English
Related papers

Related papers: How Quickly Do Development Teams Update Their Vuln…

200 papers

Relying on dependency packages accelerates software development, but it also increases the exposure to security vulnerabilities that may be present in dependencies. While developers have full control over which dependency packages (and…

Software Engineering · Computer Science 2023-10-13 Abbas Javan Jafari , Diego Elias Costa , Ahmad Abdellatif , Emad Shihab

Third-party library reuse has become common practice in contemporary software development, as it includes several benefits for developers. Library dependencies are constantly evolving, with newly added features and patches that fix bugs in…

Software Engineering · Computer Science 2017-09-15 Raula Gaikovina Kula , Daniel M. German , Ali Ouni , Takashi Ishio , Katsuro Inoue

As modern software extensively uses free open source packages as dependencies, developers have to regularly pull in new third-party code through frequent updates. However, without a proper review of every incoming change, vulnerable and…

Software Engineering · Computer Science 2022-11-08 Nasif Imtiaz , Laurie Williams

Developers rely on open-source packages and must review dependencies to safeguard against vulnerable or malicious upstream code. A careful review of all dependencies changes often does not occur in practice. Therefore, developers need…

Software Engineering · Computer Science 2025-07-24 Sivana Hamer , Nasif Imtiaz , Mahzabin Tamanna , Preya Shabrina , Laurie Williams

Managing project dependencies is a key maintenance issue in software development. Developers need to choose an update strategy that allows them to receive important updates and fixes while protecting them from breaking changes. Semantic…

Software Engineering · Computer Science 2023-05-26 Abbas Javan Jafari , Diego Elias Costa , Emad Shihab , Rabe Abdalkareem

Modern software systems have transitioned from purely code-based architectures to AI-integrated systems where pre-trained models (PTMs) serve as permanent dependencies. However, while the evolution of traditional software libraries is…

Software Engineering · Computer Science 2026-04-21 Peerachai Banyongrakkul , Mansooreh Zahedi , Christoph Treude , Haoyu Gao , Patanamon Thongtanunam

Developers are increasingly using services such as Dependabot to automate dependency updates. However, recent research has shown that developers perceive such services as unreliable, as they heavily rely on test coverage to detect conflicts…

Software Engineering · Computer Science 2021-09-27 Joseph Hejderup , Georgios Gousios

Practitioners often struggle with the overwhelming number of security practices outlined in cybersecurity frameworks for risk mitigation. Given the limited budget, time, and resources, practitioners want to prioritize the adoption of…

Software Engineering · Computer Science 2025-08-05 Nusrat Zahan , Imranur Rahman , Laurie Williams

Software packages developed and distributed through package managers extensively depend on other packages. These dependencies are regularly updated, for example to add new features, resolve bugs or fix security issues. In order to take full…

Software Engineering · Computer Science 2018-06-14 Alexandre Decan , Tom Mens , Eleni Constantinou

Security vulnerability in third-party dependencies is a growing concern not only for developers of the affected software, but for the risks it poses to an entire software ecosystem, e.g., Heartbleed vulnerability. Recent studies show that…

Software Engineering · Computer Science 2021-06-24 Bodin Chinthanet , Raula Gaikovina Kula , Shane McIntosh , Takashi Ishio , Akinori Ihara , Kenichi Matsumoto

As software systems grow in complexity, accurately identifying and managing dependencies among changes becomes increasingly critical. For instance, a change that leverages a function must depend on the change that introduces it.…

Software Engineering · Computer Science 2025-08-11 Ali Arabat , Mohammed Sayagh , Jameleddine Hassine

Reusable software components, typically distributed as packages, are a central paradigm of modern software development. The JavaScript ecosystem serves as a prime example, offering millions of packages with their use being promoted as…

Software Engineering · Computer Science 2026-01-26 Ben Swierzy , Marc Ohm , Michael Meier

Complex software systems have a network of dependencies. Developers often configure package managers (e.g., npm) to automatically update dependencies with each publication of new releases containing bug fixes and new features. When a…

Software Engineering · Computer Science 2024-01-24 Daniel Venturini , Filipe Roseiro Cogo , Ivanilton Polato , Marco A Gerosa , Igor Scaliante Wiese

Understanding vulnerability propagation is essential for assessing how vulnerabilities spread across components of a software package. This supports more accurate impact analysis and enhances threat detection and mitigation. In this paper,…

Cryptography and Security · Computer Science 2026-04-21 Michael Robinson , Sajal Halder , Muhammad Ejaz Ahmed , Muhammad Ikram , Seyit Camtepe , Hyoungshick Kim

Dependabot, a popular dependency management tool, includes a compatibility score feature that helps client packages assess the risk of accepting a dependency update by leveraging knowledge from "the crowd". For each dependency update,…

Software Engineering · Computer Science 2024-03-15 Benjamin Rombaut , Filipe R. Cogo , Ahmed E. Hassan

The Log4j-Core vulnerability, known as Log4Shell, exposed significant challenges to dependency management in software ecosystems. When a critical vulnerability is disclosed, it is imperative that dependent packages quickly adopt patched…

Context: Open-source ecosystems rely on sustained package maintenance. When maintenance slows or stops, Technical Lag (TL), the gap between installed and latest dependency versions accumulates, creating security and sustainability risks.…

Software Engineering · Computer Science 2026-03-12 Shane K. Panter , Nasir U. Eisty

Library dependencies in software ecosystems play a crucial role in the development of software. As newer releases of these libraries are published, developers may opt to pin their dependencies to a particular version. While pinning may have…

Software Engineering · Computer Science 2025-12-22 Vasudev Vikram , Yuvraj Agarwal , Rohan Padhye

BACKGROUND: Vulnerable dependencies are a known problem in today's open-source software ecosystems because OSS libraries are highly interconnected and developers do not always update their dependencies. AIMS: In this paper we aim to present…

Software Engineering · Computer Science 2018-08-30 Ivan Pashchenko , Henrik Plate , Serena Elisa Ponta , Antonino Sabetta , Fabio Massacci

Much of the success of modern software development can be attributed to code reuse. The ability to reuse existing functionality via third-party dependencies has enabled massive gains in productivity, but for a long time the dominant…

Software Engineering · Computer Science 2025-10-07 Brittany Anne Reid , Raula Gaikovina Kula
‹ Prev 1 2 3 10 Next ›