中文
相关论文

相关论文: Breaking Changes in Software Ecosystems: A Systema…

200 篇论文

The sustainability of libraries is critical for modern software development, yet many libraries face abandonment, posing significant risks to dependent projects. This study explores the prevalence and patterns of library abandonment in the…

软件工程 · 计算机科学 2025-02-10 Kazi Amit Hasan , Jerin Yasmin , Huizi Hao , Yuan Tian , Safwat Hassan , Steven Ding

Complex software systems have a network of dependencies. Developers often configure package managers (e.g., npm) to automatically update dependencies with each publication of new releases containing bug fixes and new features. When a…

软件工程 · 计算机科学 2024-01-24 Daniel Venturini , Filipe Roseiro Cogo , Ivanilton Polato , Marco A Gerosa , Igor Scaliante Wiese

Vulnerabilities in software libraries and reusable components cause major security challenges, particularly in dependency-heavy ecosystems such as Maven. This paper presents a large-scale analysis of vulnerabilities in the Maven ecosystem…

软件工程 · 计算机科学 2025-03-31 Md Fazle Rabbi , Rajshakhar Paul , Arifa Islam Champa , Minhaz F. Zibran

Software ecosystems are collections of projects that are developed and evolve together in the same environment. Existing literature investigates software ecosystems as isolated entities whose boundaries do not overlap and assumes they are…

软件工程 · 计算机科学 2018-12-14 Eleni Constantinou , Alexandre Decan , Tom Mens

Context: Software of different functional categories, such as text processing vs. networking, has different profiles in terms of metrics like security and updates. Using popularity to compare e.g. Java vs. Python libraries might give a…

软件工程 · 计算机科学 2024-03-12 Ranindya Paramitha , Yuan Feng , Fabio Massacci , Carlos E. Budde

Software ecosystems can be viewed as socio-technical networks consisting of technical components (software packages) and social components (communities of developers) that maintain the technical components. Ecosystems evolve over time…

软件工程 · 计算机科学 2017-10-16 Eleni Constantinou , Tom Mens

Background: Modern software uses many third-party libraries and frameworks as dependencies. Known vulnerabilities in these dependencies are a potential security risk. Software composition analysis (SCA) tools, therefore, are being…

软件工程 · 计算机科学 2021-09-02 Nasif Imtiaz , Seaver Thorne , Laurie Williams

Context: Software systems are in continuous evolution through source code changes to fixing bugs, adding new functionalities and improving the internal architecture. All these practices are recorded in the version history, which can be…

软件工程 · 计算机科学 2020-01-17 Leandro Ungari Cayres , Bruno Santos de Lima , Rogério Eduardo Garcia

Software systems impact society at different levels as they pervasively solve real-world problems. Modern software systems are often so sophisticated that their complexity exceeds the limits of human comprehension. These systems must…

软件工程 · 计算机科学 2024-01-23 Christian Cabrera , Andrei Paleyes , Neil D. Lawrence

The democratization of open-source Large Language Models (LLMs) allows users to fine-tune and deploy models on local infrastructure but exposes them to a First Mile deployment landscape. Unlike black-box API consumption, the reliability of…

软件工程 · 计算机科学 2026-01-21 Guangba Yu , Zirui Wang , Yujie Huang , Renyi Zhong , Yuedong Zhong , Yilun Wang , Michael R. Lyu

Reusing software libraries is a pillar of modern software engineering. In 2022, the average Java application depends on 40 third-party libraries. Relying on such libraries exposes a project to potential vulnerabilities and may put an…

软件工程 · 计算机科学 2023-01-20 Amir M. Mir , Mehdi Keshani , Sebastian Proksch

As we increasingly depend on software systems, the consequences of breaches in the software supply chain become more severe. High-profile cyber attacks like those on SolarWinds and ShadowHammer have resulted in significant financial and…

密码学与安全 · 计算机科学 2023-08-10 Tanmay Singla , Dharun Anandayuvaraj , Kelechi G. Kalu , Taylor R. Schorlemmer , James C. Davis

Feature models are widely used to capture the configuration space of software systems. Although automated reasoning has been studied for detecting problematic features and supporting configuration tasks, significantly less attention has…

Software systems are a significant contributor to global sustainability concerns, demanding that environmental, social, technical, and economic factors be systematically addressed from the initial requirements engineering phase. Although…

软件工程 · 计算机科学 2025-10-13 Mandira Roy , Novarun Deb , Nabendu Chaki , Agostino Cortesi

Identifying the impact scope and scale is critical for software supply chain vulnerability assessment. However, existing studies face substantial limitations. First, prior studies either work at coarse package-level granularity, producing…

软件工程 · 计算机科学 2025-10-10 Bonan Ruan , Zhiwei Lin , Jiahao Liu , Chuqi Zhang , Kaihang Ji , Zhenkai Liang

Performance is a critical quality attribute in software development, yet the impact of method-level code changes on performance evolution remains poorly understood. While developers often make intuitive assumptions about which types of…

软件工程 · 计算机科学 2025-08-12 Kaveh Shahedi , Nana Gyambrah , Heng Li , Maxime Lamothe , Foutse Khomh

The Log4j-Core vulnerability, known as Log4Shell, exposed significant challenges to dependency management in software ecosystems. When a critical vulnerability is disclosed, it is imperative that dependent packages quickly adopt patched…

With the advent of open source software, a veritable treasure trove of previously proprietary software development data was made available. This opened the field of empirical software engineering research to anyone in academia. Data that is…

软件工程 · 计算机科学 2022-04-19 Adam Tutko , Austin Z. Henley , Audris Mockus

Understanding the structural characteristics and connectivity patterns of large-scale software ecosystems is critical for enhancing software reuse, improving ecosystem resilience, and mitigating security risks. In this paper, we investigate…

软件工程 · 计算机科学 2025-08-20 Daniel Ogenrwot , John Businge , Shaikh Arifuzzaman

Large language models (LLMs) have developed rapidly in recent years, revolutionizing various fields. Despite their widespread success, LLMs heavily rely on external code dependencies from package management systems, creating a complex and…

密码学与安全 · 计算机科学 2025-09-01 Shuhan Liu , Xing Hu , Xin Xia , David Lo , Xiaohu Yang