Techleverage: Publications

F. Massacci and I. Pashchenko (2021). Technical Leverage in a Software Ecosystem: Development Opportunities and Security Risks. ACM/IEEE International Conference on Software Engineering (ICSE-2021).
A. Zerouali, T. Mens, J. Gonzalez-Barahona, A. Decan, E. Constantinou, and G. Robles (2019). A formal framework for measuring technical lag in component repositories—and its application to npm. Software: evolution and process.
R. G. Kula, D. M. German, A. Ouni, T. Ishio, and K. Inoue (2017). Do developers update their library dependencies?. Empirical Software Engineering.
J. Cox, E. Bouwers, M. van Eekelen, and J. Visser (2015). Measuring dependency freshness in software systems. ACM/IEEE International Conference on Software Engineering (ICSE-2015).

Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta, and Fabio Massacci (2020). Vuln4Real: A Methodology for Counting Actually Vulnerable Dependencies. IEEE Transactions on Software Engineering.
A. Zerouali, V. Cosentino, T. Mens, G. Robles, and J. M. Gonzalez Barahona (2019). On the impact of outdated and vulnerable javascript packages in docker images. In Proc. of IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER-19).
J. Huang, N. Borges, S. Bugiel, and M. Backes (2019). Up-to-crash: Evaluating third-party library updatability on Android. In Proc. of IEEE European Symposium on Security and Privacy (EuroS&P’19).
Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta, and Fabio Massacci (2018). Vulnerable Open Source Dependencies: Counting Those That Matter. In Proc. of International Symposium on Empirical Software Engineering and Measurement (ESEM2018).
S. E. Ponta, H. Plate, and A. Sabetta (2018). Beyond metadata: Code-centric and usage-based analysis of known vulnerabilities in open-source software. In Proc. of IEEE International Conference on Software Maintenance and Evolution (ICSME-18).
T. Lauinger, A. Chaabane, S. Arshad, W. Robertson, C. Wilson, and E. Kirda (2017). Thou shalt not depend on me: Analysing the use of outdated javascript libraries on the web. In Proc. of The Network and Distributed System Security Symposium (NDSS-17).
R. Kikas, G. Gousios, M. Dumas, and D. Pfah (2017). “Structure and evolution of package dependency networks. In Proc. of the Mining Software Repositories (MSR) conference.
E. Wittern, P. Suter, and S. Rajagopalan (2016). A look at the dynamics of the JavaScript package ecosystem. In Proc. of the Mining Software Repositories (MSR) conference.
S. S. Alqahtani, E. E. Eghan, and J. Rilling (2016). Tracing known security vulnerabilities in software repositories–a semantic web enabled modeling approach. Science of Computer Programming.
J. Hejderup (2015). In dependencies we trust: How vulnerable are dependencies in software modules?. Thesis.
M. Cadariu, E. Bouwers, J. Visser, and A. van Deursen (2015). Tracking known security vulnerabilities in proprietary software systems. In Proc. of IEEE International Conference onSoftware Analysis, Evolution and Reengineering (SANER-15).
H. Plate, S. E. Ponta, and A. Sabetta (2015). Impact assessment for vulnerabilities in open-source software libraries. In Proc. of IEEE International Conference on Software Maintenance and Evolution (ICSME-15).

Publications

Dependency metrics

Empirical studies

Magazine papers or blogs posts

Want your paper to be added? Found an error?