Litcius/Paper detail

A Qualitative Study of Dependency Management and Its Security Implications

Ivan Pashchenko, Duc‐Ly Vu, Fabio Massacci

202085 citationsDOIOpen Access PDF

Abstract

Several large scale studies on the Maven, NPM, and Android ecosystems point out that many developers do not often update their vulnerable software libraries thus exposing the user of their code to security risks. The purpose of this study is to qualitatively investigate the choices and the interplay of functional and security concerns on the developers' overall decision-making strategies for selecting, managing, and updating software dependencies.

Topics & Concepts

Computer scienceSoftware security assuranceAndroid (operating system)Dependency (UML)Computer securitySoftwareSoftware engineeringInformation securitySecurity serviceOperating systemSoftware Engineering ResearchAdvanced Malware Detection TechniquesSoftware Engineering Techniques and Practices
A Qualitative Study of Dependency Management and Its Security Implications | Litcius