Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite (Short Summary)

This short paper presents a study investigating the impact of typical development practices, like re-compilation, re-bundling, on the performance of vulnerability scanners to detect known vulnerabilities in used open-source dependencies. In particular, the paper studies (i) types of modifications that affect the detection of vulnerable open-source dependencies and (ii) their impact on the performance of vulnerability scanners through an empirical study on 7024 Java projects developed at SAP.

Dann, Andreas; Plate, Henrik; Hermann, Ben; Ponta, Serena Elisa; Bodden, Eric (2022): Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite (Short Summary). Software Engineering 2022. DOI: 10.18420/se2022-ws-003. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-714-2. pp. 21-23. Wissenschaftliches Hauptprogramm. Berlin/Virtuell. 21.-25. Feburar 2022

Schlagwörter

Security maintenance , Open-Source Software , Security Vulnerabilities

DOI

10.18420/se2022-ws-003

Sammlungen

P320 - Software Engineering 2022

Komplettanzeige

Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite (Short Summary)

Volltext URI

Dokumententyp

Dateien

Zusatzinformation

Datum

Autor:innen

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Quelle

Verlag

Zusammenfassung

Beschreibung

Schlagwörter

Zitierform

DOI

Tags

Sammlungen