On the impact of security vulnerabilities in the npm and RubyGems dependency networks
نویسندگان
چکیده
The increasing interest in open source software has led to the emergence of large language-specific package distributions reusable libraries, such as npm and RubyGems. These packages can be subject vulnerabilities that may expose dependent through explicitly declared dependencies. Using Snyk’s vulnerability database, this article empirically studies affecting RubyGems packages. We analyse how when these are disclosed fixed, their prevalence changes over time. also vulnerable direct indirect dependents vulnerabilities. distinguish between two types dependents: distributed via manager, external GitHub projects depending on observe number is being faster than For both distributions, time required disclose Vulnerabilities affect a median 30 releases, while 59 releases A proportion exposed coming from or 33% 40% dependency which exposed, respectively, have fixes more recent within same major release range used dependency. Our findings reveal effort needed better secure distributions.
منابع مشابه
the geopolitics of afghanistan after september 11, 2001, and its impact on iranian national security
abstract u.s. attack to afghanistan after 9/11 provided opportunities for us who tried to become the dominant power after collapse of ussr and bipolar world. thinkers like fukuyama believed american liberal democrats thought would be universally accepted without resistances. liberal democracy is the best and final model of governance; in this regard, united state has moral responsibilities for...
15 صفحه اولthe u.s. policy in central asia and its impact on the colored revolutions in the region (the case study of tulip revolution in kyrgyzstan)
چکیده ندارد.
15 صفحه اولthe impact of e-readiness on ec success in public sector in iran the impact of e-readiness on ec success in public sector in iran
acknowledge the importance of e-commerce to their countries and to survival of their businesses and in creating and encouraging an atmosphere for the wide adoption and success of e-commerce in the long term. the investment for implementing e-commerce in the public sector is one of the areas which is focused in government‘s action plan for cross-disciplinary it development and e-readiness in go...
the impact of attending efl classes on the level of depression of iranian female learners and their attributional complexity
می توان گفت واقعیت چند لایه ا ی کلاس های زبان انگلیسی بسیار حائز اهمیت است، زیرا عواطف و بینش های زبان آموزان تحت تاثیر قرار می گیرد. در پژوهش پیش رو، گفته می شود که دبیران با در پیش گرفتن رویکرد فرا-انسانگرایی ، قادرند در زندگی دانش آموزانشان نقش مهمی را ایفا سازند. بر اساس گفته ی ویلیامز و بردن (2000)، برای کرل راجرز، یکی از بنیان گذاران رویکرد انسانگرایی ، یادگیری بر مبنای تجربه، نوعی از یاد...
the impact of morphological awareness on the vocabulary development of the iranian efl students
this study investigated the impact of explicit instruction of morphemic analysis and synthesis on the vocabulary development of the students. the participants were 90 junior high school students divided into two experimental groups and one control group. morphological awareness techniques (analysis/synthesis) and conventional techniques were used to teach vocabulary in the experimental groups a...
15 صفحه اولذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Empirical Software Engineering
سال: 2022
ISSN: ['1382-3256', '1573-7616']
DOI: https://doi.org/10.1007/s10664-022-10154-1