{"id":"https://openalex.org/W3181225367","doi":"https://doi.org/10.1145/3472811","title":"Analyzing the Direct and Transitive Impact of Vulnerabilities onto Different Artifact Repositories","display_name":"Analyzing the Direct and Transitive Impact of Vulnerabilities onto Different Artifact Repositories","publication_year":2021,"publication_date":"2021-07-02","ids":{"openalex":"https://openalex.org/W3181225367","doi":"https://doi.org/10.1145/3472811","mag":"3181225367"},"language":"en","primary_location":{"id":"doi:10.1145/3472811","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3472811","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3472811","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3472811","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5070717468","display_name":"Johannes D\u00fcsing","orcid":"https://orcid.org/0000-0002-9367-2206"},"institutions":[{"id":"https://openalex.org/I200332995","display_name":"TU Dortmund University","ror":"https://ror.org/01k97gp34","country_code":"DE","type":"education","lineage":["https://openalex.org/I200332995"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Johannes D\u00fcsing","raw_affiliation_strings":["Technical University Dortmund, Dortmund, Germany"],"raw_orcid":"https://orcid.org/0000-0002-9367-2206","affiliations":[{"raw_affiliation_string":"Technical University Dortmund, Dortmund, Germany","institution_ids":["https://openalex.org/I200332995"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5027995789","display_name":"Ben Hermann","orcid":"https://orcid.org/0000-0001-9848-2017"},"institutions":[{"id":"https://openalex.org/I200332995","display_name":"TU Dortmund University","ror":"https://ror.org/01k97gp34","country_code":"DE","type":"education","lineage":["https://openalex.org/I200332995"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Ben Hermann","raw_affiliation_strings":["Technical University Dortmund, Dortmund, Germany"],"raw_orcid":"https://orcid.org/0000-0001-9848-2017","affiliations":[{"raw_affiliation_string":"Technical University Dortmund, Dortmund, Germany","institution_ids":["https://openalex.org/I200332995"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5070717468"],"corresponding_institution_ids":["https://openalex.org/I200332995"],"apc_list":null,"apc_paid":null,"fwci":5.1193,"has_fulltext":true,"cited_by_count":28,"citation_normalized_percentile":{"value":0.95551126,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":99},"biblio":{"volume":"3","issue":"4","first_page":"1","last_page":"25"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9937999844551086,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.989799976348877,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8081741333007812},{"id":"https://openalex.org/keywords/dependency-graph","display_name":"Dependency graph","score":0.8022395372390747},{"id":"https://openalex.org/keywords/artifact","display_name":"Artifact (error)","score":0.7892497181892395},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5917962789535522},{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.57557213306427},{"id":"https://openalex.org/keywords/dependency","display_name":"Dependency (UML)","score":0.546044647693634},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5251818895339966},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.4972675144672394},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.48673510551452637},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.48008185625076294},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.46356189250946045},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.4492815136909485},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.41729187965393066},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.4021623730659485},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.22816675901412964},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.22278201580047607},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.1322174370288849},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.128250390291214},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.10825946927070618},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.09376177191734314},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.09070467948913574}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8081741333007812},{"id":"https://openalex.org/C16311509","wikidata":"https://www.wikidata.org/wiki/Q4148050","display_name":"Dependency graph","level":3,"score":0.8022395372390747},{"id":"https://openalex.org/C2779010991","wikidata":"https://www.wikidata.org/wiki/Q2720909","display_name":"Artifact (error)","level":2,"score":0.7892497181892395},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5917962789535522},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.57557213306427},{"id":"https://openalex.org/C19768560","wikidata":"https://www.wikidata.org/wiki/Q320727","display_name":"Dependency (UML)","level":2,"score":0.546044647693634},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5251818895339966},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.4972675144672394},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.48673510551452637},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.48008185625076294},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.46356189250946045},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4492815136909485},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.41729187965393066},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.4021623730659485},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.22816675901412964},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.22278201580047607},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.1322174370288849},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.128250390291214},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.10825946927070618},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.09376177191734314},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.09070467948913574},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C548081761","wikidata":"https://www.wikidata.org/wiki/Q180388","display_name":"Waste