On the Impact of Security Vulnerabilities in the npm Package Dependency Network
暂无分享,去创建一个
[1] E. Kaplan,et al. Nonparametric Estimation from Incomplete Observations , 1958 .
[2] Erik Derr,et al. Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android , 2017, CCS.
[3] Andrew Meneely,et al. Do Bugs Foreshadow Vulnerabilities? A Study of the Chromium Project , 2015, 2015 IEEE/ACM 12th Working Conference on Mining Software Repositories.
[4] Rabe Abdalkareem,et al. Why do developers use trivial packages? an empirical case study on npm , 2017, ESEC/SIGSOFT FSE.
[5] J. I. Hejderup,et al. In Dependencies We Trust: How vulnerable are dependencies in software modules? , 2015 .
[6] Arie van Deursen,et al. Tracking known security vulnerabilities in proprietary software systems , 2015, 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER).
[7] Tom Mens,et al. An empirical comparison of dependency network evolution in seven software packaging ecosystems , 2017, Empirical Software Engineering.
[8] Tom Mens,et al. On the topology of package dependency networks: a comparison of three programming language ecosystems , 2016, ECSA Workshops.
[9] O. Aalen,et al. Survival and Event History Analysis: A Process Point of View , 2008 .
[10] Katsuro Inoue,et al. Do developers update their library dependencies? , 2017, Empirical Software Engineering.
[11] Hoan Anh Nguyen,et al. Detection of recurring software vulnerabilities , 2010, ASE.
[12] Andrew Nesbitt,et al. Libraries.io Open Source Repository and Dependency Metadata , 2017 .
[13] Vern Paxson,et al. The Matter of Heartbleed , 2014, Internet Measurement Conference.
[14] Marko C. J. D. van Eekelen,et al. Measuring Dependency Freshness in Software Systems , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.
[15] Tom Mens,et al. An empirical comparison of dependency issues in OSS packaging ecosystems , 2017, 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER).
[16] James D. Herbsleb,et al. How to break an API: cost negotiation and community values in three software ecosystems , 2016, SIGSOFT FSE.
[17] Herbert H. Thompson,et al. Why Security Testing Is Hard , 2003, IEEE Secur. Priv..
[18] Philippe Suter,et al. A Look at the Dynamics of the JavaScript Package Ecosystem , 2016, 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR).
[19] Fabio Massacci,et al. Which is the right source for vulnerability studies?: an empirical analysis on Mozilla Firefox , 2010, MetriSec '10.
[20] Fabio Massacci,et al. After-Life Vulnerabilities: A Study on Firefox Evolution, Its Vulnerabilities, and Fixes , 2011, ESSoS.
[21] Tobias Lauinger,et al. Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web , 2018, NDSS.
[22] Lerina Aversano,et al. The life and death of statically detected vulnerabilities: An empirical study , 2009, Inf. Softw. Technol..