An in-depth study of software library upgrade dependency issues
With the increase in the demand of software systems, there is an increase in the demand for efficient software building. Therefore, it is a standard practice for developers to “re-use” code written by third parties. These codes are tools provided by third-party software libraries. The reliance on th...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/156369 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-156369 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1563692022-04-15T07:44:08Z An in-depth study of software library upgrade dependency issues Yeo, Nicholas Ming Jie Li Yi School of Computer Science and Engineering yi_li@ntu.edu.sg Library and information science::Libraries::Technologies With the increase in the demand of software systems, there is an increase in the demand for efficient software building. Therefore, it is a standard practice for developers to “re-use” code written by third parties. These codes are tools provided by third-party software libraries. The reliance on these third-party software libraries is growing, causing the number of vulnerabilities found in software systems that incorporate them to increase. Third-party software libraries used in software systems are regarded as sources of vulnerabilities as they can be exploited by attackers. Moreover, compatibility issues between third-party software libraries and the software systems that utilizes them arises due to asynchronous updates and negligence of developers. This study will be proposing a method to detect these vulnerabilities. In addition, there will be a discussion on the level of third-party library dependency issues or how much software systems in the market are dependent on third party software libraries and the effort needed to detect, prevent, or mitigate these issues. The proposed method to detect vulnerabilities, will be applied to 15 open-source projects written in Python with respect to 3 different software libraries. In this study, it is detected that there is a high level of third-party library dependency issue due to relatively high amount of application programming interface (API) calls made by open-source projects. It is also observed that the size of a project has no influence on the number of API calls made to the third-party software libraries. It is observed that the increase reliance on third-party software libraries calls for a need to increase the focus on detecting security vulnerabilities caused by these libraries. Developers that utilize these software libraries are urged to put in a conscientious effort to mitigate these threats as they are potentially harmful and can have a big impact to their software systems. Bachelor of Engineering (Computer Science) 2022-04-15T07:44:08Z 2022-04-15T07:44:08Z 2022 Final Year Project (FYP) Yeo, N. M. J. (2022). An in-depth study of software library upgrade dependency issues. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/156369 https://hdl.handle.net/10356/156369 en SCSE21-0125 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Library and information science::Libraries::Technologies |
| spellingShingle |
Library and information science::Libraries::Technologies Yeo, Nicholas Ming Jie An in-depth study of software library upgrade dependency issues |
| description |
With the increase in the demand of software systems, there is an increase in the demand for efficient software building. Therefore, it is a standard practice for developers to “re-use” code written by third parties. These codes are tools provided by third-party software libraries. The reliance on these third-party software libraries is growing, causing the number of vulnerabilities found in software systems that incorporate them to increase. Third-party software libraries used in software systems are regarded as sources of vulnerabilities as they can be exploited by attackers. Moreover, compatibility issues between third-party software libraries and the software systems that utilizes them arises due to asynchronous updates and negligence of developers.
This study will be proposing a method to detect these vulnerabilities. In addition, there will be a discussion on the level of third-party library dependency issues or how much software systems in the market are dependent on third party software libraries and the effort needed to detect, prevent, or mitigate these issues.
The proposed method to detect vulnerabilities, will be applied to 15 open-source projects written in Python with respect to 3 different software libraries. In this study, it is detected that there is a high level of third-party library dependency issue due to relatively high amount of application programming interface (API) calls made by open-source projects. It is also observed that the size of a project has no influence on the number of API calls made to the third-party software libraries.
It is observed that the increase reliance on third-party software libraries calls for a need to increase the focus on detecting security vulnerabilities caused by these libraries. Developers that utilize these software libraries are urged to put in a conscientious effort to mitigate these threats as they are potentially harmful and can have a big impact to their software systems. |
| author2 |
Li Yi |
| author_facet |
Li Yi Yeo, Nicholas Ming Jie |
| format |
Final Year Project |
| author |
Yeo, Nicholas Ming Jie |
| author_sort |
Yeo, Nicholas Ming Jie |
| title |
An in-depth study of software library upgrade dependency issues |
| title_short |
An in-depth study of software library upgrade dependency issues |
| title_full |
An in-depth study of software library upgrade dependency issues |
| title_fullStr |
An in-depth study of software library upgrade dependency issues |
| title_full_unstemmed |
An in-depth study of software library upgrade dependency issues |
| title_sort |
in-depth study of software library upgrade dependency issues |
| publisher |
Nanyang Technological University |
| publishDate |
2022 |
| url |
https://hdl.handle.net/10356/156369 |
| _version_ |
1731235733841117184 |