Analyzing Maintenance Activities of Software Libraries
- URL: http://arxiv.org/abs/2306.06030v1
- Date: Fri, 9 Jun 2023 16:51:25 GMT
- Title: Analyzing Maintenance Activities of Software Libraries
- Authors: Alexandros Tsakpinis
- Abstract summary: Industrial applications heavily integrate open-source software libraries nowadays.
I want to introduce an automatic monitoring approach for industrial applications to identify open-source dependencies that show negative signs regarding their current or future maintenance activities.
- Score: 65.268245109828
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Industrial applications heavily integrate open-source software libraries
nowadays. Beyond the benefits that libraries bring, they can also impose a real
threat in case a library is affected by a vulnerability but its community is
not active in creating a fixing release. Therefore, I want to introduce an
automatic monitoring approach for industrial applications to identify
open-source dependencies that show negative signs regarding their current or
future maintenance activities. Since most research in this field is limited due
to lack of features, labels, and transitive links, and thus is not applicable
in industry, my approach aims to close this gap by capturing the impact of
direct and transitive dependencies in terms of their maintenance activities.
Automatically monitoring the maintenance activities of dependencies reduces the
manual effort of application maintainers and supports application security by
continuously having well-maintained dependencies.
Related papers
- Agent-Driven Automatic Software Improvement [55.2480439325792]
This research proposal aims to explore innovative solutions by focusing on the deployment of agents powered by Large Language Models (LLMs)
The iterative nature of agents, which allows for continuous learning and adaptation, can help surpass common challenges in code generation.
We aim to use the iterative feedback in these systems to further fine-tune the LLMs underlying the agents, becoming better aligned to the task of automated software improvement.
arXiv Detail & Related papers (2024-06-24T15:45:22Z) - See to Believe: Using Visualization To Motivate Updating Third-party Dependencies [1.7914660044009358]
Security vulnerabilities introduced by applications using third-party dependencies are on the increase.
Developers are wary of library updates, even to fix vulnerabilities, citing that being unaware, or that the migration effort to update outweighs the decision.
In this paper, we hypothesize that the dependency graph visualization (DGV) approach will motivate developers to update.
arXiv Detail & Related papers (2024-05-15T03:57:27Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - A Survey of Third-Party Library Security Research in Application Software [3.280510821619164]
With the widespread use of third-party libraries, associated security risks and potential vulnerabilities are increasingly apparent.
Malicious attackers can exploit these vulnerabilities to infiltrate systems, execute unauthorized operations, or steal sensitive information.
Research on third-party libraries in software becomes paramount to address this growing security challenge.
arXiv Detail & Related papers (2024-04-27T16:35:02Z) - Detectors for Safe and Reliable LLMs: Implementations, Uses, and Limitations [76.19419888353586]
Large language models (LLMs) are susceptible to a variety of risks, from non-faithful output to biased and toxic generations.
We present our efforts to create and deploy a library of detectors: compact and easy-to-build classification models that provide labels for various harms.
arXiv Detail & Related papers (2024-03-09T21:07:16Z) - A Landscape Study of Open Source and Proprietary Tools for Software Bill
of Materials (SBOM) [3.1190983209295076]
Software Bill of Materials (SBOM) is a repository that inventories all third-party components and dependencies used in an application.
Recent supply chain breaches underscore the urgent need to enhance software security and vulnerability risks.
This research paper conducts an empirical analysis to assess the current landscape of open-source and proprietary tools related to SBOM.
arXiv Detail & Related papers (2024-02-17T00:36:20Z) - Dependency Practices for Vulnerability Mitigation [4.710141711181836]
We analyze more than 450 vulnerabilities in the npm ecosystem to understand why dependent packages remain vulnerable.
We identify over 200,000 npm packages that are infected through their dependencies.
We use 9 features to build a prediction model that identifies packages that quickly adopt the vulnerability fix and prevent further propagation of vulnerabilities.
arXiv Detail & Related papers (2023-10-11T19:48:46Z) - Lessons from the Long Tail: Analysing Unsafe Dependency Updates across
Software Ecosystems [11.461455369774765]
We present preliminary data based on three representative samples from a population of 88,416 pull requests (PRs)
We identify unsafe dependency updates (i.e., any pull request that risks being unsafe during runtime)
This includes developing best practises to address unsafe dependency updates not only in top-tier libraries but throughout the ecosystem.
arXiv Detail & Related papers (2023-09-08T08:17:09Z) - Understanding the Challenges of Deploying Live-Traceability Solutions [45.235173351109374]
SAFA.ai is a startup focusing on fine-tuning project-specific models that deliver automated traceability in a near real-time environment.
This paper describes the challenges that characterize commercializing software traceability and highlights possible future directions.
arXiv Detail & Related papers (2023-06-19T14:34:16Z) - Creating Training Sets via Weak Indirect Supervision [66.77795318313372]
Weak Supervision (WS) frameworks synthesize training labels from multiple potentially noisy supervision sources.
We formulate Weak Indirect Supervision (WIS), a new research problem for automatically synthesizing training labels.
We develop a probabilistic modeling approach, PLRM, which uses user-provided label relations to model and leverage indirect supervision sources.
arXiv Detail & Related papers (2021-10-07T14:09:35Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.