Guardado en:
Detalles Bibliográficos
Autores principales: Patrick, Cadence, Ruth, Kimberly, Durumeric, Zakir
Formato: Preprint
Publicado: 2024
Materias:
Acceso en línea:https://arxiv.org/abs/2404.11763
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
_version_ 1866916211820855296
author Patrick, Cadence
Ruth, Kimberly
Durumeric, Zakir
author_facet Patrick, Cadence
Ruth, Kimberly
Durumeric, Zakir
contents Open-source software (OSS) supply chain security has become a topic of concern for organizations. Patching an OSS vulnerability can require updating other dependent software products in addition to the original package. However, the landscape of OSS dependencies is not well explored: we do not know what packages are most critical to patch, hindering efforts to improve OSS security where it is most needed. There is thus a need to understand OSS usage in major software and device makers' products. Our work takes a first step toward closing this knowledge gap. We investigate published OSS dependency information for 108 major software and device makers, cataloging how available and how detailed this information is and identifying the OSS packages that appear the most frequently in our data.
format Preprint
id arxiv_https___arxiv_org_abs_2404_11763
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle The Code the World Depends On: A First Look at Technology Makers' Open Source Software Dependencies
Patrick, Cadence
Ruth, Kimberly
Durumeric, Zakir
Software Engineering
Cryptography and Security
Open-source software (OSS) supply chain security has become a topic of concern for organizations. Patching an OSS vulnerability can require updating other dependent software products in addition to the original package. However, the landscape of OSS dependencies is not well explored: we do not know what packages are most critical to patch, hindering efforts to improve OSS security where it is most needed. There is thus a need to understand OSS usage in major software and device makers' products. Our work takes a first step toward closing this knowledge gap. We investigate published OSS dependency information for 108 major software and device makers, cataloging how available and how detailed this information is and identifying the OSS packages that appear the most frequently in our data.
title The Code the World Depends On: A First Look at Technology Makers' Open Source Software Dependencies
topic Software Engineering
Cryptography and Security
url https://arxiv.org/abs/2404.11763