Modern software development is increasingly dependent on components, libraries and frameworks coming from third party vendors or open-source suppliers and made available through a number of platforms (or 'forges'). This way of writing software puts an emphasis on reuse and on composition, commoditizing the services which modern applications require. On the other hand, bugs and vulnerabilities in a single library living in one such ecosystem can affect, directly or by transitivity, a huge number of other libraries and applications. Currently, only product-level information on library dependencies is used to contain this kind of danger, but this knowledge often reveals itself too imprecise to lead to effective (and possibly automated) handling policies. We will discuss how fine-grained function-level dependencies can greatly improve reliability and reduce the impact of vulnerabilities on the whole software ecosystem.

How network analysis can improve the reliability of modern software ecosystems / P. Boldi - In: 2019 IEEE First International Conference on Cognitive Machine Intelligence (CogMI)[s.l] : IEEE, 2019. - ISBN 978-1-7281-6737-4. - pp. 168-172 (( Intervento presentato al 1. convegno International Conference on Cognitive Machine Intelligence, CogMI tenutosi a Los Angeles nel 2019 [10.1109/CogMI48466.2019.00032].

How network analysis can improve the reliability of modern software ecosystems

P. Boldi
2019

Abstract

Modern software development is increasingly dependent on components, libraries and frameworks coming from third party vendors or open-source suppliers and made available through a number of platforms (or 'forges'). This way of writing software puts an emphasis on reuse and on composition, commoditizing the services which modern applications require. On the other hand, bugs and vulnerabilities in a single library living in one such ecosystem can affect, directly or by transitivity, a huge number of other libraries and applications. Currently, only product-level information on library dependencies is used to contain this kind of danger, but this knowledge often reveals itself too imprecise to lead to effective (and possibly automated) handling policies. We will discuss how fine-grained function-level dependencies can greatly improve reliability and reduce the impact of vulnerabilities on the whole software ecosystem.
Software reuse; security breaches; network analysis
Settore INF/01 - Informatica
Book Part (author)
File in questo prodotto:
File Dimensione Formato  
How_Network_Analysis_Can_Improve_the_Reliability_of_Modern_Software_Ecosystems.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 473.65 kB
Formato Adobe PDF
473.65 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/2434/904893
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact