Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/156369
Title: An in-depth study of software library upgrade dependency issues
Authors: Yeo, Nicholas Ming Jie
Keywords: Library and information science::Libraries::Technologies
Issue Date: 2022
Publisher: Nanyang Technological University
Source: Yeo, N. M. J. (2022). An in-depth study of software library upgrade dependency issues. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/156369
Project: SCSE21-0125
Abstract: With the increase in the demand of software systems, there is an increase in the demand for efficient software building. Therefore, it is a standard practice for developers to “re-use” code written by third parties. These codes are tools provided by third-party software libraries. The reliance on these third-party software libraries is growing, causing the number of vulnerabilities found in software systems that incorporate them to increase. Third-party software libraries used in software systems are regarded as sources of vulnerabilities as they can be exploited by attackers. Moreover, compatibility issues between third-party software libraries and the software systems that utilizes them arises due to asynchronous updates and negligence of developers. This study will be proposing a method to detect these vulnerabilities. In addition, there will be a discussion on the level of third-party library dependency issues or how much software systems in the market are dependent on third party software libraries and the effort needed to detect, prevent, or mitigate these issues. The proposed method to detect vulnerabilities, will be applied to 15 open-source projects written in Python with respect to 3 different software libraries. In this study, it is detected that there is a high level of third-party library dependency issue due to relatively high amount of application programming interface (API) calls made by open-source projects. It is also observed that the size of a project has no influence on the number of API calls made to the third-party software libraries. It is observed that the increase reliance on third-party software libraries calls for a need to increase the focus on detecting security vulnerabilities caused by these libraries. Developers that utilize these software libraries are urged to put in a conscientious effort to mitigate these threats as they are potentially harmful and can have a big impact to their software systems.
URI: https://hdl.handle.net/10356/156369
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
U1821000A_NicholasYeoMingJie_FinalReport(DrNTU).pdf
  Restricted Access
846.43 kBAdobe PDFView/Open

Page view(s)

15
Updated on May 17, 2022

Download(s)

3
Updated on May 17, 2022

Google ScholarTM

Check

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.