On the impact of security vulnerabilities in the npm and RubyGems dependency networks
The increasing interest in open source software has led to the emergence of large language-
specific package distributions of reusable software libraries, such as npm and RubyGems …
specific package distributions of reusable software libraries, such as npm and RubyGems …
Software supply chain: review of attacks, risk assessment strategies and security controls
The software product is a source of cyber-attacks that target organizations by using their
software supply chain as a distribution vector. As the reliance of software projects on open …
software supply chain as a distribution vector. As the reliance of software projects on open …
Mitigating persistence of open-source vulnerabilities in maven ecosystem
Vulnerabilities from third-party libraries (TPLs) have been unveiled to threaten the Maven
ecosystem in the long term. Despite patches being released promptly after vulnerabilities …
ecosystem in the long term. Despite patches being released promptly after vulnerabilities …
On the acceptance by code reviewers of candidate security patches suggested by Automated Program Repair tools
A Papotti, R Paramitha, F Massacci - Empirical Software Engineering, 2024 - Springer
Objective We investigated whether (possibly wrong) security patches suggested by
Automated Program Repairs (APR) for real world projects are recognized by human …
Automated Program Repairs (APR) for real world projects are recognized by human …
Technical leverage analysis in the Python ecosystem
R Paramitha, F Massacci - Empirical Software Engineering, 2023 - Springer
Context: Technical leverage is the ratio between dependencies (other people's code) and
own codes of a software package. It has been shown to be useful to characterize the Java …
own codes of a software package. It has been shown to be useful to characterize the Java …
A Cross-role and Bi-national Analysis on Security Efforts and Constraints of Software Development Projects
F Kanei, AA Hasegawa, E Shioji… - Proceedings of the 37th …, 2021 - dl.acm.org
Software security, which is often regarded as a non-functional requirement, tends to be less
prioritized than other explicit requirements in development projects. For designing security …
prioritized than other explicit requirements in development projects. For designing security …
The AssureMOSS security certification scheme
Á Milánkovich, G Eberhardt, D Lukács - Proceedings of the 17th …, 2022 - dl.acm.org
In the AssureMOSS project we aim to improve the security of MOSS (Multi-party Open
Software and Services), which faces challenges of increasing complexity, high-frequency …
Software and Services), which faces challenges of increasing complexity, high-frequency …
The multibillion dollar software supply chain of Ethereum
Ethereum is the single largest programmable blockchain platform today. Ethereum nodes
operate the blockchain, relying on a vast supply chain of third-party software dependencies …
operate the blockchain, relying on a vast supply chain of third-party software dependencies …
[PDF][PDF] Technical leverage: Dependencies are a mixed blessing
F Massacci, I Pashchenko - IEEE Security & Privacy, 2021 - iris.unitn.it
Technical Leverage: dependencies mixed blessing Page 1 IEEE Security and Privacy
Magazine - Dept. Building Security In Editor: Fabio Massacci, fabio.massacci@ieee.org …
Magazine - Dept. Building Security In Editor: Fabio Massacci, fabio.massacci@ieee.org …
Trust, but Verify: Evaluating Developer Behavior in Mitigating Security Vulnerabilities in Open-Source Software Projects
This study investigates vulnerabilities in dependencies of sampled open-source software
(OSS) projects, the relationship between these and overall project security, and how …
(OSS) projects, the relationship between these and overall project security, and how …