propagated across 28 open source software ecosystems. According to the results, the propagation sequences have been complex in general, although GitHub,…

Software Engineering · Computer Science 2025-09-17 Jukka Ruohonen , Qusai Ramadan

The widespread adoption of open source libraries and frameworks can be attributed to their licensing. Open Source Software Licenses (OSS licenses) ensure that software can be sold or distributed as part of aggregate programs from various…

Software Engineering · Computer Science 2025-06-03 Raula Gaikovina Kula , Brittany Anne Reid , Christoph Treude

Developers rely on third-party library Application Programming Interfaces (APIs) when developing software. However, libraries typically come with assumptions and API usage constraints, whose violation results in API misuse. API misuses may…

Software Engineering · Computer Science 2026-04-17 Akalanka Galappaththi , Sarah Nadi , Christoph Treude
‹ Prev 1 3 4 5 6 7 10 Next ›