We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.SE
< prev | next >
new | recent | 2206

Change to browse by:

cs
cs.CR

References & Citations

DBLP - CS Bibliography

listing | bibtex

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo

Computer Science > Software Engineering

Title: Towards Measuring Vulnerabilities and Exposures in Open-Source Packages

Authors: Tobias Dam, Sebastian Neumaier
(Submitted on 29 Jun 2022 (v1), last revised 9 May 2023 (this version, v2))
Abstract: Much of the current software depends on open-source components, which in turn have complex dependencies on other open-source libraries. Vulnerabilities in open source therefore have potentially huge impacts. The goal of this work is to get a quantitative overview of the frequency and evolution of existing vulnerabilities in popular software repositories and package managers. To this end, we provide an up-to-date overview of the open source landscape and its most popular package managers, we discuss approaches to map entries of the Common Vulnerabilities and Exposures (CVE) list to open-source libraries and we show the frequency and distribution of existing CVE entries with respect to popular programming languages.
Subjects: Software Engineering (cs.SE); Cryptography and Security (cs.CR)
Journal reference: Proceedings of the 5th International Data Science Conference - iDSC2023
Cite as: arXiv:2206.14527 [cs.SE]
  (or arXiv:2206.14527v2 [cs.SE] for this version)

Submission history

From: Sebastian Neumaier [view email]
[v1] Wed, 29 Jun 2022 10:51:23 GMT (188kb,D)
[v2] Tue, 9 May 2023 11:09:14 GMT (206kb,D)
Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)

Link back to: arXiv, form interface, contact.