A Qualitative Study of Dependency Management and Its Security Implications
Ivan Pashchenko, Duc‐Ly Vu, Fabio Massacci
Abstract
Several large scale studies on the Maven, NPM, and Android ecosystems point out that many developers do not often update their vulnerable software libraries thus exposing the user of their code to security risks. The purpose of this study is to qualitatively investigate the choices and the interplay of functional and security concerns on the developers' overall decision-making strategies for selecting, managing, and updating software dependencies.
Topics & Concepts
Computer scienceSoftware security assuranceAndroid (operating system)Dependency (UML)Computer securitySoftwareSoftware engineeringInformation securitySecurity serviceOperating systemSoftware Engineering ResearchAdvanced Malware Detection TechniquesSoftware Engineering Techniques and Practices