Fine-Grained Network Analysis for Modern Software Ecosystems

12/08/2020
by   Paolo Boldi, et al.
0

Modern software development is increasingly dependent on components, libraries and frameworks coming from third-party vendors or open-source suppliers and made available through a number of platforms (or forges). This way of writing software puts an emphasis on reuse and on composition, commoditizing the services which modern applications require. On the other hand, bugs and vulnerabilities in a single library living in one such ecosystem can affect, directly or by transitivity, a huge number of other libraries and applications. Currently, only product-level information on library dependencies is used to contain this kind of danger, but this knowledge often reveals itself too imprecise to lead to effective (and possibly automated) handling policies. We will discuss how fine-grained function-level dependencies can greatly improve reliability and reduce the impact of vulnerabilities on the whole software ecosystem.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
05/17/2023

Vulnerability Propagation in Package Managers Used in iOS Development

Although using third-party libraries is common practice when writing sof...
research
08/09/2018

Mining Threat Intelligence about Open-Source Projects and Libraries from Code Repository Issues and Bug Reports

Open-Source Projects and Libraries are being used in software developmen...
research
05/18/2023

Analysis of Library Dependency Networks of Package Managers Used in iOS Development

Reusing existing solutions in the form of third-party libraries is commo...
research
01/19/2023

On the Effect of Transitivity and Granularity on Vulnerability Propagation in the Maven Ecosystem

Reusing software libraries is a pillar of modern software engineering. I...
research
09/14/2017

Modeling Library Dependencies and Updates in Large Software Repository Universes

Popular (re)use of third-party open-source software (OSS) is evidence of...
research
09/15/2021

Toward Modern Fortran Tooling and a Thriving Developer Community

Fortran is the oldest high-level programming language that remains in us...
research
08/29/2017

Tug-of-War: Observations on Unified Content Handling

Modern applications and Operating Systems vary greatly with respect to h...

Please sign up or login with your details

Forgot password? Click here to reset