Towards Measuring Vulnerabilities and Exposures in Open-Source Packages

• URL: http://arxiv.org/abs/2206.14527v2
• Date: Tue, 9 May 2023 11:09:14 GMT
• Title: Towards Measuring Vulnerabilities and Exposures in Open-Source Packages
• Authors: Tobias Dam and Sebastian Neumaier
• Abstract summary: We provide an up-to-date overview of the open source landscape. We discuss approaches to map entries of the Common Vulnerabilities and Exposures ( CVE) list to open-source libraries. We show the frequency and distribution of existing CVE entries with respect to popular programming languages.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Much of the current software depends on open-source components, which in turn have complex dependencies on other open-source libraries. Vulnerabilities in open source therefore have potentially huge impacts. The goal of this work is to get a quantitative overview of the frequency and evolution of existing vulnerabilities in popular software repositories and package managers. To this end, we provide an up-to-date overview of the open source landscape and its most popular package managers, we discuss approaches to map entries of the Common Vulnerabilities and Exposures (CVE) list to open-source libraries and we show the frequency and distribution of existing CVE entries with respect to popular programming languages.

Related papers

• An Overview and Catalogue of Dependency Challenges in Open Source Software Package Registries [52.23798016734889]
  This article provides a catalogue of dependency-related challenges that come with relying on OSS packages or libraries. The catalogue is based on the scientific literature on empirical research that has been conducted to understand, quantify and overcome these challenges.
  arXiv  Detail & Related papers  (2024-09-27T16:20:20Z)
• Unicorns Do Not Exist: Employing and Appreciating Community Managers in Open Source [0.0]
  Despite playing a crucial role in maintaining open-source software, community managers are often overlooked. We suggest methods to overcome this by stressing the need for the specialisation of roles. Following these guidelines can allow this vital role to be treated with the transparency and respect that it deserves.
  arXiv  Detail & Related papers  (2024-06-29T07:23:53Z)
• Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
  We investigate the security implications of and software-based Open Radio Access Network (RAN) systems. We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
  arXiv  Detail & Related papers  (2024-05-03T07:18:45Z)
• Analyzing the Accessibility of GitHub Repositories for PyPI and NPM Libraries [91.97201077607862]
  Industrial applications heavily rely on open-source software (OSS) libraries, which provide various benefits. To monitor the activities of such communities, a comprehensive list of repositories for the libraries of an ecosystem must be accessible. In this study, we analyze the accessibility of GitHub repositories for PyPI and NPM libraries.
  arXiv  Detail & Related papers  (2024-04-26T13:27:04Z)
• The Code the World Depends On: A First Look at Technology Makers' Open Source Software Dependencies [3.6840775431698893]
  Open-source software (OSS) supply chain security has become a topic of concern for organizations. Patching an OSS vulnerability can require updating other dependent software products in addition to the original package. We do not know what packages are most critical to patch, hindering efforts to improve OSS security where it is most needed.
  arXiv  Detail & Related papers  (2024-04-17T21:44:38Z)
• A Landscape Study of Open Source and Proprietary Tools for Software Bill of Materials (SBOM) [3.1190983209295076]
  Software Bill of Materials (SBOM) is a repository that inventories all third-party components and dependencies used in an application. Recent supply chain breaches underscore the urgent need to enhance software security and vulnerability risks. This research paper conducts an empirical analysis to assess the current landscape of open-source and proprietary tools related to SBOM.
  arXiv  Detail & Related papers  (2024-02-17T00:36:20Z)
• Analyzing Maintenance Activities of Software Libraries [65.268245109828]
  Industrial applications heavily integrate open-source software libraries nowadays. I want to introduce an automatic monitoring approach for industrial applications to identify open-source dependencies that show negative signs regarding their current or future maintenance activities.
  arXiv  Detail & Related papers  (2023-06-09T16:51:25Z)
• Code Librarian: A Software Package Recommendation System [65.05559087332347]
  We present a recommendation engine called Librarian for open source libraries. A candidate library package is recommended for a given context if: 1) it has been frequently used with the imported libraries in the program; 2) it has similar functionality to the imported libraries in the program; 3) it has similar functionality to the developer's implementation, and 4) it can be used efficiently in the context of the provided code.
  arXiv  Detail & Related papers  (2022-10-11T12:30:05Z)
• Underproduction: An Approach for Measuring Risk in Open Source Software [9.701036831490766]
  'Underproduction' occurs when the supply of software engineering labor becomes out of alignment with the demand of people who rely on the software produced. We present a conceptual framework for identifying relative underproduction in software as well as a statistical method for applying our framework to a comprehensive dataset.
  arXiv  Detail & Related papers  (2021-02-27T23:18:21Z)
• Towards Utility-based Prioritization of Requirements in Open Source Environments [51.65930505153647]
  We show how utility-based prioritization approaches can be used to support contributors in conventional and open source Requirements Engineering scenarios. As an example, we show how dependencies can be taken into account in utility-based prioritization processes.
  arXiv  Detail & Related papers  (2021-02-17T09:05:54Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.