English
Related papers

Related papers: Do Developers Depend on Deprecated Library Version…

200 papers

Automated detection of software vulnerabilities remains a critical challenge in software security. Log4j is an industrial-grade Java logging framework listed as one of the top 100 critical open source projects. On Dec. 10, 2021 a severe…

Software Engineering · Computer Science 2026-01-05 Victor Wen , Zedong Peng

The realm of technology frequently confronts threats posed by adversaries exploiting loopholes in programs. Among these, the Log4Shell vulnerability in the Log4j library stands out due to its widespread impact. Log4j, a prevalent software…

Cryptography and Security · Computer Science 2025-01-30 John Doll , Carson McCarthy , Hannah McDougall , Suman Bhunia

The Log4j-Core vulnerability, known as Log4Shell, exposed significant challenges to dependency management in software ecosystems. When a critical vulnerability is disclosed, it is imperative that dependent packages quickly adopt patched…

Although using third-party libraries has become prevalent in contemporary software development, developers often struggle to update their dependencies. Prior works acknowledge that due to the migration effort, priority and other issues…

Software Engineering · Computer Science 2024-07-08 Vittunyuta Maeprasart , Ali Ouni , Raula Gaikovina Kula

Third-party libraries are a central building block to develop software systems. However, outdated third-party libraries are commonly used, and developers are usually less aware of the potential risks. Therefore, a quantitative and holistic…

Software Engineering · Computer Science 2020-02-26 Ying Wang , Bihuan Chen , Kaifeng Huang , Bowen Shi , Congying Xu , Xin Peng , Yang Liu , Yijian Wu

Third-party library reuse has become common practice in contemporary software development, as it includes several benefits for developers. Library dependencies are constantly evolving, with newly added features and patches that fix bugs in…

Software Engineering · Computer Science 2017-09-15 Raula Gaikovina Kula , Daniel M. German , Ali Ouni , Takashi Ishio , Katsuro Inoue

Reusing third-party libraries increases productivity and saves time and costs for developers. However, the downside is the presence of vulnerabilities in those libraries, which can lead to catastrophic outcomes. For instance, Apache Log4J…

Software Engineering · Computer Science 2024-11-20 Yi Wen Heng , Zeyang Ma , Haoxiang Zhang , Zhenhao Li , Tse-Hsun , Chen

Logging is a significant programming practice. Due to the highly transactional nature of modern software applications, massive amount of logs are generated every day, which may overwhelm developers. Logging information overload can be…

Software Engineering · Computer Science 2022-07-20 Yiming Tang , Allan Spektor , Raffi Khatchadourian , Mehdi Bagherzadeh

With an ever-increasing amount of open source software, the popularity of services like GitHub that facilitate code reuse, and common misconceptions about the licensing of open source software, the problem of license violations in the code…

Software Engineering · Computer Science 2020-07-07 Yaroslav Golubev , Maria Eliseeva , Nikita Povarov , Timofey Bryksin

Software libraries are central to the functionality, security, and maintainability of modern code. As developers increasingly turn to Large Language Models (LLMs) to assist with programming tasks, understanding how these models recommend…

Software Engineering · Computer Science 2025-08-08 Jasmine Latendresse , SayedHassan Khatoonabadi , Emad Shihab

Migration guides are a form of software documentation that helps developers address breaking changes introduced in library version updates. Prior studies have examined documents such as release notes, API reference manuals, and patch notes.…

Software Engineering · Computer Science 2026-05-20 Takahiro Monno , Kazumasa Shimari , Tetsuya Kanda , Kazuma Yamasaki , Kenichi Matsumoto

Open-source libraries are widely used by software developers to speed up the development of products, however, they can introduce security vulnerabilities, leading to incidents like Log4Shell. With the expanding usage of open-source…

The critical remote-code-execution (RCE) Log4Shell is a severe vulnerability that was disclosed to the public on December 10, 2021. It exploits a bug in the wide-spread Log4j library. Any service that uses the library and exposes an…

Cryptography and Security · Computer Science 2022-06-08 Raphael Hiesgen , Marcin Nawrocki , Thomas C. Schmidt , Matthias Wählisch

Logging -- used for system events and security breaches to describe more informational yet essential aspects of software features -- is pervasive. Given the high transactionality of today's software, logging effectiveness can be reduced by…

Software Engineering · Computer Science 2022-07-20 Yiming Tang , Allan Spektor , Raffi Khatchadourian , Mehdi Bagherzadeh

Logging plays a crucial role in software engineering because it is key to perform various tasks including debugging, performance analysis, and detection of anomalies. Despite the importance of log data, the practice of logging still suffers…

Software Engineering · Computer Science 2022-08-16 Keyur Patel , Joao Faccin , Abdelwahab Hamou-Lhadj , Ingrid Nunes

Logging is a common practice in traditional software development. Several research works have been done to investigate the different characteristics of logging practices in traditional software systems (e.g., Android applications, JAVA…

Software Engineering · Computer Science 2023-01-12 Patrick Loic Foalem , Foutse Khomh , Heng Li

Java platform and third-party libraries provide various security features to facilitate secure coding. However, misusing these features can cost tremendous time and effort of developers or cause security vulnerabilities in software. Prior…

Cryptography and Security · Computer Science 2017-09-29 Na Meng , Stefan Nagy , Daphne Yao , Wenjie Zhuang , Gustavo Arango Argoty

The rapid and widespread adoption of Java has created a demand for reliable and reusable mathematical software components to support the growing number of compute-intensive applications now under development, particularly in science and…

Mathematical Software · Computer Science 2007-05-23 Ronald F. Boisvert , Jack J. Dongarra , Roldan Pozo , Karin Remington , G. W. Stewart

The 2019 edition of Stack Overflow developer survey highlights that, for the first time, Python outperformed Java in terms of popularity. The gap between Python and Java further widened in the 2020 edition of the survey. Unfortunately,…

Logging statements are central to debugging, failure diagnosis, and production observability, yet writing them requires developers to decide where to place a logging statement, which API and severity level to use, and what runtime…

Software Engineering · Computer Science 2026-04-21 Renyi Zhong , Yichen Li , Yulun Wu , Jinxi Kuang , Yintong Huo , Michael R. Lyu
‹ Prev 1 2 3 10 Next ›