Demystifying the vulnerability propagation and its evolution via dependency trees in the npm ecosystem
Third-party libraries with rich functionalities facilitate the fast development of JavaScript
software, leading to the explosive growth of the NPM ecosystem. However, it also brings …
software, leading to the explosive growth of the NPM ecosystem. However, it also brings …
Empirical analysis of security vulnerabilities in python packages
Software ecosystems play an important role in modern software development, providing an
open platform of reusable packages that speed up and facilitate development tasks …
open platform of reusable packages that speed up and facilitate development tasks …
Modular call graph construction for security scanning of node. js applications
Most of the code in typical Node. js applications comes from third-party libraries that consist
of a large number of interdependent modules. Because of the dynamic features of …
of a large number of interdependent modules. Because of the dynamic features of …
A Systematic Literature Review on Maintenance of Software Containers
Nowadays, cloud computing is gaining tremendous attention to deliver information via the
internet. Virtualization plays a major role in cloud computing as it deploys multiple virtual …
internet. Virtualization plays a major role in cloud computing as it deploys multiple virtual …
Vuln4real: A methodology for counting actually vulnerable dependencies
Vulnerable dependencies are a known problem in today's free open-source software
ecosystems because FOSS libraries are highly interconnected, and developers do not …
ecosystems because FOSS libraries are highly interconnected, and developers do not …
An empirical study of dependency downgrades in the npm ecosystem
In a software ecosystem, a dependency relationship enables a client package to reuse a
certain version of a provider package. Packages in a software ecosystem often release …
certain version of a provider package. Packages in a software ecosystem often release …
On the discoverability of npm vulnerabilities in node. js projects
The reliance on vulnerable dependencies is a major threat to software systems.
Dependency vulnerabilities are common and remain undisclosed for years. However, once …
Dependency vulnerabilities are common and remain undisclosed for years. However, once …
[HTML][HTML] Lic-Sec: an enhanced AppArmor Docker security profile generator
H Zhu, C Gehrmann - Journal of Information Security and Applications, 2021 - Elsevier
Along with the rapid development of cloud computing technology, containerization
technology has drawn much attention from both industry and academia. In this paper, we …
technology has drawn much attention from both industry and academia. In this paper, we …
On measuring vulnerable javascript functions in the wild
JavaScript is often rated as the most popular programming language for the development of
both client-side and server-side applications, and is currently used in almost all websites …
both client-side and server-side applications, and is currently used in almost all websites …
What are the characteristics of highly-selected packages? A case study on the npm ecosystem
With the popularity of software ecosystems, the number of open source components (known
as packages) has grown rapidly. Identifying high-quality and well-maintained packages from …
as packages) has grown rapidly. Identifying high-quality and well-maintained packages from …