Litcius/Paper detail

The extent of orphan vulnerabilities from code reuse in open source software

David D. Reid, Mahmoud Jahanshahi, Audris Mockus

2022Proceedings of the 44th International Conference on Software Engineering21 citationsDOI

Abstract

Motivation: A key premise of open source software is the ability to copy code to other open source projects (white-box reuse). Such copying accelerates development of new projects, but the code flaws in the original projects, such as vulnerabilities, may also spread even if fixed in the projects from where the code was appropriated. The extent of the spread of vulnerabilities through code reuse, the potential impact of such spread, or avenues for mitigating risk of these secondary vulnerabilities has not been studied in the context of a nearly complete collection of open source code.

Topics & Concepts

Computer scienceCode reuseReuseSource codeCopyingContext (archaeology)Open sourceCode (set theory)Open source softwareSecure codingCode reviewComputer securityKey (lock)SoftwareSoftware engineeringStatic program analysisSoftware developmentProgramming languageSoftware security assuranceEngineeringInformation securityPolitical scienceSet (abstract data type)Security serviceWaste managementPaleontologyBiologyLawSoftware Engineering ResearchOpen Source Software InnovationsSoftware Reliability and Analysis Research