management","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3472811","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3472811","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3472811","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3472811","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3472811","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3472811","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3181225367.pdf","grobid_xml":"https://content.openalex.org/works/W3181225367.grobid-xml"},"referenced_works_count":20,"referenced_works":["https://openalex.org/W19752705","https://openalex.org/W1603939896","https://openalex.org/W1966143594","https://openalex.org/W1989385531","https://openalex.org/W2092615763","https://openalex.org/W2108891710","https://openalex.org/W2168234580","https://openalex.org/W2257787605","https://openalex.org/W2789570312","https://openalex.org/W2947384482","https://openalex.org/W2963748706","https://openalex.org/W3000045849","https://openalex.org/W3040158574","https://openalex.org/W3088691441","https://openalex.org/W3111853352","https://openalex.org/W3121596715","https://openalex.org/W3145959950","https://openalex.org/W3150814957","https://openalex.org/W4233869839","https://openalex.org/W6793546739"],"related_works":["https://openalex.org/W2327631927","https://openalex.org/W2093568763","https://openalex.org/W69297589","https://openalex.org/W1985166372","https://openalex.org/W2003096546","https://openalex.org/W4289354592","https://openalex.org/W2430210575","https://openalex.org/W2165069859","https://openalex.org/W2099112646","https://openalex.org/W2112258778"],"abstract_inverted_index":{"In":[0],"modern-day":[1],"software":[2,9,237],"development,":[3],"a":[4,44,50,87,151,174,195,285,288],"vast":[5],"amount":[6,37],"of":[7,14,38,59,86,205,215,294],"public":[8],"libraries":[10,70,80,277,296],"enable":[11],"the":[12,67,84,163,178,185,189,213,218,225,247,264],"reuse":[13],"existing":[15],"implementations":[16],"for":[17,81,153,177,217,233,268],"reoccurring":[18],"tasks":[19],"and":[20,93,143,172,184,228,236,283],"common":[21],"problems.":[22],"While":[23],"this":[24,130],"practice":[25],"does":[26],"yield":[27],"significant":[28],"benefits":[29],"in":[30,49,104,194,251,287],"productivity,":[31],"it":[32,54],"also":[33],"puts":[34],"an":[35,134,202],"increasing":[36],"responsibility":[39],"on":[40,64,78,129,137,240],"library":[41,51,234,290],"maintainers.":[42],"If":[43],"security":[45,258],"flaw":[46],"is":[47,94,209,254],"contained":[48],"release,":[52],"then":[53],"may":[55,90,275,291],"directly":[56],"affect":[57,292],"thousands":[58,293],"applications":[60],"that":[61,69,102,245,273,284],"are":[62,71,76,118],"depending":[63,77],"it.":[65],"Given":[66],"fact":[68,105],"often":[72,119],"interconnected,":[73],"meaning":[74],"they":[75],"other":[79,295],"certain":[82],"sub-tasks,":[83],"impact":[85,214],"single":[88,289],"vulnerability":[89,141,166,286],"be":[91],"large,":[92],"hard":[95],"to":[96,127,256],"quantify.":[97],"Recent":[98],"studies":[99],"have":[100],"shown":[101],"developers":[103,139,238],"struggle":[106],"with":[107,165,188],"upgrading":[108],"vulnerable":[109],"dependencies,":[110],"despite":[111],"ever-increasing":[112],"support":[113],"by":[114,132],"automated":[115],"tools,":[116],"which":[117,161,208],"publicly":[120],"available.":[121],"With":[122],"our":[123,170,206,241,252],"work,":[124],"we":[125,149,200,223,271],"aim":[126],"improve":[128],"situation":[131],"providing":[133],"in-depth":[135],"analysis":[136,204],"how":[138],"handle":[140],"patches":[142],"dependency":[144,155,281],"upgrades.":[145],"To":[146],"do":[147],"so,":[148],"contribute":[150],"miner":[152],"artifact":[154,179,249],"graphs":[156],"supporting":[157],"different":[158,220],"programming":[159],"platforms,":[160],"annotates":[162],"graph":[164,191,197],"information.":[167],"We":[168,243],"execute":[169],"application":[171],"generate":[173],"data":[175],"set":[176],"repositories":[180],"Maven":[181,261],"Central,":[182],"NuGet.org,":[183,246],"NPM":[186,265],"Registry,":[187],"resulting":[190,226],"being":[192],"stored":[193],"Neo4j":[196],"database.":[198],"Afterwards,":[199],"conduct":[201],"extensive":[203],"data,":[207],"aimed":[210],"at":[211],"understanding":[212],"vulnerabilities":[216,274],"three":[219],"repositories.":[221],"Finally,":[222],"summarize":[224],"risks":[227],"derive":[229],"possible":[230],"mitigation":[231],"strategies":[232],"maintainers":[235],"based":[239],"findings.":[242],"found":[244,272],"smallest":[248],"repository":[250],"sample,":[253],"subject":[255],"fewer":[257],"concerns":[259],"than":[260],"Central":[262],"or":[263],"Registry.":[266],"However,":[267],"all":[269],"repositories,":[270],"influence":[276],"via":[278],"long":[279],"transitive":[280],"chains":[282],"transitively.":[297]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":4}],"updated_date":"2026-05-21T09:19:25.381259","created_date":"2025-10-10T00:00:00"}