{"id":"https://openalex.org/W2126616958","doi":"https://doi.org/10.1109/icsm.2015.7332492","title":"Impact assessment for vulnerabilities in open-source software libraries","display_name":"Impact assessment for vulnerabilities in open-source software libraries","publication_year":2015,"publication_date":"2015-09-01","ids":{"openalex":"https://openalex.org/W2126616958","doi":"https://doi.org/10.1109/icsm.2015.7332492","mag":"2126616958"},"language":"en","primary_location":{"id":"doi:10.1109/icsm.2015.7332492","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icsm.2015.7332492","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IEEE International Conference on Software Maintenance and Evolution (ICSME)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1504.04971","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5064821194","display_name":"Henrik Plate","orcid":"https://orcid.org/0000-0001-8862-3488"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Henrik Plate","raw_affiliation_strings":["SAP Labs France, Mougins, France"],"affiliations":[{"raw_affiliation_string":"SAP Labs France, Mougins, France","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035492762","display_name":"Serena Elisa Ponta","orcid":"https://orcid.org/0000-0002-6208-4743"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Serena Elisa Ponta","raw_affiliation_strings":["SAP Labs France, Mougins, France"],"affiliations":[{"raw_affiliation_string":"SAP Labs France, Mougins, France","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5040107971","display_name":"Antonino Sabetta","orcid":"https://orcid.org/0000-0003-3506-8374"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Antonino Sabetta","raw_affiliation_strings":["SAP Labs France, Mougins, France"],"affiliations":[{"raw_affiliation_string":"SAP Labs France, Mougins, France","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5064821194"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.6581,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.88305705,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"411","last_page":"420"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9958999752998352,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9958999752998352,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.988099992275238,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9776999950408936,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7567336559295654},{"id":"https://openalex.org/keywords/vendor","display_name":"Vendor","score":0.7326352000236511},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6740404367446899},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.6505483388900757},{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.595051646232605},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.5758575201034546},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.5738423466682434},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5727563500404358},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.55572509765625},{"id":"https://openalex.org/keywords/open-source","display_name":"Open source","score":0.5541328191757202},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.5163872838020325},{"id":"https://openalex.org/keywords/code-reuse","display_name":"Code reuse","score":0.48927876353263855},{"id":"https://openalex.org/keywords/application-programming-interface","display_name":"Application programming interface","score":0.4886820614337921},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.46957632899284363},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.4499368667602539},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4172297418117523},{"id":"https://openalex.org/keywords/open-source-software","display_name":"Open source software","score":0.41151612997055054},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.23405718803405762},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.18146339058876038},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.12210908532142639},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.10794928669929504},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.08500629663467407}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7567336559295654},{"id":"https://openalex.org/C2777338717","wikidata":"https://www.wikidata.org/wiki/Q1762621","display_name":"Vendor","level":2,"score":0.7326352000236511},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6740404367446899},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.6505483388900757},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.595051646232605},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.5758575201034546},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.5738423466682434},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5727563500404358},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.55572509765625},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.5541328191757202},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.5163872838020325},{"id":"https://openalex.org/C2778583558","wikidata":"https://www.wikidata.org/wiki/Q771245","display_name":"Code reuse","level":3,"score":0.48927876353263855},{"id":"https://openalex.org/C99613125","wikidata":"https://www.wikidata.org/wiki/Q165194","display_name":"Application programming interface","level":2,"score":0.4886820614337921},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.46957632899284363},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.4499368667602539},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4172297418117523},{"id":"https://openalex.org/C2988343187","wikidata":"https://www.wikidata.org/wiki/Q1130645","display_name":"Open source software","level":3,"score":0.41151612997055054},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.23405718803405762},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.18146339058876038},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.12210908532142639},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.10794928669929504},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.08500629663467407},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C548081761","wikidata":"https://www.wikidata.org/wiki/Q180388","display_name":"Waste management","level":1,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1109/icsm.2015.7332492","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icsm.2015.7332492","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IEEE International Conference on Software Maintenance and Evolution (ICSME)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1504.04971","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1504.04971","pdf_url":"https://arxiv.org/pdf/1504.04971","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"mag:2126616958","is_oa":true,"landing_page_url":"https://arxiv.org/pdf/1504.04971.pdf","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null},{"id":"doi:10.48550/arxiv.1504.04971","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.1504.04971","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article-journal"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1504.04971","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1504.04971","pdf_url":"https://arxiv.org/pdf/1504.04971","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.6700000166893005,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":4,"referenced_works":["https://openalex.org/W1964593071","https://openalex.org/W1999265552","https://openalex.org/W2395464465","https://openalex.org/W6711921865"],"related_works":["https://openalex.org/W2547453611","https://openalex.org/W2807958884","https://openalex.org/W2345645792","https://openalex.org/W112360938","https://openalex.org/W2201424260","https://openalex.org/W2060602490","https://openalex.org/W2226637837","https://openalex.org/W2770697926","https://openalex.org/W3091264151","https://openalex.org/W2141927586","https://openalex.org/W2968544084","https://openalex.org/W1978034799","https://openalex.org/W2186723325","https://openalex.org/W3175218688","https://openalex.org/W1656850777","https://openalex.org/W2589805430","https://openalex.org/W2809397005","https://openalex.org/W2660566245","https://openalex.org/W2789570312","https://openalex.org/W2135191468"],"abstract_inverted_index":{"Software":[0],"applications":[1],"integrate":[2],"more":[3,5],"and":[4,57,84,87,92,124,131,145],"open-source":[6,132],"software":[7],"(OSS)":[8],"to":[9,42,59,100],"benefit":[10],"from":[11],"code":[12,110],"reuse.":[13],"As":[14],"a":[15,68,97,126,142],"drawback,":[16],"each":[17],"vulnerability":[18,46,82],"discovered":[19],"in":[20,49],"bundled":[21],"OSS":[22],"may":[23],"potentially":[24],"affect":[25],"the":[26,32,38,50,55,72,102,107],"application":[27,39,144],"that":[28],"includes":[29],"it.":[30],"Upon":[31],"disclosure":[33],"of":[34,54,71,109],"every":[35],"new":[36],"vulnerability,":[37],"vendor":[40],"has":[41],"assess":[43],"whether":[44,61],"such":[45],"is":[47,88],"exploitable":[48],"particular":[51],"usage":[52],"context":[53],"applications,":[56],"needs":[58],"determine":[60],"customers":[62],"require":[63],"an":[64,121],"urgent":[65],"patch":[66],"containing":[67],"non-vulnerable":[69],"version":[70],"OSS.":[73],"Unfortunately,":[74],"current":[75],"decision":[76],"making":[77],"relies":[78],"mostly":[79],"on":[80,106,138],"natural-language":[81],"descriptions":[83],"expert":[85],"knowledge,":[86],"therefore":[89],"difficult,":[90],"time-consuming,":[91],"error-prone.":[93],"This":[94],"paper":[95],"proposes":[96],"novel":[98],"approach":[99,119],"support":[101],"impact":[103],"assessment":[104],"based":[105],"analysis":[108],"changes":[111],"introduced":[112],"by":[113],"security":[114],"fixes.":[115],"We":[116],"describe":[117],"our":[118,139],"using":[120],"illustrative":[122],"example":[123],"perform":[125],"comparison":[127],"with":[128,141],"both":[129],"proprietary":[130],"state-of-the-art":[133],"solutions.":[134],"Finally":[135],"we":[136],"report":[137],"experience":[140],"sample":[143],"two":[146],"industrial":[147],"development":[148],"projects.":[149]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":1}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2025-10-10T00:00:00"}