English
Related papers

Related papers: Minimizing Breaking Changes and Redundancy in Miti…

200 papers

Library reuse is a widely adopted practice in software development, however, re-used libraries are not always up-to-date, thus including unnecessary bugs or vulnerabilities. Brutely upgrading libraries to the latest versions is not feasible…

Software Engineering · Computer Science 2025-04-03 Rui Lu

Applications depend on libraries to avoid reinventing the wheel. Libraries may have incompatible changes during evolving. As a result, applications will suffer from compatibility failures. There has been much research on addressing…

Software Engineering · Computer Science 2021-02-18 Zhouyang Jia , Shanshan Li , Tingting Yu , Chen Zeng , Erci Xu , Xiaodong Liu , Ji Wang , Xiangke Liao

The Log4j-Core vulnerability, known as Log4Shell, exposed significant challenges to dependency management in software ecosystems. When a critical vulnerability is disclosed, it is imperative that dependent packages quickly adopt patched…

Software applications integrate more and more open-source software (OSS) to benefit from code reuse. As a drawback, each vulnerability discovered in bundled OSS potentially affects the application. Upon the disclosure of every new…

Cryptography and Security · Computer Science 2025-03-18 Henrik Plate , Serena Elisa Ponta , Antonino Sabetta

Modern software systems heavily rely on external libraries developed by third-parties to ensure efficient development. However, frequent library upgrades can lead to compatibility issues between the libraries and their client systems. In…

Software Engineering · Computer Science 2023-05-16 Xiufeng Xu , Chenguang Zhu , Yi Li

Popular (re)use of third-party open-source software (OSS) is evidence of the impact of hosting repositories like maven on software development today. Updating libraries is crucial, with recent studies highlighting the associated…

Software Engineering · Computer Science 2017-09-15 Raula Gaikovina Kula , Coen De Roover , Daniel M. German , Takashi Ishio , Katsuro Inoue

BACKGROUND: Vulnerable dependencies are a known problem in today's open-source software ecosystems because OSS libraries are highly interconnected and developers do not always update their dependencies. AIMS: In this paper we aim to present…

Software Engineering · Computer Science 2018-08-30 Ivan Pashchenko , Henrik Plate , Serena Elisa Ponta , Antonino Sabetta , Fabio Massacci

Context: Technical lag accumulates when software systems fail to keep pace with technological advancements, leading to a deterioration in software quality. Objective: This paper aims to consolidate existing research on technical lag,…

Software Engineering · Computer Science 2026-01-21 Shane K. Panter , Nasir U. Eisty

Third-party libraries are a central building block to develop software systems. However, outdated third-party libraries are commonly used, and developers are usually less aware of the potential risks. Therefore, a quantitative and holistic…

Software Engineering · Computer Science 2020-02-26 Ying Wang , Bihuan Chen , Kaifeng Huang , Bowen Shi , Congying Xu , Xin Peng , Yang Liu , Yijian Wu

Dynamic software updating (DSU) is an extremely useful feature to be used during the software evolution. It can be used to reduce downtime costs, for security enhancements, profiling and testing the new functionalities. There are many…

Software Engineering · Computer Science 2025-06-03 Danijel Mlinaric , Vedran Mornar

Developers are increasingly using services such as Dependabot to automate dependency updates. However, recent research has shown that developers perceive such services as unreliable, as they heavily rely on test coverage to detect conflicts…

Software Engineering · Computer Science 2021-09-27 Joseph Hejderup , Georgios Gousios

Open-source libraries are widely used by software developers to speed up the development of products, however, they can introduce security vulnerabilities, leading to incidents like Log4Shell. With the expanding usage of open-source…

Application Programming Interfaces (APIs) facilitate the integration of third-party dependencies within the code of client applications. However, changes to an API, such as deprecation, modification of parameter names or types, or complete…

Software Engineering · Computer Science 2026-04-14 Frank Reyes , May Mahmoud , Federico Bono , Sarah Nadi , Benoit Baudry , Martin Monperrus

Software packages developed and distributed through package managers extensively depend on other packages. These dependencies are regularly updated, for example to add new features, resolve bugs or fix security issues. In order to take full…

Software Engineering · Computer Science 2018-06-14 Alexandre Decan , Tom Mens , Eleni Constantinou

Third-party library reuse has become common practice in contemporary software development, as it includes several benefits for developers. Library dependencies are constantly evolving, with newly added features and patches that fix bugs in…

Software Engineering · Computer Science 2017-09-15 Raula Gaikovina Kula , Daniel M. German , Ali Ouni , Takashi Ishio , Katsuro Inoue

Open source software (OSS) licenses regulate the conditions under which OSS can be legally reused, distributed, and modified. However, a common issue arises when incorporating third-party OSS accompanied with licenses, i.e., license…

Software Engineering · Computer Science 2023-06-27 Sihan Xu , Ya Gao , Lingling Fan , Linyu Li , Xiangrui Cai , Zheli Liu

Bug-fix benchmarks are essential for evaluating methodologies in automatic program repair (APR) and fault localization (FL). However, existing benchmarks, exemplified by Defects4J, need to evolve to incorporate recent bug-fixes aligned with…

Software Engineering · Computer Science 2024-11-04 André Silva , Nuno Saavedra , Martin Monperrus

Context: Open-source ecosystems rely on sustained package maintenance. When maintenance slows or stops, Technical Lag (TL), the gap between installed and latest dependency versions accumulates, creating security and sustainability risks.…

Software Engineering · Computer Science 2026-03-12 Shane K. Panter , Nasir U. Eisty

Industrial applications heavily integrate open-source software libraries nowadays. Beyond the benefits that libraries bring, they can also impose a real threat in case a library is affected by a vulnerability but its community is not active…

Software Engineering · Computer Science 2025-04-24 Alexandros Tsakpinis

Modifications to open-source software (OSS) are often provided in the form of "patch stacks" - sets of changes (patches) that modify a given body of source code. Maintaining patch stacks over extended periods of time is problematic when the…

Software Engineering · Computer Science 2020-09-03 Ralf Ramsauer , Daniel Lohmann , Wolfgang Mauerer
‹ Prev 1 2 3 10 Next ›