Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Vulnerability Management of Open-Source Libraries
Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
2023 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Background: The proliferation of using open-source libraries in software development has brought numerous benefits, including access to a wide range of reusable code and collaborating with a global community of developers. However, this increased reliance on third-party code also introduces new security risks in the form of vulnerabilities that malicious actors can exploit. Vulnerability management, the process of identifying, Accessing, and mitigating vulnerabilities, is crucial in ensuring the security and reliability of open-source libraries.

Objectives: This thesis aims to investigate the vulnerability management process of open-source libraries used by an organization and compare it with what is suggested in the literature.

Methods: This study uses Rapid reviews to understand the vulnerability management process mentioned in the literature and a case study to investigate the vulnerability management process in the organization.

Results. This study’s results indicate many similarities in the organization’s process and literature suggestions. The organization uses a tool to identify, assess, and migrate to the latest stable version to mitigate the vulnerabilities. There are a few differences in the process compared with literature suggestions. Literature suggests anticipating threats, estimating migration efforts, assessing reachability, and integrating SCA(Software Composition Analysis) tools in the development workflow. The vulnerability management process requires constant attention and effort as new vulnerabilities are discovered daily. The interviews with the developers discovered challenges faced in the process.

Conclusions. The results of our study indicate that the practices and suggestions in the literature may not be suitable for every organization. Every organization has its own set of requirements and restraints, which must be considered while implementing any practices. The differences and challenges identified in this study are potential improvement areas.

Place, publisher, year, edition, pages
2023. , p. 70
Keywords [en]
vulnerability management, software security, open-source software.
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:bth-24333OAI: oai:DiVA.org:bth-24333DiVA, id: diva2:1741037
Subject / course
PA2534 Master's Thesis (120 credits) in Software Engineering
Educational program
PAADA Master Qualification Plan in Software Engineering 120,0 hp
Supervisors
Examiners
Available from: 2023-03-02 Created: 2023-03-02 Last updated: 2023-03-02Bibliographically approved

Open Access in DiVA

Vulnerability Management of Open-Source Libraries(797 kB)358 downloads
File information
File name FULLTEXT02.pdfFile size 797 kBChecksum SHA-512
ac50e4d68a6daf25d39e65c1ce05481c9496c8502f270db72c4699fe977ad455af246ff189045ec2d7566bf8466341b9f64ce84abb5f338066ec5a1fb11f42b6
Type fulltextMimetype application/pdf

By organisation
Department of Software Engineering
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 358 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 582 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf