10,875 research outputs found
Impact assessment for vulnerabilities in open-source software libraries
Software applications integrate more and more open-source software (OSS) to
benefit from code reuse. As a drawback, each vulnerability discovered in
bundled OSS potentially affects the application. Upon the disclosure of every
new vulnerability, the application vendor has to decide whether it is
exploitable in his particular usage context, hence, whether users require an
urgent application patch containing a non-vulnerable version of the OSS.
Current decision making is mostly based on high-level vulnerability
descriptions and expert knowledge, thus, effort intense and error prone. This
paper proposes a pragmatic approach to facilitate the impact assessment,
describes a proof-of-concept for Java, and examines one example vulnerability
as case study. The approach is independent from specific kinds of
vulnerabilities or programming languages and can deliver immediate results
Open Source Software Libraries
Open source software is not something to be afraid of! It\u27s software that you can modify, fix, add to, and distribute to others. Benefits are numerous, including having the ability to create good software that works for you and your library, all while paying a fraction of the cost that you might spend on proprietary software. This website introduces librarians to using open source software and provides tips for implementing and evaluating your transition, ideas for funding, and suggestions for open source software to use in your library. Website can be viewed online at http://slis.uiowa.edu/~slochhaas/osslibraries
Analyzing Maintenance Activities of Software Libraries
Industrial applications heavily integrate open-source software libraries
nowadays. Beyond the benefits that libraries bring, they can also impose a real
threat in case a library is affected by a vulnerability but its community is
not active in creating a fixing release. Therefore, I want to introduce an
automatic monitoring approach for industrial applications to identify
open-source dependencies that show negative signs regarding their current or
future maintenance activities. Since most research in this field is limited due
to lack of features, labels, and transitive links, and thus is not applicable
in industry, my approach aims to close this gap by capturing the impact of
direct and transitive dependencies in terms of their maintenance activities.
Automatically monitoring the maintenance activities of dependencies reduces the
manual effort of application maintainers and supports application security by
continuously having well-maintained dependencies.Comment: International Conference on Evaluation and Assessment in Software
Engineering (EASE '23
Unit Testing of Energy Consumption of Software Libraries
International audienceThe development of energy-efficient software has become a key requirement for a large number of devices, from smartphones to data centers. However, measuring accurately this consumption is a major challenge that state-of-the-art approaches have tried to tackle with a limited success. While monitoring applications' consumption offers a clear insight on where the energy is being spent, it does not help in understanding how the energy is consumed. In this paper, we therefore introduce Jalen Unit, a software framework that infers the energy consumption model of software libraries from execution traces. This model can then be used to diagnose application code for detecting energy bugs, understanding energy distribution, establishing energy profiles and classifications, and comparing software libraries against their energy consumption
- …