{"id":"https://openalex.org/W2903126489","doi":"https://doi.org/10.1109/saner.2019.8668013","title":"On the Relation between Outdated Docker Containers, Severity Vulnerabilities, and Bugs","display_name":"On the Relation between Outdated Docker Containers, Severity Vulnerabilities, and Bugs","publication_year":2019,"publication_date":"2019-02-01","ids":{"openalex":"https://openalex.org/W2903126489","doi":"https://doi.org/10.1109/saner.2019.8668013","mag":"2903126489"},"language":"en","primary_location":{"id":"doi:10.1109/saner.2019.8668013","is_oa":false,"landing_page_url":"https://doi.org/10.1109/saner.2019.8668013","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5056738223","display_name":"Ahmed Zerouali","orcid":"https://orcid.org/0000-0002-2676-3730"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Ahmed Zerouali","raw_affiliation_strings":["UMONS, Belgium"],"affiliations":[{"raw_affiliation_string":"UMONS, Belgium","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060239584","display_name":"Tom Mens","orcid":"https://orcid.org/0000-0003-3636-5020"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tom Mens","raw_affiliation_strings":["UMONS, Belgium"],"affiliations":[{"raw_affiliation_string":"UMONS, Belgium","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061131972","display_name":"Greg\u00f3rio Robles","orcid":"https://orcid.org/0000-0002-1442-6761"},"institutions":[{"id":"https://openalex.org/I4210154262","display_name":"Uriach (Spain)","ror":"https://ror.org/04jfxq686","country_code":"ES","type":"company","lineage":["https://openalex.org/I4210154262"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Gregorio Robles","raw_affiliation_strings":["URJC, Spain"],"affiliations":[{"raw_affiliation_string":"URJC, Spain","institution_ids":["https://openalex.org/I4210154262"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5066580987","display_name":"Jes\u00fas M. Gonz\u00e1lez-Barahona","orcid":"https://orcid.org/0000-0001-9682-460X"},"institutions":[{"id":"https://openalex.org/I4210154262","display_name":"Uriach (Spain)","ror":"https://ror.org/04jfxq686","country_code":"ES","type":"company","lineage":["https://openalex.org/I4210154262"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Jesus M. Gonzalez-Barahona","raw_affiliation_strings":["URJC, Spain"],"affiliations":[{"raw_affiliation_string":"URJC, Spain","institution_ids":["https://openalex.org/I4210154262"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5056738223"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":6.6673,"has_fulltext":false,"cited_by_count":67,"citation_normalized_percentile":{"value":0.97019597,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"491","last_page":"501"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/container","display_name":"Container (type theory)","score":0.892490029335022},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6853594779968262},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6653268933296204},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.6173669099807739},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.569302499294281},{"id":"https://openalex.org/keywords/relation","display_name":"Relation (database)","score":0.5434361696243286},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.45640456676483154},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.32163727283477783},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.2868863344192505},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.23833337426185608},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.1509695053100586},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.1199711263179779}],"concepts":[{"id":"https://openalex.org/C2781018962","wikidata":"https://www.wikidata.org/wiki/Q5164884","display_name":"Container (type theory)","level":2,"score":0.892490029335022},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6853594779968262},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6653268933296204},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.6173669099807739},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.569302499294281},{"id":"https://openalex.org/C25343380","wikidata":"https://www.wikidata.org/wiki/Q277521","display_name":"Relation (database)","level":2,"score":0.5434361696243286},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.45640456676483154},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.32163727283477783},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.2868863344192505},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.23833337426185608},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.1509695053100586},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.1199711263179779},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/saner.2019.8668013","is_oa":false,"landing_page_url":"https://doi.org/10.1109/saner.2019.8668013","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER)","raw_type":"proceedings-article"},{"id":"pmh:oai:orbi.umons.ac.be:20.500.12907/19088","is_oa":false,"landing_page_url":"https://orbi.umons.ac.be/handle/20.500.12907/19088","pdf_url":null,"source":{"id":"https://openalex.org/S7407055454","display_name":"ORBi UMONS","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE International Conference on Software Analysis, Evolution, and Reengineering, Hangzhou, China [CN], 2019","raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320332999","display_name":"Horizon 2020 Framework Programme","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W1574680346","https://openalex.org/W1993114042","https://openalex.org/W2023953679","https://openalex.org/W2037786492","https://openalex.org/W2062567955","https://openalex.org/W2079395076","https://openalex.org/W2121442390","https://openalex.org/W2152759400","https://openalex.org/W2154183829","https://openalex.org/W2296335794","https://openalex.org/W2338720559","https://openalex.org/W2598200822","https://openalex.org/W2605856244","https://openalex.org/W2607296448","https://openalex.org/W2614073125","https://openalex.org/W2735681515","https://openalex.org/W2789570312","https://openalex.org/W2801591443","https://openalex.org/W2903126489","https://openalex.org/W2963923573","https://openalex.org/W3121596715","https://openalex.org/W4256420017","https://openalex.org/W6697144307","https://openalex.org/W6737931128","https://openalex.org/W6751190289","https://openalex.org/W6756857009"],"related_works":["https://openalex.org/W4244478748","https://openalex.org/W2367301169","https://openalex.org/W4223488648","https://openalex.org/W4234874385","https://openalex.org/W2134969820","https://openalex.org/W2251605416","https://openalex.org/W1997222214","https://openalex.org/W2560439919","https://openalex.org/W4287631894","https://openalex.org/W3095596037"],"abstract_inverted_index":{"Packaging":[0],"software":[1,40,130],"into":[2],"containers":[3,67],"is":[4,56,99,158],"becoming":[5],"a":[6,37,84,90],"common":[7],"practice":[8],"when":[9,231],"deploying":[10,30],"services":[11],"in":[12,74,134,141,183],"cloud":[13],"and":[14,29,46,68,70,93,115,136,148,203,219],"other":[15,215],"environments.":[16],"Docker":[17,117,200],"images":[18,118],"are":[19,120,132],"one":[20],"of":[21,39,80,83,106,110,143,160,195,217,223,230],"the":[22,51,63,78,87,94,102,107,123,171,186,193,221],"most":[23,95,103,172],"popular":[24],"container":[25,33,52,59,85,92,97,181,201],"technologies":[26],"for":[27,180],"building":[28],"containers.":[31],"A":[32],"image":[34],"usually":[35],"includes":[36],"collection":[38,109],"packages,":[41],"that":[42,49,98,119,155,199],"can":[43,189],"have":[44,151],"bugs":[45,218],"security":[47,146,204],"vulnerabilities":[48,147,166],"affect":[50],"health.":[53],"Our":[54],"goal":[55],"to":[57,185,191,226,232],"support":[58],"deployers":[60,163,228],"by":[61,211],"analysing":[62],"relation":[64],"between":[65,89],"outdated":[66],"vulnerable":[69],"buggy":[71],"packages":[72,131],"installed":[73,133],"them.":[75],"We":[76,150,175,197],"use":[77],"concept":[79],"technical":[81,139,224],"lag":[82,140,225],"as":[86],"difference":[88],"given":[91],"up-to-date":[96],"possible":[100],"with":[101],"recent":[104,173],"releases":[105],"same":[108],"packages.":[111,174],"For":[112],"7,380":[113],"official":[114],"community":[116],"based":[121],"on":[122],"Debian":[124],"Linux":[125],"distribution,":[126],"we":[127],"identify":[128],"which":[129],"them":[135],"measure":[137],"their":[138,209],"terms":[142],"version":[144],"updates,":[145],"bugs.":[149],"found,":[152],"among":[153],"others,":[154],"no":[156],"release":[157],"devoid":[159],"vulnerabilities,":[161],"so":[162],"cannot":[164],"avoid":[165],"even":[167],"if":[168],"they":[169,188],"deploy":[170],"offer":[176,227],"some":[177],"lessons":[178],"learned":[179],"developers":[182],"regard":[184],"strategies":[187],"follow":[190],"minimize":[192],"number":[194],"vulnerabilities.":[196],"argue":[198],"scan":[202],"management":[205],"tools":[206],"should":[207],"improve":[208],"platforms":[210],"adding":[212],"data":[213],"about":[214],"kinds":[216],"include":[220],"measurement":[222],"information":[229],"update.":[233]},"counts_by_year":[{"year":2025,"cited_by_count":11},{"year":2024,"cited_by_count":8},{"year":2023,"cited_by_count":13},{"year":2022,"cited_by_count":9},{"year":2021,"cited_by_count":10},{"year":2020,"cited_by_count":11},{"year":2019,"cited_by_count":5}],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-10-10T00:00:00"}