English
Related papers

Related papers: What's in a Package? Getting Visibility Into Depen…

200 papers

As modern software extensively uses free open source packages as dependencies, developers have to regularly pull in new third-party code through frequent updates. However, without a proper review of every incoming change, vulnerable and…

Software Engineering · Computer Science 2022-11-08 Nasif Imtiaz , Laurie Williams

Previous research has shown that crypto APIs are hard for developers to understand and difficult for them to use. They consequently rely on unvalidated boilerplate code from online resources where security vulnerabilities are common. We…

Cryptography and Security · Computer Science 2019-08-06 Mohammadreza Hazhirpasand , Mohammad Ghafari , Stefan Krüger , Eric Bodden , Oscar Nierstrasz

This study investigates vulnerabilities within the Maven ecosystem by analyzing a comprehensive dataset of 14,459,139 releases. Our analysis reveals the most critical weaknesses that pose significant threats to developers and their projects…

Software Engineering · Computer Science 2025-03-31 Costain Nachuma , Md Mosharaf Hossan , Asif Kamal Turzo , Minhaz F. Zibran

Python applications depend on third-party native libraries that may be vendored within package distributions or installed on the host system. When vulnerabilities are discovered in these native libraries, determining which Python packages…

It has become common practice for software projects to adopt third-party dependencies. Developers are encouraged to update any outdated dependency to remain safe from potential threats of vulnerabilities. In this study, we present an…

Software Engineering · Computer Science 2022-01-12 Bodin Chinthanet , Raula Gaikovina Kula , Rodrigo Eliza Zapata , Takashi Ishio , Kenichi Matsumoto , Akinori Ihara

Background. In modern software development, the use of external libraries and packages is increasingly prevalent, streamlining the software development process and enabling developers to deploy feature-rich systems with little coding. While…

Software Engineering · Computer Science 2024-12-09 Haya Samaana , Diego Elias Costa , Emad Shihab , Ahmad Abdellatif

Vulnerability detection plays a key role in secure software development. There are many different vulnerability detection tools and techniques to choose from, and insufficient information on which vulnerability detection techniques to use…

Software Engineering · Computer Science 2021-03-10 Sarah Elder

Open-source software (OSS) dependencies introduce systemic risks that are difficult to manage at scale. Existing Software Composition Analysis (SCA) and reachability tools generate severe alert fatigue by treating risk as an intrinsic…

Software Engineering · Computer Science 2026-05-04 Henry Ruckman-Utting , Vrushal Nedungadi , Taiga Okuma , LeTian Wang , Stephen Ehebald , Mohammad A. Tayebi

Open-source software (OSS) is a pillar of modern software development. Its success depends on the dedication of maintainers who work constantly to keep their libraries stable, adapt to changing needs, and support a growing community. Yet,…

Software Engineering · Computer Science 2025-10-20 Rachna Raj , Diego Elias Costa

Open-source software (OSS) dependencies are a dominant component of modern software code bases. Using proven and well-tested OSS components lets developers reduce development time and cost while improving quality. However, heavy reliance on…

Software Engineering · Computer Science 2026-02-02 Stefan Schott , Serena Elisa Ponta , Wolfram Fischer , Jonas Klauke , Eric Bodden

With the increasing popularity of plugin-based software systems, ensuring the security of plugins has become a critical concern. When users install plugins or browse websites with plugins from an untrusted source, how can we be sure that…

Software Engineering · Computer Science 2024-05-14 Naisheng Liang , Alex Potanin

Component-based systems often describe context requirements in terms of explicit inter-component dependencies. Studying large instances of such systems?such as free and open source software (FOSS) distributions?in terms of declared…

Software Engineering · Computer Science 2009-05-27 Pietro Abate , Jaap Boender , Roberto Di Cosmo , Stefano Zacchiroli

Modern software systems are expected to be secure and contain all the latest features, even when new versions of software are released multiple times an hour. Each system may include many interacting packages. The problem of installing…

Software Engineering · Computer Science 2018-11-15 Ran Ben Basat , Maayan Goldstein , Itai Segall

Software systems have grown as an indispensable commodity used across various industries, and almost all essential services depend on them for effective operation. The software is no longer an independent or stand-alone piece of code…

Software Engineering · Computer Science 2025-05-29 Ritwik Murali , Akash Ravi

Large language models (LLMs) have developed rapidly in recent years, revolutionizing various fields. Despite their widespread success, LLMs heavily rely on external code dependencies from package management systems, creating a complex and…

Cryptography and Security · Computer Science 2025-09-01 Shuhan Liu , Xing Hu , Xin Xia , David Lo , Xiaohu Yang

Automated third-party library analysis tools help developers by addressing key dependency management challenges, such as automating version updates, detecting vulnerabilities, and detecting breaking updates. Dependency reachability analysis…

Software Engineering · Computer Science 2026-04-23 Yogya Gamage , Meriem Ben Chaaben , Martin Monperrus , Benoit Baudry

The Maven Central ecosystem forms the backbone of Java dependency management, hosting artifacts that vary significantly in their adoption, security, and ecosystem roles. Artifact reuse is fundamental in software development, with ecosystems…

Software Engineering · Computer Science 2025-04-17 Mehedi Hasan Shanto , Muhammad Asaduzzaman , Manishankar Mondal , Shaiful Chowdhury

Programmers use security APIs to embed security into the applications they develop. Security vulnerabilities get introduced into those applications, due to the usability issues that exist in the security APIs. Improving usability of…

Cryptography and Security · Computer Science 2017-03-30 Chamila Wijayarathna , Nalin A. G. Arachchilage , Jill Slay

Modern software systems heavily rely on third-party dependencies, making software supply chain security a critical concern. We introduce the concept of software supply chain smells as structural indicators that signal potential security…

Software Engineering · Computer Science 2026-03-31 Larissa Schmid , Diogo Gaspar , Raphina Liu , Sofia Bobadilla , Benoit Baudry , Martin Monperrus

Developers rely on open-source packages and must review dependencies to safeguard against vulnerable or malicious upstream code. A careful review of all dependencies changes often does not occur in practice. Therefore, developers need…

Software Engineering · Computer Science 2025-07-24 Sivana Hamer , Nasif Imtiaz , Mahzabin Tamanna , Preya Shabrina , Laurie Williams