Challenges of mapping Vulnerabilities and Exposures to Open-Source Packages

06/29/2022
by   Tobias Dam, et al.
0

Much of the current software depends on open-source components, which in turn have complex dependencies on other open-source libraries. Vulnerabilities in open source therefore have potentially huge impacts. The goal of this work is to get a quantitative overview of the frequency and evolution of existing vulnerabilities in popular software repositories and package managers. To this end, we provide an up-to-date overview of the open source landscape and its most popular package managers. We discuss approaches to map entries of the Common Vulnerabilities and Exposures (CVE) list to open-source libraries. Based on this mapping approaches, we show the frequency and distribution of CVE entries with respect to popular programming languages.

READ FULL TEXT

Please sign up or login with your details

Forgot password? Click here to reset