1,974 research outputs found

    Vulnerable Open Source Dependencies: Counting Those That Matter

    Full text link
    BACKGROUND: Vulnerable dependencies are a known problem in today's open-source software ecosystems because OSS libraries are highly interconnected and developers do not always update their dependencies. AIMS: In this paper we aim to present a precise methodology, that combines the code-based analysis of patches with information on build, test, update dates, and group extracted from the very code repository, and therefore, caters to the needs of industrial practice for correct allocation of development and audit resources. METHOD: To understand the industrial impact of the proposed methodology, we considered the 200 most popular OSS Java libraries used by SAP in its own software. Our analysis included 10905 distinct GAVs (group, artifact, version) when considering all the library versions. RESULTS: We found that about 20% of the dependencies affected by a known vulnerability are not deployed, and therefore, they do not represent a danger to the analyzed library because they cannot be exploited in practice. Developers of the analyzed libraries are able to fix (and actually responsible for) 82% of the deployed vulnerable dependencies. The vast majority (81%) of vulnerable dependencies may be fixed by simply updating to a new version, while 1% of the vulnerable dependencies in our sample are halted, and therefore, potentially require a costly mitigation strategy. CONCLUSIONS: Our case study shows that the correct counting allows software development companies to receive actionable information about their library dependencies, and therefore, correctly allocate costly development and audit resources, which is spent inefficiently in case of distorted measurements.Comment: This is a pre-print of the paper that appears, with the same title, in the proceedings of the 12th International Symposium on Empirical Software Engineering and Measurement, 201

    Persistence of the School Entry Age Effect in a System of Flexible Tracking

    Get PDF
    In Germany, the streaming of students into an academic or nonacademic track at age 10 can be revised at later stages of secondary education. To investigate the importance of such revisions, we use administrative data on the student population in the German state of Hessen to measure the persistence of school entry age’s impact on choice of secondary school track. Based on exogenous variation in the school entry age by birth month, we obtain regression discontinuity estimates for different cohorts and grades up to the end of secondary education. We show that the effect of original school entry age on a student’s later attending grammar school disappears exactly at the grade level in which educational institutions facilitate track modification.Education, identification, regression discontinuity design, instrumental variables, relative maturity

    Emissions of plant protection products from glasshouses to surface water in The Netherlands

    Get PDF
    Momenteel wordt een vast percentage van 0.1% gebruikt voor de emissie van gewasbeschermingsmiddelen vanuit kassen naar het oppervlaktewater. Metingsgegevens van waterschappen wijzen erop dat de emissie van gewasbeschermingsmiddelen en biociden naar het oppervlaktewater hoger zijn dan aangenomen wordt in de toelatingsprocedure. Dit rapport onderzoekt of nieuwe benaderingen nodig zijn. De onderzoeksresultaten duiden er op dat de werkelijke emissie sterk verschilt tussen verschillende gewassen, teeltsystemen en toedieningswijzen. Dit zou in de evaluatie van de emissie meegenomen moeten worden

    S0 galaxies are faded spirals: clues from their angular momentum content

    Get PDF
    The distribution of galaxies in the stellar specific angular momentum versus stellar mass plane (j⋆j_{\star}-M⋆M_{\star}) provides key insights into their formation mechanisms. In this paper, we determine the location in this plane of a sample of ten field/group unbarred lenticular (S0) galaxies from the CALIFA survey. We performed a bulge-disc decomposition both photometrically and kinematically to study the stellar specific angular momentum of the disc components alone and understand the evolutionary links between S0s and other Hubble types. We found that eight of our S0 discs have a distribution in the j⋆j_{\star}-M⋆M_{\star} plane that is fully compatible with that of spiral discs, while only two have values of j⋆j_{\star} lower than the spirals. These two outliers show signs of recent merging. Our results suggest that merger and interaction processes are not the dominant mechanisms in S0 formation in low-density environments. Instead, S0s appear to be the result of secular processes and the fading of spiral galaxies after the shutdown of star formation.Comment: 35 pages, 22 figures. Accepted for publication in MNRA

    Steady temperature and density distributions in a gas containing heat sources

    Get PDF
    Computer program, STADDIG, is based on steady state, one dimensional heat transfer calculation using cylindrical coordinates. Program allows for conduction across gas and container walls. Heat is dissipated from walls by forced convection cooling with incompressible coolant. Heat sources are included in coolant, gas, and walls

    Restricted three-body problem in effective-field-theory models of gravity

    Full text link
    One of the outstanding problems of classical celestial mechanics was the restricted 3-body prob- lem, in which a planetoid of small mass is subject to the Newtonian attraction of two celestial bodies of large mass, as it occurs, for example, in the sun-earth-moon system. On the other hand, over the last decades, a systematic investigation of quantum corrections to the Newtonian potential has been carried out in the literature on quantum gravity. The present paper studies the effect of these tiny quantum corrections on the evaluation of equilibrium points. It is shown that, despite the extreme smallness of the corrections, there exists no choice of sign of these corrections for which all qualitative features of the restricted 3-body problem in Newtonian theory remain unaffected. Moreover, first-order stability of equilibrium points is characterized by solving a pair of algebraic equations of fifth degree, where some coefficients depend on the Planck length. The coordinates of stable equilibrium points are slightly changed with respect to Newtonian theory, because the planetoid is no longer at equal distance from the two bodies of large mass. The effect is conceptually interesting but too small to be observed, at least for the restricted 3-body problems available in the solar system.Comment: 20 pages, latex, 8 figure

    Casenote: Chicago and North Western Transportation Co. v. United States

    Get PDF
    • …
    corecore