Loading…
Measuring Dependency Freshness in Software Systems
Modern software systems often make use of third-party components to speed-up development and reduce maintenance costs. In return, developers need to update to new releases of these dependencies to avoid, for example, security and compatibility risks. In practice, prioritizing these updates is diffic...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Conference Proceeding |
| Language: | English |
| Subjects: | |
| Online Access: | Request full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | |
|---|---|
| cites | |
| container_end_page | 118 |
| container_issue | |
| container_start_page | 109 |
| container_title | |
| container_volume | 2 |
| creator | Cox, Joel Bouwers, Eric van Eekelen, Marko Visser, Joost |
| description | Modern software systems often make use of third-party components to speed-up development and reduce maintenance costs. In return, developers need to update to new releases of these dependencies to avoid, for example, security and compatibility risks. In practice, prioritizing these updates is difficult because the use of outdated dependencies is often opaque. In this paper we aim to make this concept more transparent by introducing metrics to quantify the use of recent versions of dependencies, i.e. The system's "dependency freshness". We propose and investigate a system-level metric based on an industry benchmark. We validate the usefulness of the metric using interviews, analyze the variance of the metric through time, and investigate the relationship between outdated dependencies and security vulnerabilities. The results show that the measurements are considered useful, and that systems using outdated dependencies four times as likely to have security issues as opposed to systems that are up-to-date. |
| doi_str_mv | 10.1109/ICSE.2015.140 |
| format | conference_proceeding |
| fullrecord | <record><control><sourceid>ieee_CHZPO</sourceid><recordid>TN_cdi_ieee_primary_7202955</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>7202955</ieee_id><sourcerecordid>7202955</sourcerecordid><originalsourceid>FETCH-LOGICAL-i214t-db0d8232c99747c87f4661966d1a14a8826c71f3eedb816e5371767009ee40093</originalsourceid><addsrcrecordid>eNotzLtOw0AQQNEFgYQTKKlo_AMOM7PPKZFJIFIQhaGONvYYjIiJvEbIf08kaO7prlLXCAtE4Nt1WS0XBGgXaOBEzdB4ZmRt-FRlaG0okMieqQzIQ2HJ-gs1S-kDAJxhzhQ9SUzfQ9e_5fdykL6Rvp7y1SDpvZeU8q7Pq692_ImD5NWURtmnS3Xexs8kV__O1etq-VI-Fpvnh3V5tyk6QjMWzQ6aQJpqZm98HXxrnEN2rsGIJoZArvbYapFmF9CJ1R698wAsYo7Vc3Xz9-1EZHsYun0cpq0nILZW_wKRQEPK</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Measuring Dependency Freshness in Software Systems</title><source>IEEE Xplore All Conference Series</source><creator>Cox, Joel ; Bouwers, Eric ; van Eekelen, Marko ; Visser, Joost</creator><creatorcontrib>Cox, Joel ; Bouwers, Eric ; van Eekelen, Marko ; Visser, Joost</creatorcontrib><description>Modern software systems often make use of third-party components to speed-up development and reduce maintenance costs. In return, developers need to update to new releases of these dependencies to avoid, for example, security and compatibility risks. In practice, prioritizing these updates is difficult because the use of outdated dependencies is often opaque. In this paper we aim to make this concept more transparent by introducing metrics to quantify the use of recent versions of dependencies, i.e. The system's "dependency freshness". We propose and investigate a system-level metric based on an industry benchmark. We validate the usefulness of the metric using interviews, analyze the variance of the metric through time, and investigate the relationship between outdated dependencies and security vulnerabilities. The results show that the measurements are considered useful, and that systems using outdated dependencies four times as likely to have security issues as opposed to systems that are up-to-date.</description><identifier>ISSN: 0270-5257</identifier><identifier>EISSN: 1558-1225</identifier><identifier>EISBN: 1479919349</identifier><identifier>EISBN: 9781479919345</identifier><identifier>DOI: 10.1109/ICSE.2015.140</identifier><identifier>CODEN: IEEPAD</identifier><language>eng</language><publisher>IEEE</publisher><subject>Context ; Industries ; Security ; Software engineering ; software maintenance ; Software measurement ; software metrics ; Software systems</subject><ispartof>2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, 2015, Vol.2, p.109-118</ispartof><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/7202955$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,23930,23931,25140,27925,54555,54932</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/7202955$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Cox, Joel</creatorcontrib><creatorcontrib>Bouwers, Eric</creatorcontrib><creatorcontrib>van Eekelen, Marko</creatorcontrib><creatorcontrib>Visser, Joost</creatorcontrib><title>Measuring Dependency Freshness in Software Systems</title><title>2015 IEEE/ACM 37th IEEE International Conference on Software Engineering</title><addtitle>ICSE</addtitle><description>Modern software systems often make use of third-party components to speed-up development and reduce maintenance costs. In return, developers need to update to new releases of these dependencies to avoid, for example, security and compatibility risks. In practice, prioritizing these updates is difficult because the use of outdated dependencies is often opaque. In this paper we aim to make this concept more transparent by introducing metrics to quantify the use of recent versions of dependencies, i.e. The system's "dependency freshness". We propose and investigate a system-level metric based on an industry benchmark. We validate the usefulness of the metric using interviews, analyze the variance of the metric through time, and investigate the relationship between outdated dependencies and security vulnerabilities. The results show that the measurements are considered useful, and that systems using outdated dependencies four times as likely to have security issues as opposed to systems that are up-to-date.