[HTML][HTML] Just-in-time software vulnerability detection: Are we there yet?
Background: Software vulnerabilities are weaknesses in source code that might be exploited
to cause harm or loss. Previous work has proposed a number of automated machine …
to cause harm or loss. Previous work has proposed a number of automated machine …
Sok: Taxonomy of attacks on open-source software supply chains
The widespread dependency on open-source software makes it a fruitful target for malicious
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …
Do developers update their library dependencies? An empirical study on the impact of security advisories on library migration
Third-party library reuse has become common practice in contemporary software
development, as it includes several benefits for developers. Library dependencies are …
development, as it includes several benefits for developers. Library dependencies are …
A Survey on Software Vulnerability Exploitability Assessment
S Elder, MR Rahman, G Fringer, K Kapoor… - ACM Computing …, 2024 - dl.acm.org
Knowing the exploitability and severity of software vulnerabilities helps practitioners
prioritize vulnerability mitigation efforts. Researchers have proposed and evaluated many …
prioritize vulnerability mitigation efforts. Researchers have proposed and evaluated many …
A qualitative study of dependency management and its security implications
Several large scale studies on the Maven, NPM, and Android ecosystems point out that
many developers do not often update their vulnerable software libraries thus exposing the …
many developers do not often update their vulnerable software libraries thus exposing the …
An empirical study of usages, updates and risks of third-party libraries in java projects
Third-party libraries play a key role in software development as they can relieve developers
of the heavy burden of re-implementing common functionalities. However, third-party …
of the heavy burden of re-implementing common functionalities. However, third-party …
[HTML][HTML] Detection, assessment and mitigation of vulnerabilities in open source dependencies
Open source software (OSS) libraries are widely used in the industry to speed up the
development of software products. However, these libraries are subject to an ever …
development of software products. However, these libraries are subject to an ever …
A manually-curated dataset of fixes to vulnerabilities of open-source software
Advancing our understanding of software vulnerabilities, automating their identification, the
analysis of their impact, and ultimately their mitigation is necessary to enable the …
analysis of their impact, and ultimately their mitigation is necessary to enable the …
Vulnerable open source dependencies: Counting those that matter
Background: Vulnerable dependencies are a known problem in today's open-source
software ecosystems because OSS libraries are highly interconnected and developers do …
software ecosystems because OSS libraries are highly interconnected and developers do …
A comparative study of vulnerability reporting by software composition analysis tools
Background: Modern software uses many third-party libraries and frameworks as
dependencies. Known vulnerabilities in these dependencies are a potential security risk …
dependencies. Known vulnerabilities in these dependencies are a potential security risk …