Name
Abstract | ||
|---|---|---|
Modern software systems often make use of third-party components to speed-up development and reduce maintenance costs. In return, developers need to update to new releases of these dependencies to avoid, for example, security and compatibility risks. In practice, prioritizing these updates is difficult because the use of outdated dependencies is often opaque. In this paper we aim to make this concept more transparent by introducing metrics to quantify the use of recent versions of dependencies, i.e. the system's "dependency freshness".
We propose and investigate a system-level metric based on an industry benchmark. We validate the usefulness of the metric using interviews, analyze the variance of the metric through time, and investigate the relationship between outdated dependencies and security vulnerabilities. The results show that the measurements are considered useful, and that systems using outdated dependencies four times as likely to have security issues as opposed to systems that are up-to-date.
|
Year | DOI | Venue |
|---|---|---|
2015 | 10.1109/ICSE.2015.140 | ICSE |
Keywords | Field | DocType |
software metrics,software maintenance | Software engineering,Software analytics,Computer science,Software security assurance,Software system,Backporting,Software maintenance,Software metric,Dependency hell,Software development | Conference |
Volume | ISSN | ISBN |
2 | 0270-5257 | 978-1-4799-1934-5 |
Citations | PageRank | References |
14 | 0.70 | 26 |
Authors | ||
4 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Joel Cox | 1 | 14 | 0.70 |
| Eric Bouwers | 2 | 95 | 9.51 |
| marko c j d van eekelen | 3 | 239 | 30.37 |
| Joost Visser | 4 | 1626 | 103.27 |