Discovering Digital Siblings: Quantifying Inter-Repository Similarity Through GitHub Dependency Structures

Open Source developers typically use Git repositories to transparently store the source code of projects and contribute to the code of others. There are millions of repositories actively hosted on platforms such as GitHub. This presents an opportunity for sharing knowledge between related projects – the so-called digital siblings. Finding...

Analyzing the Criticality of NPM Packages Through a Time-Dependent Dependency Graph

In (open-source) development, developers routinely rely on other libraries to improve their coding efficiency by reusing code. This reliance on other packages could cause issues when critical dependencies have suddenly have a vulnerability introduced to them. This work analyzes the criticality for NPM. To get an accurate picture of what the most...

Analyzing the Criticality of Apache Maven Packages Through a Temporal Dependency Graph

Developers rely on different software to improve their efficiency as to reuse parts of code and be able to maintain it with ease, which is why open source software libraries have gained much pop- ularity over the past years. This paper analyzes what are the most used packages from Apache Maven, which is a build automation tool used primarily for...

Review of hydraulic modelling approaches for intermittent water supply systems

Intermittent water supply (IWS) is widely used around the world, and with the increase in population and predicted future water scarcity, IWS applications seem to continue. While most of the existing studies on water supply concentrate on continuous water supply (CWS), the research focused on the IWS is now becoming mainstream. Hydraulic...

Effectiveness of using call graphs to detect propagated vulnerabilities

Nowadays software development greatly relies upon using third-party source code. A logical consequence is that vulnerabilities from such sources can be propagated to applications making use of those. Tools like Dependabot can alert developers about packages they use, which entail vulnerabilities. Such alerts oftentimes turn out to be false...

Improvement Analysis of Function-Level over Package-Level Vulnerability Recommendations

Software reuse in the form of dependencies has become widespread in software development. However, dependencies have the potential to suffer from vulnerabilities, thereby potentially putting depending projects at risk. Dependency analysis software can be used to manage vulnerable dependencies, such as Dependabot. Yet, such programs are generally...

Method-Level Data in GitHub Pull Request Descriptions: Effects on Developers' Prioritization and Facilitation of Fixing Vulnerable Dependencies

Modern software development involves the usage of external third-party software projects as direct dependencies. Nonetheless, developers of a dependant project have no control over critical aspects such as development and testing of the dependency. This can put the reliant repositories at risk through vulnerabilities, which can be exploited by...

BN-SLIM: A Bayesian network methodology for human reliability assessment based on Success Likelihood Index Method (SLIM)

Success Likelihood Index Model (SLIM) is one of the widely-used deterministic techniques in human reliability assessment especially when data is insufficient. However, this method suffers from epistemic uncertainty as it extremely relies on expert judgment for determining the model parameters such as the rates and weights of the performance...

Functional design of data flow networks