Analysing the effectiveness of fine-grained dependency analysis to convince developers of updating their dependencies

Bachelor thesis (2021)

Authors

C.P.H. Cosse Electrical Engineering, Mathematics and Computer Science

Contributors

M. Keshani Software Engineering - EEMCS (mentor)
A Katsifodimos Web Information Systems - EEMCS (graduation committee member)
Faculty
Electrical Engineering, Mathematics and Computer Science, Electrical Engineering, Mathematics and Computer Science
Copyright: © 2021 Christophe Cosse
More Info
expand_more

Published Date

02-07-2021

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

Dependency maintenance is a critically important part of software development as vulnerabilities and exploits are constantly being discovered. Unfortunately it is extremely tedious for developers to manually keep track of these vulnerability discoveries and update their dependencies consequently. Dependency maintenance tools such as Dependabot and WhiteSource help to make this job easier for developers but still many developers never update their dependencies even with notifications from these tools. As such this research paper aims to find if giving more information to the developer as to how the vulnerability affects their code entices developers more to update their dependencies. This research found that developers seem to not care much for extra information about vulnerabilities and in whole maybe a different approach is required to educate developers on the critical importance of dependency maintenance.