</description><subject>Context</subject><subject>Industries</subject><subject>Security</subject><subject>Software engineering</subject><subject>software maintenance</subject><subject>Software measurement</subject><subject>software metrics</subject><subject>Software systems</subject><issn>0270-5257</issn><issn>1558-1225</issn><isbn>1479919349</isbn><isbn>9781479919345</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2015</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotzLtOw0AQQNEFgYQTKKlo_AMOM7PPKZFJIFIQhaGONvYYjIiJvEbIf08kaO7prlLXCAtE4Nt1WS0XBGgXaOBEzdB4ZmRt-FRlaG0okMieqQzIQ2HJ-gs1S-kDAJxhzhQ9SUzfQ9e_5fdykL6Rvp7y1SDpvZeU8q7Pq692_ImD5NWURtmnS3Xexs8kV__O1etq-VI-Fpvnh3V5tyk6QjMWzQ6aQJpqZm98HXxrnEN2rsGIJoZArvbYapFmF9CJ1R698wAsYo7Vc3Xz9-1EZHsYun0cpq0nILZW_wKRQEPK</recordid><startdate>20150812</startdate><enddate>20150812</enddate><creator>Cox, Joel</creator><creator>Bouwers, Eric</creator><creator>van Eekelen, Marko</creator><creator>Visser, Joost</creator><general>IEEE</general><scope>6IE</scope><scope>6IH</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIO</scope></search><sort><creationdate>20150812</creationdate><title>Measuring Dependency Freshness in Software Systems</title><author>Cox, Joel ; Bouwers, Eric ; van Eekelen, Marko ; Visser, Joost</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i214t-db0d8232c99747c87f4661966d1a14a8826c71f3eedb816e5371767009ee40093</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2015</creationdate><topic>Context</topic><topic>Industries</topic><topic>Security</topic><topic>Software engineering</topic><topic>software maintenance</topic><topic>Software measurement</topic><topic>software metrics</topic><topic>Software systems</topic><toplevel>online_resources</toplevel><creatorcontrib>Cox, Joel</creatorcontrib><creatorcontrib>Bouwers, Eric</creatorcontrib><creatorcontrib>van Eekelen, Marko</creatorcontrib><creatorcontrib>Visser, Joost</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan (POP) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE</collection><collection>IEEE Proceedings Order Plans (POP) 1998-present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Cox, Joel</au><au>Bouwers, Eric</au><au>van Eekelen, Marko</au><au>Visser, Joost</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Measuring Dependency Freshness in Software Systems</atitle><btitle>2015 IEEE/ACM 37th IEEE International Conference on Software Engineering</btitle><stitle>ICSE</stitle><date>2015-08-12</date><risdate>2015</risdate><volume>2</volume><spage>109</spage><epage>118</epage><pages>109-118</pages><issn>0270-5257</issn><eissn>1558-1225</eissn><eisbn>1479919349</eisbn><eisbn>9781479919345</eisbn><coden>IEEPAD</coden><abstract>Modern software systems often make use of third-party components to speed-up development and reduce maintenance costs. In return, developers need to update to new releases of these dependencies to avoid, for example, security and compatibility risks. In practice, prioritizing these updates is difficult because the use of outdated dependencies is often opaque. In this paper we aim to make this concept more transparent by introducing metrics to quantify the use of recent versions of dependencies, i.e. The system's "dependency freshness". We propose and investigate a system-level metric based on an industry benchmark. We validate the usefulness of the metric using interviews, analyze the variance of the metric through time, and investigate the relationship between outdated dependencies and security vulnerabilities. The results show that the measurements are considered useful, and that systems using outdated dependencies four times as likely to have security issues as opposed to systems that are up-to-date.</abstract><pub>IEEE</pub><doi>10.1109/ICSE.2015.140</doi><tpages>10</tpages><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | ISSN: 0270-5257 |
| ispartof | 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, 2015, Vol.2, p.109-118 |
| issn | 0270-5257 1558-1225 |
| language | eng |
| recordid | cdi_ieee_primary_7202955 |
| source | IEEE Xplore All Conference Series |
| subjects | Context Industries Security Software engineering software maintenance Software measurement software metrics Software systems |
| title | Measuring Dependency Freshness in Software Systems |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-02T18%3A08%3A40IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Measuring%20Dependency%20Freshness%20in%20Software%20Systems&rft.btitle=2015%20IEEE/ACM%2037th%20IEEE%20International%20Conference%20on%20Software%20Engineering&rft.au=Cox,%20Joel&rft.date=2015-08-12&rft.volume=2&rft.spage=109&rft.epage=118&rft.pages=109-118&rft.issn=0270-5257&rft.eissn=1558-1225&rft.coden=IEEPAD&rft_id=info:doi/10.1109/ICSE.2015.140&rft.eisbn=1479919349&rft.eisbn_list=9781479919345&rft_dat=%3Cieee_CHZPO%3E7202955%3C/ieee_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i214t-db0d8232c99747c87f4661966d1a14a8826c71f3eedb816e5371767009ee40093%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=7202955&rfr_iscdi=true |