Publications

Here is presented the list of publications related to software dependency matrix, organized by type and displayed in reverse chronological order.

Dependency metrics
Empirical studies
  • Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta, and Fabio Massacci (2020). Vuln4Real: A Methodology for Counting Actually Vulnerable Dependencies. IEEE Transactions on Software Engineering.
  • A. Zerouali, V. Cosentino, T. Mens, G. Robles, and J. M. Gonzalez Barahona (2019). On the impact of outdated and vulnerable javascript packages in docker images. In Proc. of IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER-19).
  • J. Huang, N. Borges, S. Bugiel, and M. Backes (2019). Up-to-crash: Evaluating third-party library updatability on Android. In Proc. of IEEE European Symposium on Security and Privacy (EuroS&P’19).
  • Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta, and Fabio Massacci (2018). Vulnerable Open Source Dependencies: Counting Those That Matter. In Proc. of International Symposium on Empirical Software Engineering and Measurement (ESEM2018).
  • S. E. Ponta, H. Plate, and A. Sabetta (2018). Beyond metadata: Code-centric and usage-based analysis of known vulnerabilities in open-source software. In Proc. of IEEE International Conference on Software Maintenance and Evolution (ICSME-18).
  • T. Lauinger, A. Chaabane, S. Arshad, W. Robertson, C. Wilson, and E. Kirda (2017). Thou shalt not depend on me: Analysing the use of outdated javascript libraries on the web. In Proc. of The Network and Distributed System Security Symposium (NDSS-17).
  • R. Kikas, G. Gousios, M. Dumas, and D. Pfah (2017). “Structure and evolution of package dependency networks. In Proc. of the Mining Software Repositories (MSR) conference.
  • E. Wittern, P. Suter, and S. Rajagopalan (2016). A look at the dynamics of the JavaScript package ecosystem. In Proc. of the Mining Software Repositories (MSR) conference.
  • S. S. Alqahtani, E. E. Eghan, and J. Rilling (2016). Tracing known security vulnerabilities in software repositories–a semantic web enabled modeling approach. Science of Computer Programming.
  • J. Hejderup (2015). In dependencies we trust: How vulnerable are dependencies in software modules?. Thesis.
  • M. Cadariu, E. Bouwers, J. Visser, and A. van Deursen (2015). Tracking known security vulnerabilities in proprietary software systems. In Proc. of IEEE International Conference onSoftware Analysis, Evolution and Reengineering (SANER-15).
  • H. Plate, S. E. Ponta, and A. Sabetta (2015). Impact assessment for vulnerabilities in open-source software libraries. In Proc. of IEEE International Conference on Software Maintenance and Evolution (ICSME-15).
Magazine papers or blogs posts