1,974 research outputs found
Vulnerable Open Source Dependencies: Counting Those That Matter
BACKGROUND: Vulnerable dependencies are a known problem in today's
open-source software ecosystems because OSS libraries are highly interconnected
and developers do not always update their dependencies. AIMS: In this paper we
aim to present a precise methodology, that combines the code-based analysis of
patches with information on build, test, update dates, and group extracted from
the very code repository, and therefore, caters to the needs of industrial
practice for correct allocation of development and audit resources. METHOD: To
understand the industrial impact of the proposed methodology, we considered the
200 most popular OSS Java libraries used by SAP in its own software. Our
analysis included 10905 distinct GAVs (group, artifact, version) when
considering all the library versions. RESULTS: We found that about 20% of the
dependencies affected by a known vulnerability are not deployed, and therefore,
they do not represent a danger to the analyzed library because they cannot be
exploited in practice. Developers of the analyzed libraries are able to fix
(and actually responsible for) 82% of the deployed vulnerable dependencies. The
vast majority (81%) of vulnerable dependencies may be fixed by simply updating
to a new version, while 1% of the vulnerable dependencies in our sample are
halted, and therefore, potentially require a costly mitigation strategy.
CONCLUSIONS: Our case study shows that the correct counting allows software
development companies to receive actionable information about their library
dependencies, and therefore, correctly allocate costly development and audit
resources, which is spent inefficiently in case of distorted measurements.Comment: This is a pre-print of the paper that appears, with the same title,
in the proceedings of the 12th International Symposium on Empirical Software
Engineering and Measurement, 201
Persistence of the School Entry Age Effect in a System of Flexible Tracking
In Germany, the streaming of students into an academic or nonacademic track at age 10 can be revised at later stages of secondary education. To investigate the importance of such revisions, we use administrative data on the student population in the German state of Hessen to measure the persistence of school entry age’s impact on choice of secondary school track. Based on exogenous variation in the school entry age by birth month, we obtain regression discontinuity estimates for different cohorts and grades up to the end of secondary education. We show that the effect of original school entry age on a student’s later attending grammar school disappears exactly at the grade level in which educational institutions facilitate track modification.Education, identification, regression discontinuity design, instrumental variables, relative maturity
Emissions of plant protection products from glasshouses to surface water in The Netherlands
Momenteel wordt een vast percentage van 0.1% gebruikt voor de emissie van gewasbeschermingsmiddelen vanuit kassen naar het oppervlaktewater. Metingsgegevens van waterschappen wijzen erop dat de emissie van gewasbeschermingsmiddelen en biociden naar het oppervlaktewater hoger zijn dan aangenomen wordt in de toelatingsprocedure. Dit rapport onderzoekt of nieuwe benaderingen nodig zijn. De onderzoeksresultaten duiden er op dat de werkelijke emissie sterk verschilt tussen verschillende gewassen, teeltsystemen en toedieningswijzen. Dit zou in de evaluatie van de emissie meegenomen moeten worden
S0 galaxies are faded spirals: clues from their angular momentum content
The distribution of galaxies in the stellar specific angular momentum versus
stellar mass plane (-) provides key insights into their
formation mechanisms. In this paper, we determine the location in this plane of
a sample of ten field/group unbarred lenticular (S0) galaxies from the CALIFA
survey. We performed a bulge-disc decomposition both photometrically and
kinematically to study the stellar specific angular momentum of the disc
components alone and understand the evolutionary links between S0s and other
Hubble types. We found that eight of our S0 discs have a distribution in the
- plane that is fully compatible with that of spiral
discs, while only two have values of lower than the spirals. These
two outliers show signs of recent merging. Our results suggest that merger and
interaction processes are not the dominant mechanisms in S0 formation in
low-density environments. Instead, S0s appear to be the result of secular
processes and the fading of spiral galaxies after the shutdown of star
formation.Comment: 35 pages, 22 figures. Accepted for publication in MNRA
Steady temperature and density distributions in a gas containing heat sources
Computer program, STADDIG, is based on steady state, one dimensional heat transfer calculation using cylindrical coordinates. Program allows for conduction across gas and container walls. Heat is dissipated from walls by forced convection cooling with incompressible coolant. Heat sources are included in coolant, gas, and walls
Restricted three-body problem in effective-field-theory models of gravity
One of the outstanding problems of classical celestial mechanics was the
restricted 3-body prob- lem, in which a planetoid of small mass is subject to
the Newtonian attraction of two celestial bodies of large mass, as it occurs,
for example, in the sun-earth-moon system. On the other hand, over the last
decades, a systematic investigation of quantum corrections to the Newtonian
potential has been carried out in the literature on quantum gravity. The
present paper studies the effect of these tiny quantum corrections on the
evaluation of equilibrium points. It is shown that, despite the extreme
smallness of the corrections, there exists no choice of sign of these
corrections for which all qualitative features of the restricted 3-body problem
in Newtonian theory remain unaffected. Moreover, first-order stability of
equilibrium points is characterized by solving a pair of algebraic equations of
fifth degree, where some coefficients depend on the Planck length. The
coordinates of stable equilibrium points are slightly changed with respect to
Newtonian theory, because the planetoid is no longer at equal distance from the
two bodies of large mass. The effect is conceptually interesting but too small
to be observed, at least for the restricted 3-body problems available in the
solar system.Comment: 20 pages, latex, 8 figure
Recommended from our members
Final proposal to encode the Cuneiform script in the SMP of the UCS
This is a proposal to encode the Phoenician script in the international character encoding standard Unicode. This script was published in Unicode Standard version 5.0 in July 2006. The Phoenician script is an historic script, used to represent texts in Paleo-Hebrew, Archaic Phoenician, Phoenician, Early Aramaic, Late Phoenician cursive, Phoenician papyri, Siloam Hebrew, Hebrew seals, Ammonite, Moabite, and Punic. Although some scholars today use Square Hebrew to transliterate Paleo-Hebrew, the Phoenician script was included in Unicode to be able to represent the historic script directly
- …