Abstract
Developers are known to keep third-party dependencies of their projects outdated even if some of them are affected by known vulnerabilities. In this study we aim to understand why they do so. For this, we conducted 25 semi-structured interviews with developers of both large and small-medium enterprises located in nine countries. All interviews were transcribed, coded, and analyzed according to applied thematic analysis. The results of the study reveal important aspects of developers' practices that should be considered by security researchers and dependency tool developers to improve the security of the dependency management process.
| Original language | English |
|---|---|
| Title of host publication | ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering |
| Subtitle of host publication | Companion Proceedings |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 284-285 |
| Number of pages | 2 |
| ISBN (Electronic) | 9781450371223 |
| DOIs | |
| Publication status | Published - Jun 2020 |
| Event | 42nd ACM/IEEE International Conference on Software Engineering: Companion, ICSE-Companion 2020 - Seoul, Korea, Republic of Duration: 27 Jun 2020 → 19 Jul 2020 |
Conference
| Conference | 42nd ACM/IEEE International Conference on Software Engineering: Companion, ICSE-Companion 2020 |
|---|---|
| Country/Territory | Korea, Republic of |
| City | Seoul |
| Period | 27/06/20 → 19/07/20 |
Funding
This research has been partly funded by the EU under the H2020 Programs H2020-EU.2.1.1-CyberSec4Europe (Grant No. 830929) and the NeCS: European Network for Cyber Security (Grant No. 675320).
| Funders | Funder number |
|---|---|
| European Network for Cyber Security | 675320 |
| Horizon 2020 Framework Programme | 830929 |
| European Commission |