Tracing Vulnerability Propagation Across Open Source Software Ecosystems
By: Jukka Ruohonen, Qusai Ramadan
Potential Business Impact:
Finds how software problems spread through many projects.
The paper presents a traceability analysis of how over 84 thousand vulnerabilities have propagated across 28 open source software ecosystems. According to the results, the propagation sequences have been complex in general, although GitHub, Debian, and Ubuntu stand out. Furthermore, the associated propagation delays have been lengthy, and these do not correlate well with the number of ecosystems involved in the associated sequences. Nor does the presence or absence of particularly ecosystems in the sequences yield clear, interpretable patterns. With these results, the paper contributes to the overlapping knowledge bases about software ecosystems, traceability, and vulnerabilities.
Similar Papers
An Accurate and Efficient Vulnerability Propagation Analysis Framework
Software Engineering
Finds how far computer bugs can spread.
Open Source, Open Threats? Investigating Security Challenges in Open-Source Software
Cryptography and Security
Finds hidden security flaws in free software.
A Time Series Analysis of Malware Uploads to Programming Language Ecosystems
Cryptography and Security
Finds more computer viruses than other bugs.