Out of sight, out of mind? How vulnerable dependencies affect open-source projects

Out of sight, out of mind? How vulnerable dependencies affect open-source projects

Context: Software developers often use open-source libraries in their project to improve development speed. However, such libraries may contain security vulnerabilities, and this has resulted in several high-profile incidents in re- cent years. As usage of open-source libraries grows, understanding...

Full description

Saved in:

Bibliographic Details
Main Authors:	PRANA, Gede Artha Azriadi, SHARMA, Abhishek, SHAR, Lwin Khin, FOO, Darius, SANTOSA, Andrew E., SHARMA, Asankhaya, LO, David
Format:	text
Language:	English
Published:	Institutional Knowledge at Singapore Management University 2021
Subjects:	Empirical Study Security Software Composition Analysis Software Engineering
Online Access:	https://ink.library.smu.edu.sg/sis_research/6048 https://ink.library.smu.edu.sg/context/sis_research/article/7053/viewcontent/sourceclear___journal_2020_11_29.pdf
Tags:	Add Tag No Tags, Be the first to tag this record!
Institution:	Singapore Management University
Language:	English

Similar Items

Out of sight, out of mind: Better automatic vulnerability repair by broadening input ranges and sources
by: ZHOU, Xin, et al.
Published: (2024)

Out of sight out of mind.
by: Lim, Chin Ping., et al.
Published: (2009)

Can we make it better? Assessing and improving quality of GitHub repositories
by: PRANA, Gede Artha Azriadi
Published: (2021)

Real world projects, real faults: Evaluating spectrum based fault localization techniques on Python projects
by: RATNADIRA WIDYASARI,, et al.
Published: (2022)

Automated identification of libraries from vulnerability data
by: YANG, Chen, et al.
Published: (2020)

A machine learning approach for vulnerability curation
by: CHEN, Yang, et al.
Published: (2020)

RETAIL GEOGRAPHY OF ETHICAL FASHION: OUT OF SIGHT & OUT OF MIND
by: LIM BAO YI
Published: (2019)

Including everyone, everywhere: Understanding opportunities and challenges of geographic gender-inclusion in OSS
by: PRANA, Gede Artha Azriadi, et al.
Published: (2022)

Mitigating SQL injection and cross site scripting vulnerabilities using program analysis and data mining techniques
by: Shar, Lwin Khin
Published: (2013)

Out of Sight, Out of Mind: The Value of Political Connections in Social Networks
by: DO, Quoc-Anh, et al.
Published: (2011)

Out of Sight, Out of Mind: The Value of Political Connections in Social Networks
by: DO, Quoc-Anh, et al.
Published: (2012)

Out of Sight, Out of Mind: The Value of Political Connections in Social Networks
by: DO, Quoc-Anh, et al.
Published: (2011)

Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis
by: SHAR, Lwin Khin, et al.
Published: (2013)

Predicting common web application vulnerabilities from input validation and sanitization code patterns
by: SHAR, Lwin Khin, et al.
Published: (2012)

OUT OF SIGHT, OUT OF MIND?: AN EMPIRICAL ANALYSIS OF CPFIS MUTUAL FUND EXPENSE RATIO
by: NG ZI YUN CHERLYN
Published: (2018)

Predicting SQL injection and cross site scripting vulnerabilities through mining input sanitization patterns
by: SHAR, Lwin Khin, et al.
Published: (2013)

Out of sight
by: Fan, Di, et al.
Published: (2012)

Search-driven string constraint solving for vulnerability detection
by: THOME, Julian, et al.
Published: (2017)

HERMES: using commit-issue linking to detect vulnerability-fixing commits
by: NGUYEN, Truong Giang, et al.
Published: (2022)

Revisiting the identification of the co-evolution of production and test code
by: SUN, Weifeng, et al.
Published: (2023)

Categorizing the content of GitHub README files
by: PRANA, Gede Artha Azriadi, et al.
Published: (2018)

An integrated approach for effective injection vulnerability analysis of web applications through security slicing and hybrid constraint solving
by: THOME, Julian, et al.
Published: (2018)

An Empirical Assessment of Bellon's Clone Benchmark
by: CHARPENTIER, Alan, et al.
Published: (2015)

Out of cite, out of mind?
by: Higgitt, D.
Published: (2011)

Characterization and prediction of questions without accepted answers on Stack Overflow
by: YAZDANINIA, Mohamad, et al.
Published: (2021)

An empirical study of bugs in software build systems
by: XIA, Xin, et al.
Published: (2013)

The Impact of Process Choice in High Maturity Environments: An Empirical Analysis
by: RAMASUBBU, Narayanasamy, et al.
Published: (2009)

Adoption of Software Testing in Open Source Projects: A Preliminary Study on 50,000 Projects
by: KOCHHAR, Pavneet Singh, et al.
Published: (2013)

An empirical study of adoption of software testing in open source projects
by: KOCHHAR, Pavneet Singh, et al.
Published: (2013)

WiFi-based indoor line-of-sight identification
by: ZHOU, Zimu, et al.
Published: (2015)

WiFi-based indoor line-of-sight identification
by: ZHOU, Zimu, et al.
Published: (2015)

LiFi: Line-of-sight identification with WiFi
by: ZHOU, Zimu, et al.
Published: (2014)

An empirical study on robustness of DNNs with out-of-distribution awareness
by: ZHOU, Lingjun, et al.
Published: (2020)

JoanAudit: A tool for auditing common injection vulnerabilities
by: THOME, Julian, et al.
Published: (2017)

Automated removal of cross site scripting vulnerabilities in web applications
by: SHAR, Lwin Khin, et al.
Published: (2011)

Web application vulnerability prediction using hybrid program analysis and machine learning
by: SHAR, Lwin Khin, et al.
Published: (2014)

Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
by: SHAR, Lwin Khin, et al.
Published: (2012)

Watch out! Motion is blurring the vision of your deep neural networks
by: GUO, Qing, et al.
Published: (2020)

Analyzing offline social engagements: an empirical study of meetup events related to software development
by: SHARMA, Abhishek, et al.
Published: (2022)

Towards characterizing bug fixes through dependency-level changes in Apache Java open source projects
by: Cui, Di, et al.
Published: (2022)