Please use this identifier to cite or link to this item:
|Title:||An in-depth study of software library upgrade dependency issues||Authors:||Yeo, Nicholas Ming Jie||Keywords:||Library and information science::Libraries::Technologies||Issue Date:||2022||Publisher:||Nanyang Technological University||Source:||Yeo, N. M. J. (2022). An in-depth study of software library upgrade dependency issues. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/156369||Project:||SCSE21-0125||Abstract:||With the increase in the demand of software systems, there is an increase in the demand for efficient software building. Therefore, it is a standard practice for developers to “re-use” code written by third parties. These codes are tools provided by third-party software libraries. The reliance on these third-party software libraries is growing, causing the number of vulnerabilities found in software systems that incorporate them to increase. Third-party software libraries used in software systems are regarded as sources of vulnerabilities as they can be exploited by attackers. Moreover, compatibility issues between third-party software libraries and the software systems that utilizes them arises due to asynchronous updates and negligence of developers. This study will be proposing a method to detect these vulnerabilities. In addition, there will be a discussion on the level of third-party library dependency issues or how much software systems in the market are dependent on third party software libraries and the effort needed to detect, prevent, or mitigate these issues. The proposed method to detect vulnerabilities, will be applied to 15 open-source projects written in Python with respect to 3 different software libraries. In this study, it is detected that there is a high level of third-party library dependency issue due to relatively high amount of application programming interface (API) calls made by open-source projects. It is also observed that the size of a project has no influence on the number of API calls made to the third-party software libraries. It is observed that the increase reliance on third-party software libraries calls for a need to increase the focus on detecting security vulnerabilities caused by these libraries. Developers that utilize these software libraries are urged to put in a conscientious effort to mitigate these threats as they are potentially harmful and can have a big impact to their software systems.||URI:||https://hdl.handle.net/10356/156369||Fulltext Permission:||restricted||Fulltext Availability:||With Fulltext|
|Appears in Collections:||SCSE Student Reports (FYP/IA/PA/PI)|
Files in This Item:
|846.43 kB||Adobe PDF||View/Open|
Updated on May 17, 2022
Updated on May 17, 2022
Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.