Related papers: Cargo Ecosystem Dependency-Vulnerability Knowledge…
The study of network robustness is a critical tool in the characterization and sense making of complex interconnected systems such as infrastructure, communication and social networks. While significant research has been conducted in all of…
Cascading failure is a potentially devastating process that spreads on real-world complex networks and can impact the integrity of wide-ranging infrastructures, natural systems, and societal cohesiveness. One of the essential features that…
In finance, leverage is the ratio between assets borrowed from others and one's own assets. A matching situation is present in software: by using free open-source software (FOSS) libraries a developer leverages on other people's code to…
The increased penetration of electrical vehicles (EVs) in the distribution system creates a power system with many small moving batteries. With better charging technologies and market structures, the opportunity of using EVs for reliability…
The increasing need for reducing greenhouse gas emissions and the drive for green cities have promoted the use of electric vehicles due to their environmental benefits. In fact, countries have set their own targets and are offering…
The interest in autonomous vehicles (AVs) for critical missions, including transportation, rescue, surveillance, reconnaissance, and mapping, is growing rapidly due to their significant safety and mobility benefits. AVs consist of complex…
Software supply chain security compromises often stem from cascaded interactions of vulnerabilities, for example, between multiple vulnerable components. Yet, Software Bill of Materials (SBOM)-based pipelines for security analysis typically…
Background: The Node Package Manager (npm) ecosystem plays a vital role in modern software development by providing a vast repository of packages and tools that developers can use to implement their software systems. However, recent…
This paper is motivated by two applications, namely i) generalizations of cuckoo hashing, a computationally simple approach to assigning keys to objects, and ii) load balancing in content distribution networks, where one is interested in…
Although LLMs have shown promising potential in vulnerability detection, this study reveals their limitations in distinguishing between vulnerable and similar-but-benign patched code (only 0.06 - 0.14 accuracy). It shows that LLMs struggle…
With 5394 security certificates of IT products and systems, the Common Criteria for Information Technology Security Evaluation have bred an ecosystem entangled with various kind of relations between the certified products. Yet, the…
Cargo, the software packaging manager of Rust, provides a yank mechanism to support release-level deprecation, which can prevent packages from depending on yanked releases. Most prior studies focused on code-level (i.e., deprecated APIs)…
Background: Widespread use of third-party libraries makes ecosystems like Node Package Manager (npm) critical to modern software development. However, this interconnected chain of dependencies also creates challenges: bugs in one library…
An approach is developed for analyzing computer networks to identify systems and accounts that are at particular risk of compromise by an adversary seeking to move laterally through the network via authentication. The dynamics of the…
In a network, a local disturbance can propagate and eventually cause a substantial part of the system to fail, in cascade events that are easy to conceptualize but extraordinarily difficult to predict. Here, we develop a statistical…
The popularity of JavaScript has lead to a large ecosystem of third-party packages available via the npm software package registry. The open nature of npm has boosted its growth, providing over 800,000 free and reusable software packages.…
Vulnerabilities from third-party libraries (TPLs) have been unveiled to threaten the Maven ecosystem. Despite patches being released promptly after vulnerabilities are disclosed, the libraries and applications in the community still use the…
The problem of reliability of a large distributed system is analyzed via a new mathematical model. A typical framework is a system where a set of files are duplicated on several data servers. When one of these servers breaks down, all…
There is an increasing trend to mine vulnerabilities from software repositories and use machine learning techniques to automatically detect software vulnerabilities. A fundamental but unresolved research question is: how do different…
Throughout computer history, it has been repeatedly demonstrated that critical software vulnerabilities can significantly affect the components involved. In the Free/Libre and Open Source Software (FLOSS) ecosystem, most software is…