Saved in:
Bibliographic Details
Main Authors: Zeng, Jia, Han, Dan, Zhu, Yaling, Wang, Yangzhong, Weng, Fangchen
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2404.17955
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866929329923948544
author Zeng, Jia
Han, Dan
Zhu, Yaling
Wang, Yangzhong
Weng, Fangchen
author_facet Zeng, Jia
Han, Dan
Zhu, Yaling
Wang, Yangzhong
Weng, Fangchen
contents In the current software development environment, third-party libraries play a crucial role. They provide developers with rich functionality and convenient solutions, speeding up the pace and efficiency of software development. However, with the widespread use of third-party libraries, associated security risks and potential vulnerabilities are increasingly apparent. Malicious attackers can exploit these vulnerabilities to infiltrate systems, execute unauthorized operations, or steal sensitive information, posing a severe threat to software security. Research on third-party libraries in software becomes paramount to address this growing security challenge. Numerous research findings exist regarding third-party libraries' usage, ecosystem, detection, and fortification defenses. Understanding the usage and ecosystem of third-party libraries helps developers comprehend the potential risks they bring and select trustworthy libraries. Third-party library detection tools aid developers in automatically discovering third-party libraries in software, facilitating their management. In addition to detection, fortification defenses are also indispensable. This article profoundly investigates and analyzes this literature, summarizing current research achievements and future development directions. It aims to provide practical and valuable insights for developers and researchers, jointly promoting the healthy development of software ecosystems and better-protecting software from security threats.
format Preprint
id arxiv_https___arxiv_org_abs_2404_17955
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle A Survey of Third-Party Library Security Research in Application Software
Zeng, Jia
Han, Dan
Zhu, Yaling
Wang, Yangzhong
Weng, Fangchen
Software Engineering
In the current software development environment, third-party libraries play a crucial role. They provide developers with rich functionality and convenient solutions, speeding up the pace and efficiency of software development. However, with the widespread use of third-party libraries, associated security risks and potential vulnerabilities are increasingly apparent. Malicious attackers can exploit these vulnerabilities to infiltrate systems, execute unauthorized operations, or steal sensitive information, posing a severe threat to software security. Research on third-party libraries in software becomes paramount to address this growing security challenge. Numerous research findings exist regarding third-party libraries' usage, ecosystem, detection, and fortification defenses. Understanding the usage and ecosystem of third-party libraries helps developers comprehend the potential risks they bring and select trustworthy libraries. Third-party library detection tools aid developers in automatically discovering third-party libraries in software, facilitating their management. In addition to detection, fortification defenses are also indispensable. This article profoundly investigates and analyzes this literature, summarizing current research achievements and future development directions. It aims to provide practical and valuable insights for developers and researchers, jointly promoting the healthy development of software ecosystems and better-protecting software from security threats.
title A Survey of Third-Party Library Security Research in Application Software
topic Software Engineering
url https://arxiv.org/abs/2404.17955