English
Related papers

Related papers: Towards Understanding Third-party Library Dependen…

200 papers

Python applications depend on third-party native libraries that may be vendored within package distributions or installed on the host system. When vulnerabilities are discovered in these native libraries, determining which Python packages…

Open source software ecosystems consist of thousands of interdependent libraries, which users can combine to great effect. Recent work has pointed out two kinds of risks in these systems: that technical problems like bugs and…

Software Engineering · Computer Science 2022-05-11 William Schueller , Johannes Wachs

The privacy of personal information has received significant attention in mobile software. Although previous researchers have designed some methods to identify the conflict between app behavior and privacy policies, little is known about…

Software Engineering · Computer Science 2023-09-12 Kaifa Zhao , Xian Zhan , Le Yu , Shiyao Zhou , Hao Zhou , Xiapu Luo , Haoyu Wang , Yepang Liu

Applications depend on libraries to avoid reinventing the wheel. Libraries may have incompatible changes during evolving. As a result, applications will suffer from compatibility failures. There has been much research on addressing…

Software Engineering · Computer Science 2021-02-18 Zhouyang Jia , Shanshan Li , Tingting Yu , Chen Zeng , Erci Xu , Xiaodong Liu , Ji Wang , Xiangke Liao

While open-source software has enabled significant levels of reuse to speed up software development, it has also given rise to the dreadful dependency hell that all software practitioners face on a regular basis. This article provides a…

Software Engineering · Computer Science 2024-11-21 Tom Mens , Alexandre Decan

For library developers, understanding how their Application Programming Interfaces (APIs) are used in the field can be invaluable. Knowing how clients are using their APIs allows for data-driven decisions on prioritising bug reports,…

Software Engineering · Computer Science 2025-06-16 Ahmed Zaki , Cristian Cadar

Relying on dependency packages accelerates software development, but it also increases the exposure to security vulnerabilities that may be present in dependencies. While developers have full control over which dependency packages (and…

Software Engineering · Computer Science 2023-10-13 Abbas Javan Jafari , Diego Elias Costa , Ahmad Abdellatif , Emad Shihab

Developers usually use TPLs to facilitate the development of the projects to avoid reinventing the wheels, however, the vulnerable TPLs indeed cause severe security threats. The majority of existing research only considered whether projects…

Software Engineering · Computer Science 2024-09-05 Fangyuan Zhang , Lingling Fan , Sen Chen , Miaoying Cai , Sihan Xu , Lida Zhao

The popularity of JavaScript has lead to a large ecosystem of third-party packages available via the npm software package registry. The open nature of npm has boosted its growth, providing over 800,000 free and reusable software packages.…

Cryptography and Security · Computer Science 2019-06-10 Markus Zimmermann , Cristian-Alexandru Staicu , Cam Tenny , Michael Pradel

Software development comprises the use of multiple Third-Party Libraries (TPLs). However, the irrelevant libraries present in software application's distributable often lead to excessive consumption of resources such as CPU cycles, memory,…

Software Engineering · Computer Science 2022-02-23 Ritu Kapur , Poojith U Rao , Agrim Dewan , Balwinder Sodhi

Third-party libraries (TPLs) are reused frequently in software applications for reducing development cost. However, they could introduce security risks as well. Many TPL detection methods have been proposed to detect TPL reuse in Android…

Cryptography and Security · Computer Science 2022-04-22 Wei Tang , Yanlin Wang , Hongyu Zhang , Shi Han , Ping Luo , Dongmei Zhang

We present the C++ library CppSs (C++ super-scalar), which provides efficient task-parallelism without the need for special compilers or other software. Any C++ compiler that supports C++11 is sufficient. CppSs features different…

Distributed, Parallel, and Cluster Computing · Computer Science 2015-02-27 Steffen Brinkmann , Jose Gracia

With the rapid growth of software, using third-party libraries (TPLs) has become increasingly popular. The prosperity of the library usage has provided the software engineers with handful of methods to facilitate and boost the program…

Software Engineering · Computer Science 2022-04-19 Can Yang , Zhengzi Xu , Hongxu Chen , Yang Liu , Xiaorui Gong , Baoxu Liu

Third-party Python libraries introduce dependency management overhead, supply chain risk, and deployment friction in constrained environments. A natural question is how much of this ecosystem can be replicated using only Python's standard…

Software Engineering · Computer Science 2026-05-21 Peng Ding , Rick Stevens

Open-source software (OSS) supply chain security has become a topic of concern for organizations. Patching an OSS vulnerability can require updating other dependent software products in addition to the original package. However, the…

Software Engineering · Computer Science 2024-04-19 Cadence Patrick , Kimberly Ruth , Zakir Durumeric

Modern software systems have transitioned from purely code-based architectures to AI-integrated systems where pre-trained models (PTMs) serve as permanent dependencies. However, while the evolution of traditional software libraries is…

Software Engineering · Computer Science 2026-04-21 Peerachai Banyongrakkul , Mansooreh Zahedi , Christoph Treude , Haoyu Gao , Patanamon Thongtanunam

We propose a system, named ATVHunter, which can pinpoint the precise vulnerable in-app TPL versions and provide detailed information about the vulnerabilities and TPLs. We propose a two-phase detection approach to identify specific TPL…

Software Engineering · Computer Science 2021-11-09 Xian Zhan , Lingling Fan , Sen Chen , Feng Wu , Tianming Liu , Xiapu Luo , Yang Liu

Build automation tools and package managers have a profound influence on software development. They facilitate the reuse of third-party libraries, support a clear separation between the application's code and its external dependencies, and…

Software Engineering · Computer Science 2023-05-08 César Soto-Valero , Nicolas Harrand , Martin Monperrus , Benoit Baudry

Scripting languages are continuously gaining popularity due to their ease of use and the flourishing software ecosystems that surround them. These languages offer crash and memory safety by design, thus, developers do not need to understand…

Cryptography and Security · Computer Science 2023-02-06 Cristian-Alexandru Staicu , Sazzadur Rahaman , Ágnes Kiss , Michael Backes

The risk to using third-party libraries in a software application is that much needed maintenance is solely carried out by library maintainers. These libraries may rely on a core team of maintainers (who might be a single maintainer that is…