English
Related papers

Related papers: Dependency Update Adoption Patterns in the Maven S…

200 papers

As modern software development increasingly relies on reusable libraries and components, managing dependencies has become critical for ensuring software stability and security. However, challenges such as outdated dependencies, missed…

Software Engineering · Computer Science 2025-04-01 Barisha Chowdhury , Md Fazle Rabbi , S. M. Mahedy Hasan , Minhaz F. Zibran

This study investigates the software vulnerability resolution time in the Maven ecosystem, focusing on the influence of CVE severity, library popularity as measured by the number of dependents, and version release frequency. The results…

Software Engineering · Computer Science 2025-04-01 Md Fazle Rabbi , Arifa Islam Champa , Rajshakhar Paul , Minhaz F. Zibran

Software ecosystems rely on centralized package registries, such as Maven, to enable code reuse and collaboration. However, the interconnected nature of these ecosystems amplifies the risks posed by security vulnerabilities in direct and…

Software Engineering · Computer Science 2025-02-18 Corey Yang-Smith , Ahmad Abdellatif

Vulnerabilities in software libraries and reusable components cause major security challenges, particularly in dependency-heavy ecosystems such as Maven. This paper presents a large-scale analysis of vulnerabilities in the Maven ecosystem…

Software Engineering · Computer Science 2025-03-31 Md Fazle Rabbi , Rajshakhar Paul , Arifa Islam Champa , Minhaz F. Zibran

The widespread use of package managers like Maven has accelerated software development but has also introduced significant security risks due to vulnerabilities in dependencies. In this study, we analyze the prevalence and impact of…

Software Engineering · Computer Science 2025-04-08 Ehtisham Ul Haq , Song Wang , Robert S. Allison

Modern software systems rely on dependency networks of reusable libraries, where breaking changes propagate and cause downstream consumers to fail. Despite growing research across ecosystems, no comprehensive synthesis exists. We conduct a…

Software Engineering · Computer Science 2026-05-26 Juntao Chen , Tingting Bi , Yanlin Wang , Patanamon Thongtanunam

This study investigates vulnerabilities within the Maven ecosystem by analyzing a comprehensive dataset of 14,459,139 releases. Our analysis reveals the most critical weaknesses that pose significant threats to developers and their projects…

Software Engineering · Computer Science 2025-03-31 Costain Nachuma , Md Mosharaf Hossan , Asif Kamal Turzo , Minhaz F. Zibran

Reusing software libraries is a pillar of modern software engineering. In 2022, the average Java application depends on 40 third-party libraries. Relying on such libraries exposes a project to potential vulnerabilities and may put an…

Software Engineering · Computer Science 2023-01-20 Amir M. Mir , Mehdi Keshani , Sebastian Proksch

Managing project dependencies is a key maintenance issue in software development. Developers need to choose an update strategy that allows them to receive important updates and fixes while protecting them from breaking changes. Semantic…

Software Engineering · Computer Science 2023-05-26 Abbas Javan Jafari , Diego Elias Costa , Emad Shihab , Rabe Abdalkareem

Library dependencies in software ecosystems play a crucial role in the development of software. As newer releases of these libraries are published, developers may opt to pin their dependencies to a particular version. While pinning may have…

Software Engineering · Computer Science 2025-12-22 Vasudev Vikram , Yuvraj Agarwal , Rohan Padhye

Understanding the structural characteristics and connectivity patterns of large-scale software ecosystems is critical for enhancing software reuse, improving ecosystem resilience, and mitigating security risks. In this paper, we investigate…

Software Engineering · Computer Science 2025-08-20 Daniel Ogenrwot , John Businge , Shaikh Arifuzzaman

In modern software ecosystems, dependency management plays a critical role in ensuring secure and maintainable applications. However, understanding the relationship between release practices and their impact on vulnerabilities and update…

Software Engineering · Computer Science 2025-04-01 Md Shafiullah Shafin , Md Fazle Rabbi , S. M. Mahedy Hasan , Minhaz F. Zibran

Vulnerabilities from third-party libraries (TPLs) have been unveiled to threaten the Maven ecosystem. Despite patches being released promptly after vulnerabilities are disclosed, the libraries and applications in the community still use the…

Software Engineering · Computer Science 2023-08-08 Lyuye Zhang , Chengwei Liu , Sen Chen , Zhengzi Xu , Lingling Fan , Lida Zhao , Yiran Zhang , Yang Liu

Modern software development relies on package ecosystems where a single declared dependency can pull in many additional transitive packages. This dependency amplification, defined as the ratio of transitive to direct dependencies, has major…

Software Engineering · Computer Science 2025-12-18 Jahidul Arafat

Nearly every popular programming language comes with one or more package managers. The software packages distributed by such package managers form large software ecosystems. These packaging ecosystems contain a large number of package…

Software Engineering · Computer Science 2017-10-16 Alexandre Decan , Tom Mens , Philippe Grosjean

The modern software development landscape heavily relies on transitive dependencies. They enable seamless integration of third-party libraries. However, they also introduce security challenges. Transitive vulnerabilities that arise from…

Software Engineering · Computer Science 2025-04-08 Piotr Przymus , Mikołaj Fejzer , Jakub Narębski , Krzysztof Rykaczewski , Krzysztof Stencel

Existing innovation metrics inadequately capture software innovation, creating blind spots for researchers and policymakers seeking to understand and foster technological innovation in an increasingly software-defined economy. This paper…

Software Engineering · Computer Science 2025-07-01 Eva Maxfield Brown , Cailean Osborne , Peter Cihon , Moritz Böhmecke-Schwafert , Kevin Xu , Mirko Boehm , Knut Blind

The NPM package repository contains over two million packages and serves tens of billions of downloads per-week. Nearly every single JavaScript application uses the NPM package manager to install packages from the NPM repository. NPM relies…

Software Engineering · Computer Science 2023-04-04 Donald Pinckney , Federico Cassano , Arjun Guha , Jonathan Bell

Popular (re)use of third-party open-source software (OSS) is evidence of the impact of hosting repositories like maven on software development today. Updating libraries is crucial, with recent studies highlighting the associated…

Software Engineering · Computer Science 2017-09-15 Raula Gaikovina Kula , Coen De Roover , Daniel M. German , Takashi Ishio , Katsuro Inoue

The Log4j-Core vulnerability, known as Log4Shell, exposed significant challenges to dependency management in software ecosystems. When a critical vulnerability is disclosed, it is imperative that dependent packages quickly adopt patched…

‹ Prev 1 2 3 10 Next ›