Write a Blog >>
MSR 2018
Mon 28 - Tue 29 May 2018 Gothenburg, Sweden
co-located with * ICSE 2018 *
Mon 28 May 2018 11:17 - 11:34 at E3 room - Modularity and Dependency Chair(s): Moritz Beller

Security vulnerabilities are among the most pressing problems in open source software package libraries. It may take a long time to discover and fix vulnerabilities in packages. In addition, vulnerabilities may propagate to dependent packages, making them vulnerable too. This paper presents an empirical study of nearly 400 security reports over a 6-year period in the npm dependency network containing over 610k JavaScript packages. Taking into account the severity of vulnerabilities, we analyse how and when these vulnerabilities are discovered and fixed, and to which extent they a ect other packages in the packaging ecosystem in presence of dependency constraints. We report our findings and provide guidelines for package maintainers and tool developers to improve the process of dealing with security issues.

Mon 28 May
Times are displayed in time zone: (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

11:00 - 12:30: Technical Papers - Modularity and Dependency at E3 room
Chair(s): Moritz BellerDelft University of Technology
msr-2018-papers11:00 - 11:17
Lina Ochoa , Thomas DegueuleCWI, Netherlands, Jurgen VinjuCentrum Wiskunde & Informatica / Technische Universiteit Eindhoven / SWAT.engineering BV
msr-2018-papers11:17 - 11:34
Link to publication DOI
msr-2018-papers11:34 - 11:51
Parisa Moslehi , Bram AdamsMCIS, École Polytechnique de Montréal, Juergen Rilling
msr-2018-papers11:51 - 12:08
Barbara RussoFree University of Bolzano
msr-2018-papers12:08 - 12:15
Arman ShahbazianUniversity of Southern California, Daye NamUniversity of Southern California, USA, Nenad MedvidovićUniversity of Southern California
msr-2018-papers12:15 - 12:30