References & Citations
Computer Science > Software Engineering
Title: Towards Measuring Vulnerabilities and Exposures in Open-Source Packages
(Submitted on 29 Jun 2022 (v1), last revised 9 May 2023 (this version, v2))
Abstract: Much of the current software depends on open-source components, which in turn have complex dependencies on other open-source libraries. Vulnerabilities in open source therefore have potentially huge impacts. The goal of this work is to get a quantitative overview of the frequency and evolution of existing vulnerabilities in popular software repositories and package managers. To this end, we provide an up-to-date overview of the open source landscape and its most popular package managers, we discuss approaches to map entries of the Common Vulnerabilities and Exposures (CVE) list to open-source libraries and we show the frequency and distribution of existing CVE entries with respect to popular programming languages.
Submission history
From: Sebastian Neumaier [view email][v1] Wed, 29 Jun 2022 10:51:23 GMT (188kb,D)
[v2] Tue, 9 May 2023 11:09:14 GMT (206kb,D)
Link back to: arXiv, form interface, contact.