IRIS

Developers are known to keep third-party dependencies of their projects outdated even if some of them are affected by known vulnerabilities. In this study we aim to understand why they do so. For this, we conducted 25 semi-structured interviews with developers of both large and small-medium enterprises located in nine countries. All interviews were transcribed, coded, and analyzed according to applied thematic analysis. The results of the study reveal important aspects of developers’ practices that should be considered by security researchers and dependency tool developers to improve the security of the dependency management process.

Preliminary Findings on FOSS Dependencies and Security : A Qualitative Study on Developers' Attitudes and Experience / Pashchenko, Ivan; Vu Duc, Ly; Massacci, Fabio. - (2020), pp. 284-285. (Intervento presentato al convegno 42nd ACM/IEEE International Conference on Software Engineering: Companion, ICSE-Companion 2020 tenutosi a South Korea nel 27 June 2020- 19 July 2020) [10.1145/3377812.3390903].

Preliminary Findings on FOSS Dependencies and Security : A Qualitative Study on Developers' Attitudes and Experience

Pashchenko, Ivan;Vu, Duc-Ly;Massacci, Fabio
2020-01-01

Abstract

Developers are known to keep third-party dependencies of their projects outdated even if some of them are affected by known vulnerabilities. In this study we aim to understand why they do so. For this, we conducted 25 semi-structured interviews with developers of both large and small-medium enterprises located in nine countries. All interviews were transcribed, coded, and analyzed according to applied thematic analysis. The results of the study reveal important aspects of developers’ practices that should be considered by security researchers and dependency tool developers to improve the security of the dependency management process.
2020
ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering: Companion Proceedings
345 E 47TH ST, NEW YORK, NY 10017 USA
Institute of Electrical and Electronics Engineers Inc.
2-s2.0-85098594552
WOS:000637244600085
Preliminary Findings on FOSS Dependencies and Security : A Qualitative Study on Developers' Attitudes and Experience / Pashchenko, Ivan; Vu Duc, Ly; Massacci, Fabio. - (2020), pp. 284-285. (Intervento presentato al convegno 42nd ACM/IEEE International Conference on Software Engineering: Companion, ICSE-Companion 2020 tenutosi a South Korea nel 27 June 2020- 19 July 2020) [10.1145/3377812.3390903].
Pashchenko, Ivan; Vu Duc, Ly; Massacci, Fabio
File in questo prodotto:
File Dimensione Formato  
3377812.3390903.pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 442.91 kB
Formato Adobe PDF
  Visualizza/Apri
442.91 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/285418
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 1
  • OpenAlex ND
social impact