{"id":"https://openalex.org/W4409052689","doi":"https://doi.org/10.1007/s10664-025-10638-w","title":"Securing dependencies: A comprehensive study of Dependabot\u2019s impact on vulnerability mitigation","display_name":"Securing dependencies: A comprehensive study of Dependabot\u2019s impact on vulnerability mitigation","publication_year":2025,"publication_date":"2025-03-31","ids":{"openalex":"https://openalex.org/W4409052689","doi":"https://doi.org/10.1007/s10664-025-10638-w"},"language":"en","primary_location":{"id":"doi:10.1007/s10664-025-10638-w","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10664-025-10638-w","pdf_url":null,"source":{"id":"https://openalex.org/S109852484","display_name":"Empirical Software Engineering","issn_l":"1382-3256","issn":["1382-3256","1573-7616"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Empirical Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1007/s10664-025-10638-w","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5034158478","display_name":"Hamid Mohayeji","orcid":"https://orcid.org/0000-0002-9434-4618"},"institutions":[{"id":"https://openalex.org/I83019370","display_name":"Eindhoven University of Technology","ror":"https://ror.org/02c2kyt77","country_code":"NL","type":"education","lineage":["https://openalex.org/I83019370"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Hamid Mohayeji","raw_affiliation_strings":["Eindhoven University of Technology, Department of Mathematics and Computer Science, Eindhoven, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Eindhoven University of Technology, Department of Mathematics and Computer Science, Eindhoven, The Netherlands","institution_ids":["https://openalex.org/I83019370"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5092452054","display_name":"Andrei Agaronian","orcid":null},"institutions":[{"id":"https://openalex.org/I83019370","display_name":"Eindhoven University of Technology","ror":"https://ror.org/02c2kyt77","country_code":"NL","type":"education","lineage":["https://openalex.org/I83019370"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Andrei Agaronian","raw_affiliation_strings":["Eindhoven University of Technology, Department of Mathematics and Computer Science, Eindhoven, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Eindhoven University of Technology, Department of Mathematics and Computer Science, Eindhoven, The Netherlands","institution_ids":["https://openalex.org/I83019370"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061728632","display_name":"Eleni Constantinou","orcid":"https://orcid.org/0000-0002-4242-2581"},"institutions":[{"id":"https://openalex.org/I34771391","display_name":"University of Cyprus","ror":"https://ror.org/02qjrjx09","country_code":"CY","type":"education","lineage":["https://openalex.org/I34771391"]}],"countries":["CY"],"is_corresponding":false,"raw_author_name":"Eleni Constantinou","raw_affiliation_strings":["University of Cyprus, Nicosia, Cyprus"],"affiliations":[{"raw_affiliation_string":"University of Cyprus, Nicosia, Cyprus","institution_ids":["https://openalex.org/I34771391"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083686418","display_name":"Nicola Zannone","orcid":"https://orcid.org/0000-0002-9081-5996"},"institutions":[{"id":"https://openalex.org/I83019370","display_name":"Eindhoven University of Technology","ror":"https://ror.org/02c2kyt77","country_code":"NL","type":"education","lineage":["https://openalex.org/I83019370"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Nicola Zannone","raw_affiliation_strings":["Eindhoven University of Technology, Department of Mathematics and Computer Science, Eindhoven, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Eindhoven University of Technology, Department of Mathematics and Computer Science, Eindhoven, The Netherlands","institution_ids":["https://openalex.org/I83019370"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5054753279","display_name":"Alexander Serebrenik","orcid":"https://orcid.org/0000-0002-1418-0095"},"institutions":[{"id":"https://openalex.org/I83019370","display_name":"Eindhoven University of Technology","ror":"https://ror.org/02c2kyt77","country_code":"NL","type":"education","lineage":["https://openalex.org/I83019370"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Alexander Serebrenik","raw_affiliation_strings":["Eindhoven University of Technology, Department of Mathematics and Computer Science, Eindhoven, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Eindhoven University of Technology, Department of Mathematics and Computer Science, Eindhoven, The