Vuln4Real: A Methodology for Counting Actually Vulnerable Dependencies
暂无分享,去创建一个
Fabio Massacci | Serena Elisa Ponta | Ivan Pashchenko | Henrik Plate | Antonino Sabetta | F. Massacci | A. Sabetta | Ivan Pashchenko | H. Plate
[1] Marco Tulio Valente,et al. Identifying unmaintained projects in github , 2018, ESEM.
[2] Georgios Gousios,et al. Structure and Evolution of Package Dependency Networks , 2017, 2017 IEEE/ACM 14th International Conference on Mining Software Repositories (MSR).
[3] Fabio Massacci,et al. A Qualitative Study of Dependency Management and Its Security Implications , 2020, CCS.
[4] Achim D. Brucker,et al. A Screening Test for Disclosed Vulnerabilities in FOSS Components , 2019, IEEE Transactions on Software Engineering.
[5] Arie van Deursen,et al. Tracking known security vulnerabilities in proprietary software systems , 2015, 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER).
[6] Josh Levenberg,et al. Why Google stores billions of lines of code in a single repository , 2016, Commun. ACM.
[7] Tobias Lauinger,et al. Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web , 2018, NDSS.
[8] Tom Mens,et al. On the Impact of Outdated and Vulnerable Javascript Packages in Docker Images , 2019, 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER).
[9] J. I. Hejderup,et al. In Dependencies We Trust: How vulnerable are dependencies in software modules? , 2015 .
[10] Dirk Merkel,et al. Docker: lightweight Linux containers for consistent development and deployment , 2014 .
[11] Barry W. Boehm,et al. Eight Lessons Learned during COTS-Based Systems Maintenance , 2003, IEEE Softw..
[12] Sven Bugiel,et al. Up-To-Crash: Evaluating Third-Party Library Updatability on Android , 2019, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).
[13] Marko C. J. D. van Eekelen,et al. Measuring Dependency Freshness in Software Systems , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.
[14] Jordi Cabot,et al. An Empirical Study on the Maturity of the Eclipse Modeling Ecosystem , 2017, 2017 ACM/IEEE 20th International Conference on Model Driven Engineering Languages and Systems (MODELS).
[15] Marco Tulio Valente,et al. Why modern open source projects fail , 2017, ESEC/SIGSOFT FSE.
[16] Fabio Massacci,et al. Vulnerable open source dependencies: counting those that matter , 2018, ESEM.
[17] Cristina V. Lopes,et al. Is Popularity a Measure of Quality? An Analysis of Maven Components , 2014, 2014 IEEE International Conference on Software Maintenance and Evolution.
[18] Eleni Constantinou,et al. A formal framework for measuring technical lag in component repositories — and its application to npm , 2019, J. Softw. Evol. Process..
[19] Dietmar Pfahl,et al. Reporting Experiments in Software Engineering , 2008, Guide to Advanced Empirical Software Engineering.
[20] Katsuro Inoue,et al. Do developers update their library dependencies? , 2017, Empirical Software Engineering.
[21] Ellis E. Eghan,et al. Tracing known security vulnerabilities in software repositories - A Semantic Web enabled modeling approach , 2016, Sci. Comput. Program..
[22] Serena Elisa Ponta,et al. Impact assessment for vulnerabilities in open-source software libraries , 2015, 2015 IEEE International Conference on Software Maintenance and Evolution (ICSME).
[23] Fabio Massacci,et al. The (un)reliability of NVD vulnerable versions data: an empirical experiment on Google Chrome vulnerabilities , 2013, ASIA CCS '13.
[24] Huseyin Cavusoglu,et al. Emerging Issues in Responsible Vulnerability Disclosure , 2005, WEIS.
[25] R. Brown. Statistical forecasting for inventory control , 1960 .
[26] Fabio Massacci,et al. An automatic method for assessing the versions affected by a vulnerability , 2015, Empirical Software Engineering.
[27] Philippe Suter,et al. A Look at the Dynamics of the JavaScript Package Ecosystem , 2016, 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR).
[28] Klaas-Jan Stol,et al. Is It All Lost? A Study of Inactive Open Source Projects , 2013, OSS.