DeepAI AI Chat
Log In Sign Up

Fine-Grained Network Analysis for Modern Software Ecosystems

12/08/2020
by   Paolo Boldi, et al.
0

Modern software development is increasingly dependent on components, libraries and frameworks coming from third-party vendors or open-source suppliers and made available through a number of platforms (or forges). This way of writing software puts an emphasis on reuse and on composition, commoditizing the services which modern applications require. On the other hand, bugs and vulnerabilities in a single library living in one such ecosystem can affect, directly or by transitivity, a huge number of other libraries and applications. Currently, only product-level information on library dependencies is used to contain this kind of danger, but this knowledge often reveals itself too imprecise to lead to effective (and possibly automated) handling policies. We will discuss how fine-grained function-level dependencies can greatly improve reliability and reduce the impact of vulnerabilities on the whole software ecosystem.

READ FULL TEXT

page 1

page 2

page 3

page 4

05/17/2023

Vulnerability Propagation in Package Managers Used in iOS Development

Although using third-party libraries is common practice when writing sof...
08/09/2018

Mining Threat Intelligence about Open-Source Projects and Libraries from Code Repository Issues and Bug Reports

Open-Source Projects and Libraries are being used in software developmen...
05/18/2023

Analysis of Library Dependency Networks of Package Managers Used in iOS Development

Reusing existing solutions in the form of third-party libraries is commo...
03/04/2021

Technical Leverage in a Software Ecosystem: Development Opportunities and Security Risks

In finance, leverage is the ratio between assets borrowed from others an...
08/29/2017

Tug-of-War: Observations on Unified Content Handling

Modern applications and Operating Systems vary greatly with respect to h...
09/14/2017

Modeling Library Dependencies and Updates in Large Software Repository Universes

Popular (re)use of third-party open-source software (OSS) is evidence of...
09/15/2021

Toward Modern Fortran Tooling and a Thriving Developer Community

Fortran is the oldest high-level programming language that remains in us...