Netherlands","institution_ids":["https://openalex.org/I83019370"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5034158478"],"corresponding_institution_ids":["https://openalex.org/I83019370"],"apc_list":{"value":2290,"currency":"EUR","value_usd":2890},"apc_paid":{"value":2290,"currency":"EUR","value_usd":2890},"fwci":1.4394,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.80739406,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":"30","issue":"3","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9950000047683716,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9950000047683716,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9925000071525574,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.991599977016449,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5620825886726379},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.47747802734375},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.42858511209487915},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.404003769159317},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.09438562393188477}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5620825886726379},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.47747802734375},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.42858511209487915},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.404003769159317},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.09438562393188477},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/s10664-025-10638-w","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10664-025-10638-w","pdf_url":null,"source":{"id":"https://openalex.org/S109852484","display_name":"Empirical Software Engineering","issn_l":"1382-3256","issn":["1382-3256","1573-7616"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Empirical Software Engineering","raw_type":"journal-article"},{"id":"pmh:oai:pure.tue.nl:openaire_cris_publications/e0fb0022-3105-48d8-9fce-664caf523085","is_oa":true,"landing_page_url":"https://research.tue.nl/en/publications/e0fb0022-3105-48d8-9fce-664caf523085","pdf_url":"https://pure.tue.nl/ws/files/353896717/Dependabot_Journal_Extension.pdf","source":{"id":"https://openalex.org/S4406922641","display_name":"TU/e Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Mohayeji Nasrabadi, H, Agaronian, A E, Constantinou, E, Zannone, N & Serebrenik, A 2025, 'Securing Dependencies : A Comprehensive Study of Dependabot\u2019s Impact on Vulnerability Mitigation', Empirical Software Engineering, vol. 30, no. 3, 89. https://doi.org/10.1007/s10664-025-10638-w","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"doi:10.1007/s10664-025-10638-w","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10664-025-10638-w","pdf_url":null,"source":{"id":"https://openalex.org/S109852484","display_name":"Empirical Software Engineering","issn_l":"1382-3256","issn":["1382-3256","1573-7616"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Empirical Software Engineering","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":79,"referenced_works":["https://openalex.org/W1555168845","https://openalex.org/W1730782591","https://openalex.org/W1792587773","https://openalex.org/W1974828111","https://openalex.org/W2031648200","https://openalex.org/W2074875351","https://openalex.org/W2076646346","https://openalex.org/W2077229393","https://openalex.org/W2079395076","https://openalex.org/W2084148884","https://openalex.org/W2092615763","https://openalex.org/W2103260577","https://openalex.org/W2110065044","https://openalex.org/W2140952846","https://openalex.org/W2146900159","https://openalex.org/W2151570219","https://openalex.org/W2182214061","https://openalex.org/W2386192529","https://openalex.org/W2405322182","https://openalex.org/W2480965226","https://openalex.org/W2524449277","https://openalex.org/W2532717356","https://openalex.org/W2548749170","https://openalex.org/W2559885217","https://openalex.org/W2603712331","https://openalex.org/W2614073125","https://openalex.org/W2735681515","https://openalex.org/W2765843494","https://openalex.org/W2767231363","https://openalex.org/W2789570312","https://openalex.org/W2801591443","https://openalex.org/W2888777960","https://openalex.org/W2894709451","https://openalex.org/W2899117127","https://openalex.org/W2913480795","https://openalex.org/W2921999452","https://openalex.org/W2944614079","https://openalex.org/W2953686539","https://openalex.org/W2954184070","https://openalex.org/W2962971223","https://openalex.org/W2963748706","https://openalex.org/W2963923573","https://openalex.org/W3030678230","https://openalex.org/W3036270494","https://openalex.org/W3048508766","https://openalex.org/W3087802366","https://openalex.org/W3088691441","https://openalex.org/W3094949573","https://openalex.org/W3104970816","https://openalex.org/W3106855263","https://openalex.org/W3108926370","https://openalex.org/W3121596715","https://openalex.org/W3121617129","https://openalex.org/W3150814957","https://openalex.org/W3159300567","https://openalex.org/W3172189288","https://openalex.org/W3177321543","https://openalex.org/W3178601679","https://openalex.org/W3180903877","https://openalex.org/W3206246417","https://openalex.org/W4214821270","https://openalex.org/W4221145571","https://openalex.org/W4225163285","https://openalex.org/W4244325127","https://openalex.org/W4244548826","https://openalex.org/W4256420017","https://openalex.org/W4281772577","https://openalex.org/W4283012911","https://openalex.org/W4286530315","https://openalex.org/W4293241248","https://openalex.org/W4309529433","https://openalex.org/W4312345967","https://openalex.org/W4313549796","https://openalex.org/W4319459165","https://openalex.org/W4379014622","https://openalex.org/W4384026578","https://openalex.org/W4386475806","https://openalex.org/W4392347631","https://openalex.org/W6644800486"],"related_works":["https://openalex.org/W1883246888","https://openalex.org/W2370114625","https://openalex.org/W1756374135","https://openalex.org/W2062873522","https://openalex.org/W2947584067","https://openalex.org/W2280562859","https://openalex.org/W230721595","https://openalex.org/W3157230915","https://openalex.org/W1496728123","https://openalex.org/W2789975780"],"abstract_inverted_index":{"Abstract":[0],"The":[1],"growing":[2],"use":[3],"of":[4,73,117,128,137,140],"third-party":[5],"libraries":[6,19],"in":[7,17,86,153,169,229,246],"software":[8],"development":[9],"poses":[10],"a":[11,39,57,134,158,203],"hidden":[12],"security":[13,63,84,95,129,167,194,204,226,240],"risk,":[14],"as":[15,49],"vulnerabilities":[16,77,168],"these":[18,36],"can":[20],"easily":[21],"spread":[22],"to":[23,69,94,143,192,201,225],"dependent":[24],"applications.":[25],"Project":[26],"maintainers":[27],"must":[28],"remain":[29],"vigilant":[30],"regarding":[31],"updates":[32,96,173],"and":[33,64,102,119,186],"patches":[34],"for":[35,165],"external":[37],"libraries,":[38],"responsibility":[40],"that":[41,61,181],"is":[42,152],"facilitated":[43],"by":[44,98,163,238],"automated":[45],"tools,":[46,123],"also":[47,108],"known":[48],"bots":[50],".":[51],"This":[52,213],"study":[53],"centers":[54],"on":[55,75,161],"Dependabot,":[56],"widely":[58],"adopted":[59],"bot":[60],"offers":[62],"version":[65],"updates.":[66,130,195],"We":[67,89,107,179],"aim":[68],"scrutinize":[70],"the":[71,115,125,138,210,232],"impact":[72],"Dependabot":[74,99,151,162],"mitigating":[76],"arising":[78],"from":[79],"dependencies,":[80,170],"preventing":[81],"potential":[82],"prolonged":[83],"issues":[85],"open-source":[87],"software.":[88],"investigate":[90],"how":[91,111,145],"developers":[92,164,198],"react":[93],"provided":[97],"within":[100,177],"engineered":[101],"actively":[103],"maintained":[104],"JavaScript":[105],"projects.":[106],"delve":[109],"into":[110],"project":[112],"attributes,":[113],"including":[114],"integration":[116,121],"tests":[118,185],"continuous":[120],"(CI)":[122],"influence":[124],"acceptance":[126],"rate":[127],"Additionally,":[131],"we":[132],"perform":[133],"detailed":[135],"analysis":[136],"lifespan":[139],"each":[141],"vulnerability":[142],"demonstrate":[144],"they":[146,206],"are":[147,189,235],"dealt":[148],"with":[149,171,184],"when":[150,197],"use.":[154],"Our":[155],"findings":[156],"reveal":[157],"significant":[159],"reliance":[160],"managing":[166],"most":[172],"being":[174],"merged":[175],"swiftly":[176],"days.":[178],"find":[180],"projects":[182,224],"equipped":[183],"CI":[187],"tools":[188],"more":[190],"likely":[191],"merge":[193,202],"Conversely,":[196],"opt":[199],"not":[200],"update,":[205],"often":[207],"manually":[208],"address":[209],"identified":[211],"vulnerability.":[212],"manual":[214,233],"approach,":[215],"however,":[216],"could":[217],"span":[218],"over":[219],"several":[220],"months,":[221],"potentially":[222,236],"exposing":[223],"risks.":[227],"Crucially,":[228],"many":[230],"instances,":[231],"fixes":[234],"inspired":[237],"earlier":[239],"updates,":[241],"underscoring":[242],"Dependabot\u2019s":[243],"pivotal":[244],"role":[245],"safeguarding":[247],"dependencies.":[248]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-04-06T07:47:59.780226","created_date":"2025-04-02T00:00:00"}