English

Towards Measuring Vulnerabilities and Exposures in Open-Source Packages

Software Engineering 2023-05-10 v2 Cryptography and Security

Abstract

Much of the current software depends on open-source components, which in turn have complex dependencies on other open-source libraries. Vulnerabilities in open source therefore have potentially huge impacts. The goal of this work is to get a quantitative overview of the frequency and evolution of existing vulnerabilities in popular software repositories and package managers. To this end, we provide an up-to-date overview of the open source landscape and its most popular package managers, we discuss approaches to map entries of the Common Vulnerabilities and Exposures (CVE) list to open-source libraries and we show the frequency and distribution of existing CVE entries with respect to popular programming languages.

Keywords

Cite

@article{arxiv.2206.14527,
  title  = {Towards Measuring Vulnerabilities and Exposures in Open-Source Packages},
  author = {Tobias Dam and Sebastian Neumaier},
  journal= {arXiv preprint arXiv:2206.14527},
  year   = {2023}
}
R2 v1 2026-06-24T12:08:05.233Z