Modern software development is increasingly dependent on components, libraries and frameworks coming from third party vendors or open-source suppliers and made available through a number of platforms (or 'forges'). This way of writing software puts an emphasis on reuse and on composition, commoditizing the services which modern applications require. On the other hand, bugs and vulnerabilities in a single library living in one such ecosystem can affect, directly or by transitivity, a huge number of other libraries and applications. Currently, only product-level information on library dependencies is used to contain this kind of danger, but this knowledge often reveals itself too imprecise to lead to effective (and possibly automated) handling policies. We will discuss how fine-grained function-level dependencies can greatly improve reliability and reduce the impact of vulnerabilities on the whole software ecosystem.
How network analysis can improve the reliability of modern software ecosystems / P. Boldi - In: 2019 IEEE First International Conference on Cognitive Machine Intelligence (CogMI)[s.l] : IEEE, 2019. - ISBN 978-1-7281-6737-4. - pp. 168-172 (( Intervento presentato al 1. convegno International Conference on Cognitive Machine Intelligence, CogMI tenutosi a Los Angeles nel 2019 [10.1109/CogMI48466.2019.00032].
How network analysis can improve the reliability of modern software ecosystems
P. Boldi
2019
Abstract
Modern software development is increasingly dependent on components, libraries and frameworks coming from third party vendors or open-source suppliers and made available through a number of platforms (or 'forges'). This way of writing software puts an emphasis on reuse and on composition, commoditizing the services which modern applications require. On the other hand, bugs and vulnerabilities in a single library living in one such ecosystem can affect, directly or by transitivity, a huge number of other libraries and applications. Currently, only product-level information on library dependencies is used to contain this kind of danger, but this knowledge often reveals itself too imprecise to lead to effective (and possibly automated) handling policies. We will discuss how fine-grained function-level dependencies can greatly improve reliability and reduce the impact of vulnerabilities on the whole software ecosystem.
| File | Dimensione | Formato | |
|---|---|---|---|
|
How_Network_Analysis_Can_Improve_the_Reliability_of_Modern_Software_Ecosystems.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
473.65 kB
Formato
Adobe PDF
|
473.65 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
