2017
DOI: 10.1007/s10664-017-9521-5
|View full text |Cite
|
Sign up to set email alerts
|

Do developers update their library dependencies?

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

5
154
2

Year Published

2018
2018
2023
2023

Publication Types

Select...
4
3
1

Relationship

0
8

Authors

Journals

citations
Cited by 265 publications
(161 citation statements)
references
References 30 publications
5
154
2
Order By: Relevance
“…They examined 133K websites and found that 37% of these websites use at least one library with a known vulnerability. Kula et al [15] investigated 4,659 GitHub projects and more than 850K library dependency migrations to find developer responsiveness to existing security awareness mechanisms. They found that developers do not tend to update third-party libraries, especially to fix vulnerabilities, while 81.5% of the studied systems remain with outdated dependencies.…”
Section: Security Vulnerabilitiesmentioning
confidence: 99%
“…They examined 133K websites and found that 37% of these websites use at least one library with a known vulnerability. Kula et al [15] investigated 4,659 GitHub projects and more than 850K library dependency migrations to find developer responsiveness to existing security awareness mechanisms. They found that developers do not tend to update third-party libraries, especially to fix vulnerabilities, while 81.5% of the studied systems remain with outdated dependencies.…”
Section: Security Vulnerabilitiesmentioning
confidence: 99%
“…Code samples are not frozen projects, but they should be updated over time. Changes are commonly performed to follow recent framework versions, otherwise the code samples become out of date and less attractive to the clients [11], [14]- [17]. Indeed, this practice is often performed by Android and SpringBoot code samples, but much faster in the latter.…”
Section: Discussionmentioning
confidence: 99%
“…Because Maven artifacts are immutable, all the versions of a given library that have been released in Maven Central are always present in the repository. Meanwhile, previous studies have shown that users of a given version do not systematically update their dependency when a new version is released [5], [12], [13]. Consequently, we hypothesize that, at some point in time, multiple versions of a library are actively used.…”
Section: A Research Questionsmentioning
confidence: 93%
“…Library users are free to decide which version to depend on and for how much time. In the long term, these users' decisions determine what are the most popular libraries and versions in the entire software ecosystem [5], [14]. This research question investigates to what extent these decisions lead to the emergence of one or more versions that receive a greater number of usages compared to the other versions.…”
Section: Rq2: How Are the Actively Used Versions Distributed Along Thmentioning
confidence: 99%
See 1 more Smart Citation