Fine-Grained Network Analysis for Modern Software Ecosystems

Boldi, Paolo; Georgios, G.

Fine-Grained Network Analysis for Modern Software Ecosystems

Journal article (2021)

Authors

Paolo Boldi University of Milan

G. Georgios Software Engineering

Research Group

Software Engineering

Network analysis Software reuse Security breaches

To reference this document use:

http://resolver.tudelft.nl/uuid:71d833b6-cf5f-4405-8291-3e45e1fef315

More Info

expand_more

Published Date

2021

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Research Group

Software Engineering

Abstract

Modern software development is increasingly dependent on components, libraries, and frameworks coming from third-party vendors or open-source suppliers and made available through a number of platforms (or forges). This way of writing software puts an emphasis on reuse and on composition, commoditizing the services that modern applications require. On the other hand, bugs and vulnerabilities in a single library living in one such ecosystem can affect, directly or by transitivity, a huge number of other libraries and applications. Currently, only product-level information on library dependencies is used to contain this kind of danger, but this knowledge often reveals itself too imprecise to lead to effective (and possibly automated) handling policies. We will discuss how fine-grained function-level dependencies can greatly improve reliability and reduce the impact of vulnerabilities on the whole software ecosystem.

Files

3418209.pdf

(pdf | 1.22 Mb)

License info not available

Download not available