Write a Blog >>
MSR 2018
Mon 28 - Tue 29 May 2018 Gothenburg, Sweden
co-located with * ICSE 2018 *
Mon 28 May 2018 11:17 - 11:34 at E3 room - Modularity and Dependency Chair(s): Moritz Beller

Security vulnerabilities are among the most pressing problems in open source software package libraries. It may take a long time to discover and fix vulnerabilities in packages. In addition, vulnerabilities may propagate to dependent packages, making them vulnerable too. This paper presents an empirical study of nearly 400 security reports over a 6-year period in the npm dependency network containing over 610k JavaScript packages. Taking into account the severity of vulnerabilities, we analyse how and when these vulnerabilities are discovered and fixed, and to which extent they a ect other packages in the packaging ecosystem in presence of dependency constraints. We report our findings and provide guidelines for package maintainers and tool developers to improve the process of dealing with security issues.

Mon 28 May

msr-2018-papers
11:00 - 12:30: Technical Papers - Modularity and Dependency at E3 room
Chair(s): Moritz BellerDelft University of Technology
msr-2018-papers11:00 - 11:17
Full-paper
Lina Ochoa , Thomas DegueuleCWI, Netherlands, Jurgen VinjuCentrum Wiskunde & Informatica / Technische Universiteit Eindhoven / SWAT.engineering BV
msr-2018-papers11:17 - 11:34
Full-paper
Link to publication DOI
msr-2018-papers11:34 - 11:51
Full-paper
Parisa Moslehi , Bram AdamsMCIS, École Polytechnique de Montréal, Juergen Rilling
Pre-print
msr-2018-papers11:51 - 12:08
Full-paper
Barbara RussoFree University of Bolzano
Pre-print
msr-2018-papers12:08 - 12:15
Short-paper
Arman ShahbazianUniversity of Southern California, Daye NamUniversity of Southern California, USA, Nenad MedvidovićUniversity of Southern California
Pre-print
msr-2018-papers12:15 - 12:30
Other