Approximate Structural Context Matching: An Approach to Recommend Relevant Examples
IEEE Transactions on Software Engineering
ICSE '07 Proceedings of the 29th international conference on Software Engineering
OPUS: online patches and updates for security
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
IEEE Transactions on Software Engineering
Parseweb: a programmer assistant for reusing open source code on the web
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Understanding and Auditing the Licensing of Open Source Software Distributions
ICPC '10 Proceedings of the 2010 IEEE 18th International Conference on Program Comprehension
A sentence-matching method for automatic license identification of source code files
Proceedings of the IEEE/ACM international conference on Automated software engineering
Toward automated detection of logic vulnerabilities in web applications
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Software bertillonage: finding the provenance of an entity
Proceedings of the 8th Working Conference on Mining Software Repositories
Empirical Software Engineering
Hi-index | 0.00 |
A software system often includes a set of library dependencies and other software artifacts necessary for the system's proper operation. However, long-term maintenance problems related to reused software can gradually emerge over the lifetime of the deployed system. In our exploratory study we propose a manual technique to locate documented security and legal problems in a set of reused software artifacts. We evaluate our technique with a case study of 81 Java libraries found in a proprietary e-commerce web application. Using our approach we discovered both a potential legal problem with one library, and a second library that was affected by a known security vulnerability. These results support our larger thesis: software reuse entails long-term maintenance costs. In future work we strive to develop automated techniques by which developers, managers, and other software stakeholders can measure, address, and minimize these costs over the lifetimes of their software assets.