Known Vulnerabilities of Open Source Projects: Where Are the Fixes?

Antonino Sabetta; Serena Elisa Ponta; Rocio Cabrera Lozoya; Michele Bezzi; Tommaso Sacchetti; Matteo Greco; Gergo Balogh; Peter Hegedus; Rudolf Ferenc; Ranindya Paramitha; Ivan Pashchenko; Aurora Papotti; Akos Milankovich; Fabio Massacci

doi:10.1109/MSEC.2023.3343836

Known Vulnerabilities of Open Source Projects: Where Are the Fixes?

Antonino Sabetta, Serena Elisa Ponta, Rocio Cabrera Lozoya, Michele Bezzi, Tommaso Sacchetti, Matteo Greco, Gergo Balogh, Peter Hegedus, Rudolf Ferenc, Ranindya Paramitha, Ivan Pashchenko, Aurora Papotti, Akos Milankovich, Fabio Massacci

Research output: Contribution to Journal › Article › Academic › peer-review

Abstract

Every day, developers have the daunting task of tracing vulnerabilities back in a morass of commits. In this article, we report the experience of the industrial open source tool, Prospector, to support developers in this task.

Original language	English
Pages (from-to)	49-59
Number of pages	11
Journal	IEEE Security and Privacy
Volume	22
Issue number	2
Early online date	5 Jan 2024
DOIs	https://doi.org/10.1109/MSEC.2023.3343836
Publication status	Published - Apr 2024

Bibliographical note

Publisher Copyright:
© 2003-2012 IEEE.

Funding

This work was partially supported by EU-funded projects Sec4AI4Sec (Grant 101120393) and AssureMoss (Grant 952647) and NWO-funded project Theseus (Grant NWA.121518006). Antonino Sabetta would like to thank Henrik Plate, Bonaventura Coppola, Daan Hommersom, Damian A. Tamburri, and Dario Di Nucci for insightful discussions.

Funders	Funder number
European Commission	101120393
AssureMoss	952647
NWO-funded	NWA.121518006

Access to Document

10.1109/MSEC.2023.3343836

Persistent URL (handle)

Persistent link

Cite this

@article{50c17a22bf654af5bd00b6dbd60622d3,

title = "Known Vulnerabilities of Open Source Projects: Where Are the Fixes?",

abstract = "Every day, developers have the daunting task of tracing vulnerabilities back in a morass of commits. In this article, we report the experience of the industrial open source tool, Prospector, to support developers in this task.",

author = "Antonino Sabetta and Ponta, {Serena Elisa} and {Cabrera Lozoya}, Rocio and Michele Bezzi and Tommaso Sacchetti and Matteo Greco and Gergo Balogh and Peter Hegedus and Rudolf Ferenc and Ranindya Paramitha and Ivan Pashchenko and Aurora Papotti and Akos Milankovich and Fabio Massacci",

note = "Publisher Copyright: {\textcopyright} 2003-2012 IEEE.",

year = "2024",

month = apr,

doi = "10.1109/MSEC.2023.3343836",

language = "English",

volume = "22",

pages = "49--59",

journal = "IEEE Security and Privacy",

issn = "1540-7993",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "2",

}

TY - JOUR

T1 - Known Vulnerabilities of Open Source Projects

T2 - Where Are the Fixes?

AU - Sabetta, Antonino

AU - Ponta, Serena Elisa

AU - Cabrera Lozoya, Rocio

AU - Bezzi, Michele

AU - Sacchetti, Tommaso

AU - Greco, Matteo

AU - Balogh, Gergo

AU - Hegedus, Peter

AU - Ferenc, Rudolf

AU - Paramitha, Ranindya

AU - Pashchenko, Ivan

AU - Papotti, Aurora

AU - Milankovich, Akos

AU - Massacci, Fabio

PY - 2024/4

Y1 - 2024/4

N2 - Every day, developers have the daunting task of tracing vulnerabilities back in a morass of commits. In this article, we report the experience of the industrial open source tool, Prospector, to support developers in this task.

AB - Every day, developers have the daunting task of tracing vulnerabilities back in a morass of commits. In this article, we report the experience of the industrial open source tool, Prospector, to support developers in this task.

UR - http://www.scopus.com/inward/record.url?scp=85182367700&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85182367700&partnerID=8YFLogxK

U2 - 10.1109/MSEC.2023.3343836

DO - 10.1109/MSEC.2023.3343836

M3 - Article

AN - SCOPUS:85182367700

SN - 1540-7993

VL - 22

SP - 49

EP - 59

JO - IEEE Security and Privacy

JF - IEEE Security and Privacy

IS - 2

ER -

Known Vulnerabilities of Open Source Projects: Where Are the Fixes?

Abstract

Bibliographical note

Funding

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this